Our friendly webhost, tigertech has informed about a virus that steals saved FTP passwords, such as the Gumblar or Trojan.PWS.Tupai.A virus and sends FTP usernames and passwords to a server controlled by “hackers” automatically.
If you’ve stored your FTP account password in your FTP program, the virus can steal the password and send it to “hackers” who then use
it to modify your Web site.
How these viruses work
* If your computer is infected with virus when you visit an infected Web page.
* The virus examines your computer to see if you use any common FTP programs which has stored with username and password.
* It sends the usernames and passwords to a server controlled by “hackers” automatically. This way Hacker gets your FTP password easily and get access to your website files so easily.
* The hackers make an automated FTP connection to your webserver and download any HTML or PHP files they find.
* Hackers modify the files by adding virus code (an “iframe” tag) that spreads the virus by uploading changed files back.
* Your site starts spreading the virus to new victims.
* Within a few days, your site will be marked as “This site may harm your computer” on Google, causing the number of visitors to drop dramatically.
The following programs are vulnerable to the virus:
Ftp Commander Pro
It’s a good idea to not to store your ftp passwords. The Best way to protect is to scan your computer for “malware” every so often. Here the product that can detect these kinds of viruses is Malwarebytes.