Last weekend, we got a serious case of a client’s website getting an iframe injection. iFrame injections started last year, when a Russian anti-virus company spread a virus that injects hidden frames inside websites to advertise their anti-virus software. Nowadays, iframe injections are being used by SEO companies to forward traffic and leak link juice from a high-PR website.
Based on our research, iframe injections are caused by workstations infected by worms that injects these iframe source to index.php or index.html. Some tips to avoid this serious infection are:
- update ftp password every month or update it everytime you upload a file just to make sure;
- invest on a good anti-virus software and make sure its always updated;
- never save your passwords on your computer (ftp software, e-mail, instant messaging, browser).