Two of my clients websites got framed by HTML/Framer mallware, subsequently causing their pages to be blocked by Google. This trojan adds a hidden iframe and some JavaScript code to the bottom of index.html or index.php, causing a visitor redirect to a site with more malicious code to be downloaded by unsuspecting website visitors. Since Google detects this mallware right away, Google users are promptly warned of imminent danger, which is how I was made aware off the hijacking. Cleaning up was a no-brainer except for the fact that site unblocking can only be performed through Google web master Tools central, but what worries me though is that the infection itself could only take place on a poorly protected web hosting server. Most likely thanks to a popular misconception that Linux servers are safe from mallware. Guess what: they are NOT!
Since this trojan is an extremely dumb one, adding an explicit die(); directive to any index.php just before the final ?> would render any further infections of this kind harmless, but one could safely bet on the next trojan to be more clever than this.
