Malware Targeting Web Developers
In the past few months, we've noticed an alarming new (and increasing) trend: websites compromised by way of "malicious software" (viruses, etc) that targets web developers. By all accounts, the malware searches infected computers for the data files of common FTP programs, where login details are stored (FTP usernames and passwords) - the attackers can then use this information to upload malicious files without the site owner's knowledge.
The result is that otherwise-legitimate websites can end up containing malicious content, without the site owner's knowledge. This typically means "phishing" pages, which impersonate the login pages of online banking sites for purposes of stealing financial information. In other cases, the site itself is modified to add hidden code which can then infect visitors to the site.
Read on for some information on how to prevent these types of attacks.
Many of these attacks also involve PHP (or ASP) "shell" files, a type of backdoor. If an attacker is able to install one of these files onto a website, it can give him access to modify, create, or delete files on that site. In those cases, changing the FTP login will not help - since the attacker will still be able to get in through the shell.
Prevention - For Web Developers For the most part, the standard computer security "best practices" are the most effective protection. Don't install software from untrusted sources, make sure you're running up-to-date anti-virus software (at least on Windows), don't use dictionary words or easily-guessed passwords for FTP accounts, etc.
Used effectively, website stats can also help you spot potential problems. E.g., most stats applications will show you a list of the most-viewed pages/files - keep an eye out for any that you don't recognize, or any with suspicious file names. Google's "Webmaster Tools" can also be used to check a site for malicious files, and alert you if malicious files are found or reported. And a few years back, we setup a page that can be used to check a website or webpage using Google's "safe search": http://smartypants.com/safesearch.php.
All that said, making sure that your anti-virus software is running & up-to-date will prevent the vast majority of these attacks - this can't be overstated. By doing this, web developers help ensure the safety of the sites they develop & maintain, as well as the safety of visitors to those sites.
