The ICWAI webpage http://www.icwai.org/icwai/docs/syllabus/cmainter.htm was found to be infected with a malicious 0 pixel iFrame. Injecting iFrames into legitimate websites has become an extremely common attack vector.
Screen-shot of the affected page:
Screen-shot of the source code :
The injected link no longer serves malware as the domain has been taken offline. The fact that the ICWAI page still contains the injected iFrame suggests that the injection vulnerability that led to the attack, may still be exposed and could lead to additional infections. Zscaler has informed ICWAI of this infection.
Screen-shot of hxxp://toneandpulse.com/check/versionl.php?t=676, the injected URL:
Fortunately, this domain has been added to the Google Safe Browsing block list. Online searches reveal information providing a clear indication that the “toneandpulse.com” domain has been used in various malware campaigns. A report from ThreatExpert shows that some of the links on this domain have been used to serve a known Trojan.
This is yet another example of the poor level of web application security, which is allowing attackers to infect legitimate, web sites with minimal effort.