Help With Websites Infected With Viruses
Recently several websites are reporting very suspicious infection and anti viruses alerts when visiting some websites. Even recently if you use Firefox or Chrome and you visit one of those websites it came out as a red page alerting you not to go forward because the you could get infected with viruses or Trojans.
And yes, it is exactly as that page says, the website you are trying to visit has been recoded including sort kind of encrypted JavaScript code inserted in almost any index page, this affect every index.html , index.htm , index.php and so and so, also it could be found into the .htaccess files used on Apache servers.
The propagation
The propagation method is simple, the virus infects a computer, download and install Trojans converting the infected computer in a zombi and adding it to a network awaiting for commands to process to send spam, generate DoS attacks or even worse, once this is done, the virus attack the FTP clients this computer could have in order to get a list of FTP addresses including user name and password, no one knows if this list is also sent out to people to be sold online, once the FTP information is collected the virus access those sites and infects almost any index page into it and infect any visitor the site could have.
Ways to fire back
Anyone could be affected by this virus, reports of infections from eBay, News. Com. au and some other well know sites are a sample of it.
Google is trying to at do their part into this problem and had created a directory there every person can query and request information for a site, the URL is http://google.com/safebrowsing/diagnostic?site= site-affected.com (replace site-affected. com with the real domain to check)
Once a website is infected and listed as dangerous by Google nobody with a minimum of brain is going to visit it, so for owners and webmasters this are very bad news, the problem most be solved ASAP and the website most be taken down until it is fixed, also Google most be notified to check the site again and take it out of the list. All FTP passwords most be changed and any computer with access to the site most be scanned and clean up, it is hard work, but it’s the only way, in some cases it could be worst.
Our recommendations:
- No to used any popular FTP client to access your site. Try to use a different FTP client of even the explorer of you system, it could handy after you get used to it.
- Use SFTP protocol. SFTP is a protocol that encrypted and secure the FTP s connections to servers using port 22 instead the regular 21 for FTP.
- Keep your anti-virus updated. Keep you anti virus up-to-date all the time, in case you need one we recommend AVG, it is free and very good identifying threats, http://free.avg.com.
- Change all the FTP password you have access too. This will help you, but eventually if your computer still infected it will infect the sites again.
I hope this article is useful for people having this problem or for preventing it, in case you need more help contact us, we will be very happy to help you.