Malware (Virus) is a very broad term, and there are many different ways that malware can be injected into a website. One common way that malware is inserted is by a File Inclusion vulnerability. With this vulnerability, the hacker will insert a malicious script into the site by editing the PHP. This is normally performed by using methods similar to Code Injections. As a result, creating secure user input validation will also mitigate this vulnerability, along with coding the PHP to eliminate the possibility of Remote File Inclusion (RFI). Malware can also be inserted by gaining login access, so many other security measures must be taken to mitigate this risk. Oftentimes, the hacker’s goal is to insert malware, no matter what vulnerability he/she is using to gain access.
