I noticed that 2-3 sites on one of my sites were compromised, a .ru url appeared in the footer of the site.
I was able to fix it by sorting my remote files by date modified and replace them with the copy from my local computer.
The only thing I noticed changed were some common/known .js files like swfobject.js it had a document.write in it to print the malware links in my pages.
My question is: what causes these things in general? Is it more likely that my local computer had a virus/worm that modified my files (maybe through adobe Dreamweaver)? Or is it more likely that server was compromised directly ?
In the same day as file modified date (3 August) I got an email that appeared to be from Vimeo, I clicked the link in it, after that I seen browser errors that said some exe was not found, computer acted suspiciously so I had to do a system restore.
Do you think I should be safe now? Avast didn't find anything locally but it also didn't warn me about that email or virus or what that was.
Ok, I just checked, another site on different server has same malware, so this means it was made thrugh my computer, right? Server was not targeted directly?! Any advices?