By: ThreatLabz

Redcross Site Hacked


In this morning's logs I noticed that Zscaler detected malicious content within web-pages. Turns out that the site was a victim of a malicious iFrame injection, and I thought a short post on this would be a good follow-up from Umesh's previous post on hidden malicious iFrames. belongs to the American Red Cross East Shoreline Chapter and is hosted on GoDaddy. Pages infected include:


  • hxxp://
  • hxxp://
  • hxxp://

Screenshot of malicious iFrame:
First stage decode:
Final decode writes iFrame to hxxp://

Fortunately the domain is not currently resolving, so the malicious page is not being pulled - Google results show that it had hosted a Adobe Acrobat PDF Reader exploit. Notifications are being sent to Redcross and GoDaddy.


Learn more about Zscaler.