Iframe virus: Difference between revisions

You must add a |reason= parameter to this Cleanup template – replace it with {{Cleanup|reason=<Fill reason here>}}, or remove the Cleanup template.

About iframe virus

There are different variants of badware/malware that infect websites. Most of them use iframe html code, they cause damage by injecting iframe tags into your website and that's why they are called iframe virus. ^[1] Code may be injected into html, php, asp or tpl source files. They may infect through various themes or templates of Content management systems. The virus will also modify .htaccess and hosts files, and create images.php files in directories named 'images'. The infection is not a server-wide exploit. It will only infect sites on the server that it has passwords to.

This recent surge in compromised web servers has generated many interesting discussions in online forums and blogs. Web malware infections hurt businesses Google, Firefox, IE, and anti-virus companies blacklist infected sites. Businesses lose thousands of dollars in revenue. Sites suffer damage to their brand and reputation.

Iframe virus is a type of badware. "Badware producers are constantly developing new, creative ways to install badware onto your computer"^[2]. Badware distribution has been expanded beyond traditional channels like email viruses to harder-to-avoid methods like automated “drive-by downloads” that are launched by compromised web pages.

Iframe variants

Sometimes, "iframe variants come in the form of javascript". You may NOT see iframe tags in the source because it will be encoded. It's a more clever form of iframe variant virus. If you decode the encoded script code, it will contain code to invoke iframe via javascript.

References

1. "Why people call it iframe virus? How do we remove and clean?".
2. http://stopbadware.org/home/badware