After doing some research on this issue it looks like the hacker simply replaced the index.php file from within the root directory of the websites.
Solution:
1) Replace the index.php file with a backup
2) Change your password for your website.
(netfirms.ca seems to have been a webhost that has been targeted for this hack because their DEFAULT login is the website domain)
3) Also set CHMOD 444 to the index.php which will limit the hacker from writing to the file.
4) If you are using Joomla or similar find your configuration.php file (typcially found in site root directory). MAKE A BACKUP BEFORE YOU EDIT!!! Open this file up with WordPad (ONLY not notepad)… locate the line that says:
var $secret = ‘ltmhCsrG7E8lemQS’;
(or something similar)
Change this string of charecters because if you leave it default hackers will target you first.
Save the file and upload back to your server.
