YontooInstallID: suspicious iframes,hidden divs and scripts

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Domeees, Apr 28, 2012.

  1. Domeees

    Domeees Private E-2

    Hello. When I open some internet site and run it through firebug to view the source code. Some additional divs and scripts display there.


    I can see this in the source code of any site. The code is always different but in a way similar.
    Code:
    <script type="text/javascript" src="http://cdn1.certified-apps.com/scripts/shared/enable.js?si=26525&sd=2012-3-16">
    <div id="_GPL_e6a00_div" style="position: absolute;">
    <div id="YontooLocationStore2" style="display: none;">http://pixel-expression.com/freelance/index.php?todo=login</div>
    <div id="dropdowndeals" class="yontoolayerwidget" style="left: 1200px; top: 0px; text-align: left; vertical-align: top; width: 155px; height: 1px; line-height: 0px; z-index: 2147483647; position: fixed;">
    <div id="TopRelatedTopics" class="yontoolayerwidget" style="left: 0px; top: 0px; text-align: left; vertical-align: top; width: 0px; height: 0px; position: absolute;"></div>
    <div id="TBTMySuperCheap" class="yontoolayerwidget" style="left: 0px; top: 0px; text-align: left; vertical-align: top; width: 1px; height: 1px; position: absolute;">
    <div id="YontooInstallID" style="display: none;">5a4533fc-84f7-4c12-a69a-adcae8b0115c</div>
    
    <!- *****Even if I view the source code of local site, i can see this.****** -->
    
    <script type="text/javascript" src="http://cdn1.certified-apps.com/scripts/shared/enable.js?si=26525&sd=2012-3-16">
    <div id="YontooInstallID" style="display: none;">5a4533fc-84f7-4c12-a69a-adcae8b0115c</div>
    
    
    
    <!- *****Also noticed in header some script that should be there.****** -->
    
    <script type="text/javascript" src="http://www.TopRelatedTopics.com/Extension/TRTExtension.js">
    <script type="text/javascript" src="http://app.mysupercheap.com/scripts/extension.js?d=pixel-expression.com">
     
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Problems like this are really more of a vulnerability issue and not truly malware. How people write their website code, how old/unupdated the software they write it with, and how secure the servers that host it are really the areas to look at. Issues here are commonly referred to as code injection ( see: http://en.wikipedia.org/wiki/Code_injection ) The things we do in this forum are not going to find problems in your code. None of these malware scanners will since they are not design for this purpose.

    You are going to need to have a very good webpage developer check the code for security issues and you need to verify that all software being used has been updated to include all security patches. In addition, you need to make sure that the server hosting the website also has been fully updated.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds