Thread

It’s not a virus, but GMail is flagging it as one because there is encoded Javascript, that’s being added to your index.php file, which when opened in a web browser loads content into the background.  This occurred most likely via a script somewhere on the server you are hosted on (not necessarily your own account).  Did you in addition to having your password changed inform your host about this?  Somewhere by some means on your server, unauthorized persons are gaining read and write access to your files.

No, but I will do… we’re monitoring access to the server just now…

This won’t likely be anything that you’ll be able to spot, by monitoring yourself Mick.  Since these types of attacks can come from anywhere on the server, it could be initiated from, for example, an old phpBB script on someone else’s account, which would only be traceable by your server administrator.

I should add that for the time being, the attack has been harmless.  The Javascript that has been inserted so far does nothing, and the attacker has been careful so as to not have it load on every page request.  So in one sense it’s more troubling, because it means that they are probably testing for something to come, but on the other hand, the attack has not yet caused harm to your site’s visitors.