We were attacked twice today – Avast caught it
PEI Blogs has been infected off and on for several weeks with a malicious script called iFrame.
If you’ve been there you should deep scan your computer.
Avast is freeware and it can catch it.
Here’s their note.
Beware of the threat from hacked websites
This year, there has been a large increase in the number of legitimate websites infected by a so-called “iframe” threat – a type of malicious script.
Several prominent websites have come under attack from hackers who have modified the underlying code so that malware can be distributed to unsuspecting users who visit the site. When a user visits an infected site, an invisible connection is established to a remote server, which can then attempt to install malware on the user’s computer. The intention could be to generate spam, or possibly something more sinister, such as stealing personal information e.g. bank account or credit card details.
In 2008, several high-profile websites were targeted, including USA Today, ABC News, Target and Wal-Mart and simply visiting one of these infected websites could have resulted in the user’s computer being infected. More recently, a number of websites have been detected by avast! as being infected by a malicious script called “HTML:Iframe-inf”.
Among the websites affected are a number of Government sites in the US, including the United States Forest Service, the US International Trade Commission and the websites of several embassies around the world. Many popular travel and recreational websites have also been compromised.
avast! antivirus will detect and block access to any website that is infected by this threat and will display a warning that a virus has been detected. If avast! displays this warning, you should discontinue your attempt to connect to that particular website and either report the infection to the relevant party so that it can be removed, or post a message on the avast! forum in the section
Viruses and Worms so that it can be investigated to determine whether the website is really infected. Do not ignore this warning, even if you believe the website to be a reputable one – the recent attacks prove that no websites are immune to infection.
Thanks to one of our regular forum users who reported the infection to the organization concerned, the website of the US International Trade Commission was quickly repaired and the infection removed, however, potentially, many more websites remain infected.
To minimize the risk of falling victim to such an attack from this, and other similar threats, it is essential that your antivirus software is kept up-to-date. We recommend that your avast! antivirus is set to update itself automatically, or alternatively, that you perform regular manual updates, ideally daily.
Alwil Software would like to thank its regular forum users for their help in this particular case and for the valuable support they continually provide to the rest of the avast! user community.
Derek MacEwen
As I told you, I fixed the problem immediately when you reported it, by removing the hidden iframe which had been added to the site with a link to the malware(only takes a few seconds to fix). I am very unclear of why you would choose to warn readers, without my permission, of a problem that I already corrected, especially when your scanner would easily have shown that the problem had indeed been corrected, as I had told you.
In my research yesterday, It appears that a worm may have installed itself on one of the PC’s that I use, and used my FTP to connect to the site and change it. I have now changed my FTP password, and will enter it in manually everytime I use it. That should fix it. I have been scanning my computer daily to look for the worm, and it appears to be clean.
– Owner, PEIBlogs
Derek MacEwen
Also, an iframe is not a “malicious script”. It is an HTML statement that lets you put information in a particular place on a screen. In this case, the malware used a “hidden” iframe to hide a link to a fairly harmless spyware site. It was easly removed.