I got a request from email yesterday requesting a page addition on their existing site. Since the client’s website was created by my company, I thought that there would be no problem accessing the site. Unfortunately, when I was accessing the administration panel, my security software reported a malware embedded in the page. It was an IFrame injection attack coming from the index page of the password protected web folder. After a lot of reading about the subject and going through the source code, I finally traced the problem to a line of code. I deleted the line and uploaded the edited file to the site. I didn’t have any further alerts after that.