Example of an exploit kit panel showing infection stats by browser
One of the features most commonly observed in the html code of this infected websites is the injection of iframe or script tags after the html close tag.
Finding a script or iframe element after the close html tag raises the alarm, and many URLs analysis engines will give high importance to this situation, leading even to false positives for legitimate websites. It has been proved that some well known sites keep this bad habit due to their own ignorance or because of third party widgets.
As long as you can, avoid this bad practice if you don’t want to have an unpleasant surprise.
An exploit pack, better known as exploit kit, is a type of software developed with malicious purposes. It contains several known exploits targeting different applications and may contain as well zero days. The latter are specially appreciated, and make the…
Last 4 December 2009, the Consejo Nacional Consultivo de Cyberseguridad (National Consultative Committee on IT Security, or CNCCS, partially founded by S21sec) together with the Instituto de Tecnologías de la Información y la Comunicación (Institute of Information and Communication Technology,…