Malware injection attack is spreading like wildfire these days, and countless websites have been affected. The attack is done via a compromised FTP, and many believe that the virus can actually “sniff out” FTP passwords and send it back to the hacker. The hacker then uses your FTP password to access your website and add malicious iframe coding to infect other visitors who browse your website.
Malware injection warning sign by Google Chrome
Most web browsers will put up a notice when they’ve detected malware in your website. This prevents other people from unknowingly downloading the malware. If you’d like to check if your website has been infected, use the Website Security Check from Unmask Parasites.
Security report from Unmask Parasites (beta)
You might also like to take the following preventive measures to protect your website from malware:
1. Upgrade your Adobe Reader to the latest version
2. Install anti-virus software like Malwarebytes and Comodo
3. Use SFTP instead of FTP
4. Remove all malicious coding from your website
5. Upgrade to latest WordPress if you have a self-hosted Blog
6. Change your FTP password
For further reading, check out Hidden iframe injection attacks