Today Yandex.Webmaster gave me some unpleasant news regarding one of my resources. The message informed that malicious code was found on the pages of the site, which can be dangerous for the computers of visitors. When opening the pages of the site, the malicious code can not lead to undesirable consequences for the user: infection of the computer with viruses, unauthorized use of its resources, damage and even theft of personal data.
Timely update of the browser version will increase the security of the Internet
How and where did the malicious code come from on the site was the main question I needed to answer. After all, I administer the resource alone, the password for FTP access is available only to me, and there are no people who would like to make changes to the pages.
I began to remember what changes and from which computer were made in relation to this site recently and remembered. Several days ago there was a request via FTP from a computer that had an outdated anti-virus database. It was a work computer from which I am now writing this post.
I downloaded a thirty day trial version of the antivirus program and checked the system. It actually turned out to contain several files infected with a Trojan. Later, my findings were confirmed by the hosting provider’s support service and antivirus software developers.
After the cause of the infection had been identified, localized and eliminated, it was possible to proceed to the next stage and remove the malicious code from the site. I want to emphasize that the most important thing is to find out the source of the infection, and only then eliminate the consequences. This will reduce the likelihood that the problem will reappear, and in some cases, without eliminating the source, it is not possible to cure the site at all.
The malicious code on the site contained the following script:
This script has been placed at the end of each page, between the