There has recently been a rise of malicious software (malware) that not only damages your own PC but is also looking to steal the passwords you use to maintain your website, in an attempt to infect it.
How does it work?
Gumblar is an example of this malware. You get this malware by visiting a website that is already infected. This website will use a leak in Adobe Reader or Adobe Flash to infect your PC.
After your pc is infected, this software looks (among other things) for passwords that you stored in FTP programs.
These stolen FTP passwords are then used to secretly alter files hosted on your website. For example, it will alter HTML or PHP files to add javascript code or a iframe that in turn infects your website’s visitors.
What can you do to prevent this?
- Keep all your software up-to-date. This can be a daunting task, but a good (and free) tool is available to help you; Secunia Software Inspector. Be sure to at least download the most recent versions of Adobe Reader en Flash, and update your browser.
- Browse safe; don’t just click on any link (especially from spam mail). If you really want to make an effort you should consider using Firefox together with the NoScript plugin.
- Even if you already use a virusscanner (highly recommended), it’s wise to scan your PC frequently using different malware detection software such as Malwarebytes.
- Don’t store your FTP password in your FTP program, and use a third-party application to keep your passwords safe.
- Be careful with outsourcing or giving other people your website passwords. Even if you trust the person or company that you give them to, they can also be infected (and developing countries tend to have higher infection rates).
What to do when I’m infected
The first thing to do is to change all passwords you stored on your PC (do this from a clean PC of course). Next, determine what kind of virus you have. Use for example the Malwarebytes scanner we mentioned earlier, or install a recent anti-virus program and follow the directions given. Unfortunately, the only way to make really sure that you PC is secure again, is to reinstall it from scratch. Our best advice is to back up all your files, and reinstall or restore your installation. Yes; we realize this is a lot of work but you make sure that no backdoors or rootkits remain behind that could make your PC vulnerable to the same attack all over again, or worse!
What we do to protect you
We are now scanning all files uploaded via FTP for malware. In case we detect any suspicous files, these are cleaned or removed, your FTP password will be reset, and you will be notified. Although this doesn’t guarantee that your website is 100% safe, this will catch most of the common malware before it can do more harm.