Byte Chip

Recently many websites are been phished with virus and malwares which are much harder to eliminate. One such is the iframe virus , I call it the iframe virus because it is enclosed within the HTML iframe tag.

I was once a victim of this virus. I was using Windows XP 64 bit that time. Unfortunately I dint have any protection software running on my computer, as I thought it was hard for viruses to hit a x64 architecture(which was proved wrong ).

My website was working normally, though the iframe virus were still present in it. My browser Firefox failed to notify me that the site is infected. I would not have noted this issue, unless one of my friend sent me a screenshot showing my site is blocked by Kaspersky.

Then when i tried to open my site in Google Chrome(because Chrome has an inbuilt site advisor) it reported that the site is phished. Thanks to Chrome as it showed what exactly is the virus code. Then i had a look in my source code and was shocked to see that three different iframe virus URLs were there. I tried to find out the actual location of these tags and removed them and again uploaded the contents through FileZilla. No use, even if I delete the iframe code, they manage to appear somehow again and again. I changed my FTP password, my WordPress account’s password. But all attempt went in vain.

Then I thought of another idea, I switched to my Linux( OpenSUSE 11.1) and started making those changes. The FTP client in GNOME was almost similar to FileZilla built with complete features, so editing the code was easier. I uploaded the files and this time it was a success. All iframe virus in my website are removed. It was now I realized my FileZilla was compromised.

After making the necessary changes to my website, I switched again to Windows Harddisk, installed Kaspersky Internet Security. But the application failed to load, without returning any error. I installed Bit Defender, again the same result. Anti virus application and even Online virus scanners were not able to run. Task Managers, Group Policy Editor(GPEdit), Registry Editor every shit failed to run. I tried logging in safe mode, no wonder why people says Windows suck, it let me down again. Computer rebooted before even going to the Welcome screen, everytime I chose Safe Mode. I formatted my C: drive and installed XP again.

I installed Kasperksy Internet Security and it loaded. After updating the virus database, I did a complete scan on my computer. Guess what, every .exe file was affected with a virus called W32.Sality. This particular virus was the culprit, it has spreaded to all the application files, affecting even my browser and FTP client. Thats how the iframe virus affected my website.

So people keep yourself protected against these malwares. Don’t leave any backdoors in your computer. I advice you to have Internet Firewall rather than just an anti-virus. Never store password information on FTP clients. And frequently check your website with some third party service for virus or malwares.

Feel free to share your own experience…