iFrame hack

[olavt]

My site has been infected by what is often referred to as the "iFrame hack". I got the unpleasant message when I looked at Google and found that my site was marked as harmful. Here is what I did to clean the site. I hope this may help others who suffer from the same malware -- or that any of the security-gurus in this forum can tell that we have to do moore ... (I am not a security expert.)

Virus scanning software may detect the infection and give messages like this:

" "Trojan-Downloader.HTML.Agent.is" in file "http://61.xxx.8.157/iframe/wp-xxx-stats.php""

or

" "

(I do no longer have the error messages from my site -- these examples are from a discussion in the WordPress forum.)

I found that is was the templates that were infected. The malicious code was insterted right after the tag in the templates.

The cure was to remove the code from the templates. At least my virus software no longer detects anything on the site, and I hope Google will give my site a "Green flag" soon.

I of course also had to clean up the installatoins, change all passwords etc.

[viebig]

I did some googling, and I suppose that this trojan tries to autodetect HTML code in common CMS and Blogging systems templates and inject the malware code automatically upon a site or template update.

As known just for Wordpress(the most popular target), I dont think they would waste time developing something just for CMSMS. Anyway, there are some good recommendations:

1. Get a decent browser like firefox, and keep it updated.
2. Use a antivirus tool.
3. Like dangerous sites? Get another computer than your workstation.
4. Block suspicious hosts within the hosts windows files.

and the last one, that can solve all your virus and trojans phising malware problems:

5. Get rid of Microsoft software, its always a liability. Use MAC, Linux, Bsd. Even a cellphone is more secure.