IFrame attack

The reason why this virus comes is only because of the either of the following :

1) You have a weak 7 vulnerable code on your website which is exploited by a hacker.
2) Your ftp password is weak and generally a dictionary word which is cracked by brute force attempts.

How Iframe Virus Works?
The hackers behind this have not actually “hacked” into servers, but are using the Webs OWN programming errors to inject this code into search results pages created by the Web sites OWN internal search engines!

The hacker searches for popular keywords, like “furniture” on the Wal-Mart Web site using its internal search engine. But instead of running a normal search, the (hacker?) adds on an HTML command to the end of his search string. HTML = hyper text markup Language…the stuff we write websites with mainly.
This command then opens up an invisible “iframe” window in the victims browser which then redirects to a malicious Web site, which then (if successful) installs fake antispyware or a version of the “Zlob Trojan Horse” - a malware on the victims (meaning YOU) PC.

And hear this! These (hackers) actually have great Google rankings!!
In order to boost their Google rankings, Web sites often save a copy of these search results and submit them to Google. When a victim searches Google for the keyword, these cached search results then pop up, with the malicious code now inside them.

How the hack is done?
Client side PC infected with virus.
Virus gets FTP username/password from the FTP clients.
Using the username/password, the virus downloads the index files, add iframe code it and re-uploads it.
The iframe code points to the same virus. So, anyone accessing this website gets infected with the same virus, and it uses the FTP username/password to spread again!!!!

Solutions #

1) Ensure that your code is free from such kind of vulnerabilities.
2) Change all the ftp passwords and keep them safe & a combination of alpha + numbers + special characters like ^%$@^#%
3) Before updating the new password in their FTP clients, advise them to do a full system Virus scan with a reliable virus scanner updated with the latest virus definition files.
4) Advise the clients not to save ( remember ) the FTP username/password on FTP clients.

  • 6 Users Found This Useful
Was this answer helpful?

Related Articles

What is the 100BaseT ?

A networking standard that supports data transfer rates up to 100 Mbps (100 megabits per second)....

What is the 10BaseT ?

One of several adaptations of the Ethernet (IEEE 802.3) standard for Local Area Networks (LANs)....

A Record ?

What is the A Record ? A) An A (address) record is a part...

What is the ADSL ?

ADSL = Asymmetric Digital Subscriber Line. A method for...

What is the Anonymous FTP ?

Anonymous File Transfer Protocol allows the public to log into an FTP server with a common login...

Powered by WHMCompleteSolution