Unfortunately, the (in)secure iranian government and criticial websites are still highly vulnerablle to malware attacks .
I'm not still sure about this one, 'cuze of the time I've been spended.
it's a link to the maskan-bank, you can click here to see what I mean .
you would like to do such a thing like calculation of something related to your payment.
well, it's really this one and when you go to the above link in fact you're talking to this link .
well, you maybe heared about the some dangerous attacks from various places which is known to the people which is affected before this report .
some website / pages and other web based places is vulnerable to known web application attacks such as Xss (Cross site scripting) and SQL Injection (the most known vulnerability) .
as you may expect, yes, it's exactly what I want to say, another malicious pages can be loaded into your vulnerable website pages, consider your website PHP pages maybe vulnerable to SQL Injection attacks, if there's an automated tool which scans for malicious pages and affect them then it's possible to infect other web pages .
so, Is there any kind of web based worms which can do such a thing?
the answer is yes, nowadays this attack is common and can affect any page even secure web pages !
well, when you go to the link and want do some calculations, then you will be redirected to a page which is malicious .
there's various kinds of malwares which can affect the Client browser, exploits / viruses are just a few of them and it seems this one is a web based virus .
well finally all the attacks are from this jScript page.
further analysis will be post here as soon as possible about this attack .
any feedback !?