If your antivirus alerts you for abnormal connection or you receive virus alert notification every time you surf your website, there is possibility that your website has been inserted with iframe code. You can verify it by using view source feature on your web browser.



Sample antivirus notification from avast! Scanner


Sample iframe code in view source

What is iframe?
IFrame (from inline frame) is an HTML element which makes it possible to embed another HTML document inside the main document.
URL: http://en.wikipedia.org/wiki/IFrame

How did your website get inserted with iframe?
The third party (the attackers) used automated tools, logged into the FTP account, searched through all user account directories for index files (index.htm, index.html, index.php, index.asp, index...etc) , downloaded the index file, inserted the iframe code (usually at the beginning or the bottom of the index file), and uploaded the index file to the same directory to replace the original index file.

This happens may due to the account has been set with weak password for FTP account, or web application account which is allowed directly access to edit the file. In some cases, it appears that there may be security problems on the end user computers.

What does it do?
1. The iframe may bring you to a malicious site to download the malicious files into your
computers.
2. It may attempt using vulnerability on web browser to break into your computers.
3. Possibly other attacks.

What should you do if your website has been inserted with iframe?
1. Please do a full scan on computers which have the password stored.
2. Change the FTP password to strong password.
URL: http://en.wikipedia.org/wiki/Password_strength
3. Rename the hacked index file for further analysis.
4. Clean up the index file by removing the iframe code.
5. Review the application code, and update the applications to the latest version.
6. Report it to us.

Best Practice
1. Avoid using weak password, always set strong password for your accounts.
2. Up to date antivirus definition database and always scan your computers as a precaution.
3. Use other protocol for file transfer, such as SFTP, or SCP as the transfer over the network is encrypted.
4. Always patch your computers operating system, softwares, and update your applications to the latest version once the new version is released.

Add Feedback