We're hiring

We love digital - Call
03332 207 677
and say hello - Mon - Fri, 9am - 5pm

Call 03332 207 677

Colin Differ

What is Malware and How Do You Clean Your Website of it?

3rd Nov 2009 SEO 3 minutes to read

According to Internet security company Dasient, 5.8 million pages over 640,000 sites were infected with malware in the third quarter of 2009, whilst Google revealed that the number of entries on the Google Safe Browsing Malware List has doubled in the last year.

But what is Malware and what do you do if your website is infected?

What is Malware?

Malware (short for Malicious Software) is software designed to penetrate a computer without the owner’s authority. When done so, the software can have an extraordinary amount of control over the computer.

Passed on through spam, phishing emails or infected websites, malware can gather personal information that can then be abused, from financial theft to the stealing of a person’s identity. The resources of a computer can also be stolen; as a hijacked machine is added to a network of other hijacked machines (a botnet), then a computer can be used to send emails (usually spam), take control of other computers or to distribute more malware.

Whilst some types are malware are more dangerous than others, even the less risky variety can cause your computer to slow down and become very unresponsive.

What if your site is infected?

As mentioned above, malware can be passed on through websites which have been infected themselves, most of which is done so without the owner’s permission or knowledge. So what do you do if your website is distributing malware?

Generally if your site has been infected by Malware you will receive a message when you try and enter the site that looks like:

Report Attack Site

If you see this, sign in to your Google Webmasters Tools account (register for free at http://www.google.com/webmasters/), choose your website and view the account.

Webmasters Tools Malware Details

At the bottom of the left-hand side menu, click the labs button and then click the link called “Malware Details” (recently discussed at /blog/search-engine-news/google/google-webmaster-tools-expands-to-combat-malware-and-provide-a-googlebot-view/) .You will then be able to see if Google has exposed any malware on your website. If you are lucky, the message that will pop up will be “Google has not detected any malware on this site.”, if not you will get a message that Google has found some Malware which means you will need to identify and clean the site.

To start cleaning your site you need to understand that the Malware could take the form of Invisible Frames (iframes) or Obfuscated Code.


Iframes create small windows on your page so another page can be loaded inside the embedded window. Whilst iframes can be used for genuine purposes, when hackers do this, they make it invisible to the visitor and to the website owners. To check your site for iframes, look at the code of all pages for a frame with the specifications width=”0″ and height=”0″ and then remove this. Remember to look over all of your pages.

Obfuscated code

Obfuscated code is a source that has been created to be difficult to understand and is designed to be hidden within the normal code of your website. Again not all obfuscated code is necessarily, but if you understand the code of your site and see unintelligible code, this may indicate an attack.

There are times when the obfuscated code can be easy to discover because it uses either “hex” or “unicode/wide” characters. For hex characters, you will see strings of percent signs with two characters after them (e.g. %AA%BB%CC). For unicode characters, you will see strings of “\u” with four characters after (e.g. \u0048\u0069\u0021). These blocks of encoded text can take up several paragraphs.

If you do not fully understand the code on your site, refer it to the person who wrote it or someone who does understand it.

If you find your site has been hacked and discover either iframes or obfuscated code, take the site offline then remove all of the malicious code.

Once all of the code is cleaned off the site, you can request a review from Google, again through Google Webmasters Tools.

Preventing future attacks

Of course, removing the code will keep your site clean for now, but as it has been hacked, it can be hacked again, so remember these simple rules:

  • Use strong passwords.
  • Use a vulnerability auditing scanner to scan your site for security vulnerabilities (free and professional available).
  • Make sure all your software is up to date.

Share this post

1 Comment

What do you think?

  • aspect-ratio bing-logo-woodsign
    Liam Huckins

    Why Bing is a Valuable Paid Media Platform

    For a long time, Bing, the UK’s second-largest search engine, has been underappreciated and, in some instances, even ignored.  Often regarded as the inferior search engine to market leader Google, Bing has historically struggled to appeal to many in the digital world. Most PPC analysts would give justified reasons for neglecting Bing for so long; these include the volume of traffic and the user experience just not matching up to Google. However, the validity of these assessments is now diminishing. Bing has grown and improved rapidly in the last couple of years; if you are not integrating it into your comprehensive digital marketing plan, you run the risk of missing out on a large portion of your chosen market and significant revenue.


    Liam Huckins
    8th Mar 2018
    Paid Search
  • aspect-ratio
    Nicola Churchill

    The Psychology Of Colour In Marketing

    When it comes to building a content marketing campaign, it can be difficult to know where to start. You may have an initial idea but bringing it to life and getting your message seen are always harder than initially thought.

    Nicola Churchill
    30th Jun 2017
    Content Marketing

Digital Ideas Monthly

Sign up now and get our free monthly email. It’s filled with our favourite pieces of the news from the industry, SEO, PPC, Social Media and more. And, don’t forget - it’s free, so why haven’t you signed up already?