iFrame Injection

Discussion in 'Malware Help (A Specialist Will Reply)' started by saima, Sep 7, 2009.

  1. saima

    saima Private E-2

    My website was recently attacked by <iframe> injections. As a result Google put it into the list of suspicious websites. On searching the internet and inquiring from my webhost, I came to know that some malicious malaware was using my ftp access (from the computers I used) and was replacing the index.htm/php files of my websites with an <iframe> containing page.


    I use one PCs for my ftp access. ( have XP professional installed). The PC has full functional Zone Alarm installed. I thought that the malicious malware may be in my PC . So I sent this PC for a complete reformatting and fresh install to remove all instances of this malware. As a further protection, I run a full system scan of my home PC using Zone Alarm. After doing this, I was hoping that this problem was solved.
    I changed FTP ,MYSQL,Admin user password of my site as it was recommended as the solution of this attack

    However, just 1 days my website was again banned by Google for spreading a malicious virus. This time a different <iframe> Injection was used to insert the malicious code in all the index pages.
    i keep watching my pages and daily index.aspx page are changed with diff iframe
    I search a lot to solve thios problem but could not find any solution
    Some other static sites are also hosted on same server i am using and all other sites are running correctly which shows that server is not effected
    Please help me what should i do
     
    saima, Sep 7, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Unfortunately this is not something we can help you with in the Malware Removal Forum since most frequently this occurs due to vulnerabilities in the software being used and even in the webpage designs themselves. Even though you rebuilt your machine, you may have just reinstalled webpage code that was already infected in your backups. You need to make sure you backups are clean. You have to manually clean all of your code.

    Also you need to make sure that the server is clean. Frequently the servers are the source of the problems or some other website on the server itself could be spreading it to other websites including yours.

    The below are a few article covering this topic:

    http://www.diovo.com/2009/03/hidden-iframe-injection-attacks/

    http://eisabainyo.net/weblog/2009/04/06/iframe-injection-attack/
     
    chaslang, Sep 11, 2009
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds