Local malware causes infected websites

Over on BadwareBusters.org, we are seeing a trend of websites that have been infected because the webmaster’s personal computer was infected. Specifically, the local malware seeks out saved usernames and passwords in popular FTP clients like CuteFTP and Filezilla and then uses the stolen information to upload modified code to the web server. This leads to a frustrating cycle for the unsuspecting website owner, who discovers bad code on his/her site, fixes the problem, and then finds the site infected again a day or two later.

The best thing that website owners can do to minimize this problem is to protect their computers from malware. An additional precaution is to decline the option of saving the account password in the FTP client software.

Web hosting companies can also help by educating their customers, both proactively and in response to customer complaints about malware on their sites, about this vector of infection.