HTML: Iframe-gen error

[triffendesign]

Hi--

I understand there are a few iframe-gen errors on this web site already, but I can't seem to make heads or tails of them.

the situation is as follows:

I am the web master of a web site that has a blog, run by wordpress, that has come up as having been infected/affected by HTML: Iframe-gen malware. Personally, I don't run avast, but my client does and he alerted me to this. I have been to many different places on the internet looking for additional information on this, but have found none (looking in places such as mcaffee and norton).

My own software has not caught on to this either. In addition, I work in firefox, which has some terrific filters of its own to detect this sort of thing.

I am not sure what to do with the announcement I was sent, or how to go about finding out if there really is a problem with the site.

Thank you in advance. Any advice would be welcome.

[DavidR]

Well since you don't give us the url of concern it is hard to investigate or offer any advice.

This is however, becoming a very common attack vector as all it takes it to inject an iframe into your page/s.

This can be from the exploitation of vulnerable content management software, PHP or possibly wordpress (but I have zero experience of this software).

The filters in firefox, such as NoScript may be beneficial, but avast doesn't need to have a script run to detect it in the page. So those unlucky enough not to be using firefox with NoScript (and importantly iframes blocked) as such would have no protection against the execution of an iframe.

[triffendesign]

sorry the website is hxxp://www.avios.org/forum

[DavidR]

Well it looks like you have been hacked. From the link you gave me.

There is a 1x1 iframe tag directing to an IP address (hiding obvious domain) in China. See image I have broken the code to make it easier to see in the image. This iframe just seems to have been dropped in without thought where it goes. That is the only iframe tag on that page, so I would check your other pages for iframe tags, especially if you don't use iframes in your site.

It appears to be pretending to be traffic stats as I doubt you would be using a Chinese site to monitor your stats.

[triffendesign]

Wow! Who would have known. Thank you very much.

If I wanted to get rid of it, would I just download the files and take out the iFrame?

If I did that, would it affect my computer? I also don't understand how this malware works.

Also, could you suggest a good free malware scan to find out if I am infected?

Thanks.

[DavidR]

You're welcome.

That is effectively just removing the iframe and not the cause (if you don't find and fix the cause it could be back), how the iframe came to be inserted in the first place, my previous comments in Reply #1