Today Yandex.Webmaster told me some unpleasant news regarding one of my resources. The message informed that malicious code had been found on the site's pages, which could be dangerous for visitors' computers. When opening website pages, malicious code may not lead to undesirable consequences for the user: infection of the computer with viruses, unauthorized use of its resources, damage and even theft of personal data.
(N.A. Updating your browser version in a timely manner will increase the security of your Internet browsing)
The question of how and where the malicious code on the site came from was the main question to which I needed to get an answer. After all, I administer the resource alone, the password for FTP access is available only to me, and there are no people who would like to make changes to the pages.
I began to remember what changes and from what computer were made in relation to this site recently and I remembered.
A few days ago there was an appeal via FTP access from a computer that had an outdated anti-virus database. It was the work computer from which I am now writing this post.
I downloaded a thirty-day trial version of an antivirus program and checked the system. It actually contained several files infected with a Trojan. Later, my conclusions were confirmed by the hosting provider’s support service and anti-virus program developers.
Once the cause of the infection was identified, localized, and eliminated, you could move on to the next step and remove the malicious code from the site. I want to emphasize that the most important thing is to find out the source of the infection, and only then eliminate the consequences. This will reduce the likelihood of the problem reoccurring, and in some cases, without eliminating the source, treating the site is not possible at all.
The malicious code on the site contained the following script:
This script was placed at the end of each page between the tags