Can JS:Iframe-FG [Trj] upload to IP's website files without logging on?

Viruses and worms
1

Can anyone tell me if the JS:Iframe-FG [Trj] virus can automatically migrate from my desktop to my website files without me even logging into them? Contrawise, could this virus have been introduced to my website files on my provider’s server and then migrated down to my desktop? When I update my website, I always change the datestamp on the links page, so unless I forgot, I hadn’t uploaded anything in several months.

Please note that I’m not a web designer, and have tried to ask this question on an earlier thread but kept being given answers in geek without a geek dictionary.

This isn’t an academic exercise, I’ve launched an investigation into the IP for numerous costly infractions over several years, so if there’s anyone out there who understands the capabilities of this virus and can let me know what is possible, it would sure help narrow down the list of suspects.

Thanks ahead,

drongo

2

Drongo,

This type of malware is to access Internet resources, mainly web pages, by sending appropriate commands to the browser or by manipulating system files that provide “standard” addresses for Internet resources (e.g. Windows host file). The malware is used for SEO fraud/promoting redirects to click fraud sites, redirect to additional viruses/trojans, info Kaspersky Lab

polonus

3

So if I understand you, even though Avast caught this virus in a system scan, and I moved it to the chest immediately, it would still be able to upload itself to my website files on my IP’s server, even though I hadn’t logged onto that server for several months?

thanx ahead,

drongo

4

More information here:
http://www.velvetblues.com/web-development-blog/how-did-my-website-get-hacked/
http://www.networkworld.com/news/2007/100407-web-site-vulnerabilities.html

5

If I wanted a generalization, I would have asked for one.

Is there anyone on this forum who can actually answer the specific question I actually asked?

I’m really really getting tired of this.

Could this specific virus have uploaded itself to my provider’s website folder without my logging on?<<<<

6

The answer is simple as it is used by black hat hackers to get access, so yes it can hack a provider’s website folder via T_String error and code inserted in index.php file. PHP is grossly insecure and that is why it is being used here, for instance … xml.php
Hope that is specific enough,

polonus

7

Thank you polonius,

I am halfway to getting the answer now.

You’ve helped me establish that my website hoster could have been infected remotely. What I’m trying to establish is whether I could have been the source. I have not logged into my website files for at least two months. The virus was detected on my desktop and quarantined by Avast a month ago. Could it have uploaded itself to my website hosted folder without my logging on? If it is impossible for this to happen without my actively logging on, then the responsibility for the virus is the host. This is what I’m trying to establish.

Thanks ahead,

drongo

8

Well, in a free forum that we’re helping for free for 10 years, it’s difficult to imagine how people get “tired” so easy.
Please, keep forum atmosphere in a collaborative and friendship manner.
Welcome to avast! forums.