Malicious Iframe Injection Attacks
First, this is an iframe exploit. Basically what this means is it embeds an iframe code into your web page(s). It attacks both html and php pages.
Wondering how it was able to attack in the first place? There are two possible ways for this to occur:
1) Your server is compromised
This is the most common way. Some of the websites residing in the same web server as your website may have been compromised and in turn that caused the web server to be compromised. Once the server is compromised, the worm will spread to all the websites on the server.
2) Through your client side FTP
The worm resides in any of the client side PCs you use for accessing the ftp/control panel accounts of your hosting server.
When you type in the username and password for the ftp/control panel account, the worm silently reads the credentials, accesses your ftp account and infects the files in the server. It adds the iframe code to all index.* files.
How to get rid of it? To cover all your bases, ensure you start with your client side computer used to ftp files to your server. You will need to search through each and every file associated with your site and look for the malicious iframe code, remove it, and then save the files. Check all folders that hold images - usually these folders will not have an index file in place. If you see one, remove it. Once you are certain all local files have been cleaned, repeat the same procedure with all files on your server.
Depending on the size of your site, this can be a very tedious task. Ensure you have all your vital information saved - this includes any database information as well as important files. Then, do a complete virus check on your computer to eradicate any further virus attacks.
Published by Susanne Bullo
Accomplished web developer for 15 years. Work: PHP, MySQL, Drupal, OSCommerce, Wordpress, & many other web programs & technologies. Extensive knowledge in server admin/maintenance. Mom of 3 beautiful & brig... View profile
-
How to Add Sharedreviews Referral Banners to MySpace
A simple how to guide to posting your Sharedreviews banner ads on MySpace.
- Click Hijacking: A New Internet Threat Click hijacking is the newest concern of Internet security experts. This exploit puts users personal information at risk.
- First Ever Mac OSX "Virus" One of the biggest benefits of Macs is that they're supposedly "Virus-Free". While this is true to some extent, there has been one documented case of something similar to a virus infecting the Mac OSX system.
- Avian Flu Virus Has the Potential to Spread to Humans Right now people can get the avian flu. But they can't spread it. That may change if researchers are right. Researchers believe that if they virus mutates so that it can live in the respiratory system, it can be sprea...
- Heart Attack Risk Factors and Symptoms You can read what factors and symptoms play a role in detecting an onset of a heart attack.
- HellBound Hackers - a Guide to Beating the Basics
- HTML Basics: Learn to Code in 15 Minutes
- Watercress Fights Cancer
- TheNewsRoom: Get Free Content for Your Website or Blog
- New Therapeutic Vaccine May Offer Hope for Chronic Hepatitis C Patients
- Tips for Developing Facebook Games
- Pancreatic Cancer Action Network Year in Review
|
|
- Identify how your site got attacked
- Remove the offending code
- Other sources of information regarding the iframe attack
3 Comments
Post a CommentBad links have been removed. Thanks Associated Content!
Martin - thank you for letting me know. This must be something rather new on that site. I have to inform AC of this as I'm unable to edit this on my own. I do appreciate the warning!
eisabainyo.net is a malicious site. when you click the link McAfee site advisor pops up an error and then your anti-virus sw screams about blocking a virus. please fix as this hurts credibility of your whole website