We love digital - Call
03332 207 677 and say hello - Mon - Fri, 9am - 5pm

Call 03332 207 677

What is Malware and How Do You Clean Your Website of it?

3rd Nov 2009 SEO 3 minutes to read

According to Internet security company Dasient, 5.8 million pages over 640,000 sites were infected with malware in the third quarter of 2009, whilst Google revealed that the number of entries on the Google Safe Browsing Malware List has doubled in the last year.

But what is Malware and what do you do if your website is infected?

What is Malware?

Malware (short for Malicious Software) is software designed to penetrate a computer without the owner’s authority. When done so, the software can have an extraordinary amount of control over the computer.

Passed on through spam, phishing emails or infected websites, malware can gather personal information that can then be abused, from financial theft to the stealing of a person’s identity. The resources of a computer can also be stolen; as a hijacked machine is added to a network of other hijacked machines (a botnet), then a computer can be used to send emails (usually spam), take control of other computers or to distribute more malware.

Whilst some types are malware are more dangerous than others, even the less risky variety can cause your computer to slow down and become very unresponsive.

What if your site is infected?

As mentioned above, malware can be passed on through websites which have been infected themselves, most of which is done so without the owner’s permission or knowledge. So what do you do if your website is distributing malware?

Generally if your site has been infected by Malware you will receive a message when you try and enter the site that looks like:

If you see this, sign in to your Google Webmasters Tools account (register for free at http://www.google.com/webmasters/), choose your website and view the account.

At the bottom of the left-hand side menu, click the labs button and then click the link called “Malware Details” (recently discussed at /blog/search-engine-news/google/google-webmaster-tools-expands-to-combat-malware-and-provide-a-googlebot-view/) .You will then be able to see if Google has exposed any malware on your website. If you are lucky, the message that will pop up will be “Google has not detected any malware on this site.”, if not you will get a message that Google has found some Malware which means you will need to identify and clean the site.

To start cleaning your site you need to understand that the Malware could take the form of Invisible Frames (iframes) or Obfuscated Code.

Iframes

Iframes create small windows on your page so another page can be loaded inside the embedded window. Whilst iframes can be used for genuine purposes, when hackers do this, they make it invisible to the visitor and to the website owners. To check your site for iframes, look at the code of all pages for a frame with the specifications width=”0″ and height=”0″ and then remove this. Remember to look over all of your pages.

Obfuscated code

Obfuscated code is a source that has been created to be difficult to understand and is designed to be hidden within the normal code of your website. Again not all obfuscated code is necessarily, but if you understand the code of your site and see unintelligible code, this may indicate an attack.

There are times when the obfuscated code can be easy to discover because it uses either “hex” or “unicode/wide” characters. For hex characters, you will see strings of percent signs with two characters after them (e.g. %AA%BB%CC). For unicode characters, you will see strings of “\u” with four characters after (e.g. \u0048\u0069\u0021). These blocks of encoded text can take up several paragraphs.

If you do not fully understand the code on your site, refer it to the person who wrote it or someone who does understand it.

If you find your site has been hacked and discover either iframes or obfuscated code, take the site offline then remove all of the malicious code.

Once all of the code is cleaned off the site, you can request a review from Google, again through Google Webmasters Tools.

Preventing future attacks

Of course, removing the code will keep your site clean for now, but as it has been hacked, it can be hacked again, so remember these simple rules:

Use strong passwords.
Use a vulnerability auditing scanner to scan your site for security vulnerabilities (free and professional available).
Make sure all your software is up to date.

Share this post

1 Comment

Glen Victor 5th November 2009
Google put out this good article about IFRAME/HTML Malware here
http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html
My sites were infected and reinfected until I secured my FTP traffic by using WinSCP.
Reply to this comment

What do you think?

Cancel reply

BrightonSEO Roundup: Practical Insights into Winning Featured Snippets

Callum Coard

5th Oct 2018
News

BrightonSEO Roundup: Take your Site Speed Optimisation to the Next Level

Michael Lam
@Mikelam129

4th Oct 2018
News

Digital Ideas Monthly

Sign up now and get our free monthly email. It’s filled with our favourite pieces of the news from the industry, SEO, PPC, Social Media and more. And, don’t forget - it’s free, so why haven’t you signed up already?

Name*
First Last
Email*
Website
Event
Phone

Comments

Marketing Preferences
We’ve got some really cool stuff we want to share with you. So you don’t miss out, let us know which of the following you want us to email you about going forward:
- Exclusive VIP invites Get front row seats to our free digital marketing events
- Koozletter Receive industry news and insights directly to your inbox
- Tune In Have access to the latest content from our award-winning Koozai TV
Client ID
Phone
This field is for validation purposes and should be left unchanged.

Oh, and here’s our privacy policy. Make sure you read it so you’re up-to-date on the legal stuff.

Unlike 08 numbers, 03 numbers cost the same to call as geographic landline numbers (starting 01 and 02), even from a mobile phone. They are also normally included in your inclusive call minutes. Please note we may record some calls.