Colin Differ

What is Malware and How Do You Clean Your Website of it?

3rd Nov 2009 SEO Blog 3 minutes to read

According to Internet security company Dasient, 5.8 million pages over 640,000 sites were infected with malware in the third quarter of 2009, whilst Google revealed that the number of entries on the Google Safe Browsing Malware List has doubled in the last year.

But what is Malware and what do you do if your website is infected?

What is Malware?

Malware (short for Malicious Software) is software designed to penetrate a computer without the owner’s authority. When done so, the software can have an extraordinary amount of control over the computer.

Passed on through spam, phishing emails or infected websites, malware can gather personal information that can then be abused, from financial theft to the stealing of a person’s identity. The resources of a computer can also be stolen; as a hijacked machine is added to a network of other hijacked machines (a botnet), then a computer can be used to send emails (usually spam), take control of other computers or to distribute more malware.

Whilst some types are malware are more dangerous than others, even the less risky variety can cause your computer to slow down and become very unresponsive.

What if your site is infected?

As mentioned above, malware can be passed on through websites which have been infected themselves, most of which is done so without the owner’s permission or knowledge. So what do you do if your website is distributing malware?

Generally if your site has been infected by Malware you will receive a message when you try and enter the site that looks like:

Report Attack Site

If you see this, sign in to your Google Webmasters Tools account (register for free at, choose your website and view the account.

Webmasters Tools Malware Details

At the bottom of the left-hand side menu, click the labs button and then click the link called “Malware Details” (recently discussed at /blog/search-engine-news/google/google-webmaster-tools-expands-to-combat-malware-and-provide-a-googlebot-view/) .You will then be able to see if Google has exposed any malware on your website. If you are lucky, the message that will pop up will be “Google has not detected any malware on this site.”, if not you will get a message that Google has found some Malware which means you will need to identify and clean the site.

To start cleaning your site you need to understand that the Malware could take the form of Invisible Frames (iframes) or Obfuscated Code.


Iframes create small windows on your page so another page can be loaded inside the embedded window. Whilst iframes can be used for genuine purposes, when hackers do this, they make it invisible to the visitor and to the website owners. To check your site for iframes, look at the code of all pages for a frame with the specifications width=”0″ and height=”0″ and then remove this. Remember to look over all of your pages.

Obfuscated code

Obfuscated code is a source that has been created to be difficult to understand and is designed to be hidden within the normal code of your website. Again not all obfuscated code is necessarily, but if you understand the code of your site and see unintelligible code, this may indicate an attack.

There are times when the obfuscated code can be easy to discover because it uses either “hex” or “unicode/wide” characters. For hex characters, you will see strings of percent signs with two characters after them (e.g. %AA%BB%CC). For unicode characters, you will see strings of “\u” with four characters after (e.g. \u0048\u0069\u0021). These blocks of encoded text can take up several paragraphs.

If you do not fully understand the code on your site, refer it to the person who wrote it or someone who does understand it.

If you find your site has been hacked and discover either iframes or obfuscated code, take the site offline then remove all of the malicious code.

Once all of the code is cleaned off the site, you can request a review from Google, again through Google Webmasters Tools.

Preventing future attacks

Of course, removing the code will keep your site clean for now, but as it has been hacked, it can be hacked again, so remember these simple rules:

  • Use strong passwords.
  • Use a vulnerability auditing scanner to scan your site for security vulnerabilities (free and professional available).
  • Make sure all your software is up to date.

Share this post

1 Comment

What do you think?

Gary Hainsworth

SEO and AI Generated Content

Gary Hainsworth
2nd Feb 2023
SEO Blog
Kelly-Anne Crean

Ecommerce SEO and Beyond – The Complete Guide

Kelly-Anne Crean

SEO Blog

Digital Ideas Monthly

Sign up now and get our free monthly email. It’s filled with our favourite pieces of the news from the industry, SEO, PPC, Social Media and more. And, don’t forget - it’s free, so why haven’t you signed up already?

Free Digital Marketing Audit

Are you a UK business that needs some expert help to uncover what’s holding your digital marketing back? Let us show you for free!


Call us on 0330 353 0300, email or fill out our Contact Form.

Map of Hampshire Digital Marketing Agency
Hampshire Digital Marketing Agency
Merlin House 4 Meteor Way Lee-on-the-Solent, PO13 9FU, UK
Map of Lancashire Digital Marketing Agency
Lancashire Digital Marketing Agency
Cotton Court Business Centre Church Street, Preston Lancashire, PR1 3BY, UK
Map of London Digital Marketing Agency
London Digital Marketing Agency
Albert House 256 - 260 Old Street London, EC1V 9DD, UK

Unlike 08 numbers, 03 numbers cost the same to call as geographic landline numbers (starting 01 and 02), even from a mobile phone. They are also normally included in your inclusive call minutes. Please note we may record some calls.

Circle Cross