INDICATOR-OBFUSCATION -- Snort detected a system behavior that suggests the system has been affected by malware. That behavior is known as an Indicator of Compromise (IOC). The symptoms could be a wide range of behaviors, from a suspicious file name to an unusual use of a utility. Symptoms do not guarantee an infection; your network configuration may not be affected by malware, but showing indicators as a result of a normal function. This alert specifically refers to a method of disguising code, known as obfuscation. Obfuscation methods are used to perform innocent convenience tasks (for instance, Javascript used to condense Jquery scripts, or a compiler using obfuscation to protect the full code for NDA reasons), or it could be used to hide an attack.
INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution
This event is generated when javascript code is detected within an iframe on any HTTP ports Impact: Attempted User Privilege Gain Details: This is solely looking for javascript embedded within an iframe. Ease of Attack: simple
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2005-1476 |
Loading description |
CVE-2008-2939 |
Loading description |