Malicious iframe codes and methods to delete them

When viewing the site code, basically the index page, you may find that a link to the site that contains a trojan virus of the form has been added to the code:

iframe src="some_url" //some_url - link to a site with a trojan

It also happens that such a link is encoded, usually in base64.

So, when you go to such a page, a Trojan is automatically loaded, which tries to infect the visitor’s computer. Who is to blame and how to deal with this problem?

Usually, users when they encounter such a problem blame the hoster, but in 99.9% of cases the problem arises because the webmaster, or someone who has passwords for ftp-access to the hosting is infected with a Trojan that searches for saved passwords in the most common ftp- clients (often Totat Commander), mail clients (often Outlook-like) and sends them to a special host on the Internet. In 90% of cases, infection occurs through the vulnerabilities of Internet Explorer and Outlook. Using ftp-access stolen with the help of a trojan, special programs modify the site by adding malicious iframe code, which we wrote about above, to many pages. Index pages - index.html, index.php, etc. are mostly infected, but it happens that all files with certain extensions are also infected.

How to deal with this problem, if it has already arisen?

First of all, you, and everyone who has access to change your site, need to check your computer for viruses with an antivirus with the latest anti-virus databases, and check with not one antivirus, but several, from different manufacturers, and only after completely cleaning your computer, change all passwords on hosting - ftp-access, control panel, etc. Only after you have done all this, is it necessary to clean all malicious iframe links from the site code, then they will no longer appear. But, if you did not find viruses that have stolen passwords from you, then new passwords will be stolen very quickly, from which malicious iframe links will be inserted again. Also, if you do not change all the passwords, then again, using the stolen ftp-access, malicious iframes will be inserted. Keep this in mind!

How to prevent such problems?

In order to prevent the occurrence of such problems, it is best not to use windows-systems for work, then you simply will not be able to steal passwords, since viruses are mainly aimed at windows-systems. But this is a very radical method and will not work for many. But, you can greatly reduce the likelihood of a problem. To do this, it’s best not to use Internet Explorer and Outlook as potentially vulnerable at all, not to save passwords for ftp access in client programs such as Total Commander and others, to update Windows and antivirus software in a timely manner, since viruses that steal passwords are mainly used Windows operating system vulnerabilities.