What it is

Details are still being suppressed at this point, but it appears to be an IFRAME manipulation used to effectively cover a normal web link with a trusted site that appears good and proper, with a bad one to an attacker site. That is, in its currently disclosed form. The implication is that it could potentially be a lot nastier, maybe even 100% automated. In any case, this attack could conceivably be used for phishing or host exploitation.

Who it affects

Basically, any modern browser which supports IFRAMEs. This includes any reasonably current versions of IE, Firefox/Mozilla, Safari, Flock, Opera, etc. So, pretty much everybody. It doesn’t include browsers which don’t support IFRAMEs, such as lynx or elinks.

How to protect against it

Essentially, the fix will ultimately involve a re-thinking of how browsers (and perhaps web developers) handle IFRAMEs. In the meantime, you can provide yourself at least a modicum of protection by using the NoScript plugin.

1. Download and install Firefox
2. In Firefox, download and install the NoScript plugin
3. Navigate in Firefox to Tools –> Addons
4. Highlight NoScript and click Preferences
5. Click the Plugins tab and make sure “Forbid IFRAME” is checked

Or, you can view our brief video tutorial here.