Dear Customers,

Lately there have occurred several cases in which user’s PCs were infected with viruses that steal FTP passwords. The most wide spread examples of such viruses are “Gumblar” or Trojan.PWS.Tupai.A virus.

These viruses function in the following way:
1. User visits a web site where the virus is included into the code of the page. This virus is loaded to the visitor’s PC.
2. Virus checks this PC for availability of commonly used FTP clients (software). Then it checks if the user uses “Save Password” features within these programs or if any passwords are saved.
3. If the result is positive the virus steals these login details and sends them to a hacker-controlled server.
4. An automated FTP connection is created to the servers, which saved passwords were stolen. This connection is used to download any .html or .php found on the server (from your hosting account this is).
5. Downloaded files are then modified with additional HTML code (so called ‘iframe’ tag) which is responsible for spreading this virus. Modified files are uploaded back to the server (your hosting account).
6. You site now becomes a source of the viruses for other victims.
7. The above fact is spotted by Google and your site is marked by Google as “This site may harm your computer”, what badly influences the visitor rate and popularity of your website (and will keep influencing it, unless the infected content is removed and the “cleared” website gets indexed on Google again).

As you can see the issue is directly related to the security vulnerabilities of your PC. The things to do in such case are:
1. Update to the latest database of virus signatures of your Antivirus and Anti-Malware software.
2. Scan your PC for viruses and Malware.
3. Check for the latest OS updates (e.g. Windows).
4. Check for the latest updates of your browser (e.g. Internet Explorer).
5. Update Adobe Reader and Adobe Acrobat to the latest available versions as several vulnerabilities were found in these programs (check http://www.adobe.com/support/securit...apsa09-01.html for more information)
6. Update Adobe Flash player to the latest available version as vulnerabilities were found in it (check http://get.adobe.com/flashplayer/ for more information)
7. Some viruses cloak themselves from your currently installed Antiviruses, therefore we also recommend to use a different program to scan your PC (e.g. http://www.malwarebytes.org/mbam.php).
8. Delete passwords from all your FTP clients and do not use the “Save Password” feature. Update the FTP clients to the latest versions.
9. Change all your passwords (including FTP and main cPanel password). It is recommended to use the Password generators in order to make the guessing of the password extremely difficult.
10. Inspect all your .html and .php files (e.g. index.php, index.html, main.php, header.php, footer.php and so on) for the malicious code. It is usually added in the end of the file. Clean the infected files.
11. Update all installed software on your hosting accounts (e.g. Wordpress, Joomla and so on)
12. Check the permissions of your “.htaccess” files (they should be set to 644) and of the folders, which contain the scripts you use (they should be set to 755).
13. Make sure you scan any file with your Antivirus prior to uploading it to the server.
These are precautions that should help you increase the security of your account.

If you have any additional questions please let us know.