Last weekend, we got a serious case of a client’s website getting an iframe injection. iFrame injections started last year, when a Russian anti-virus company spread a virus that injects hidden frames inside websites to advertise their anti-virus software. Nowadays, iframe injections are being used by SEO companies to forward traffic and leak link juice from a high-PR website.
Just last year, major US websites like Wal-mart, USA today, etc. were hit by this virus.
Based on our research, iframe injections are caused by workstations infected by worms that injects this iframe source to index.php or index.html. Some tips to avoid this serious infection are:
- update ftp password every month or update it everytime you upload a file just to make sure;
- invest on a good anti-virus software and make sure its always updated;
- never save your passwords on your computer (ftp software, e-mail, instant messaging, browser).
