Corrective Action -> Cause Analysis -> Preventive Action -> Continuous Assessment
Monday, November 28, 2011
My Website is infected with Malware - What's next?
Legitimate websites are being targeted for malware infections. Reason, large number of users visit their websites and hence these websites can be misused to easily spread or distribute malware to large number of users. If a website is infected with malware it may belong to one of the following scenarios
Irrespective of the scenarios mentioned above you need to take the following necessary activities:
For Scenario-2, in addition to the above mentioned activities, some additional steps need to be taken to salvage the lost pride. Read “Request Malware Review - Why” section for more details.
The objective of corrective action is to clear the malware and any malware related links from the infected website. Follow the below mentioned most common corrective steps to clean the infected website and system.
Through the above mentioned steps, you can just fix or clean the infection in your web server. However, you cannot prevent the malware infection from happening again as hackers continue to attack and compromise the security weakness again.
There are multiple ways (exploitation of security weakness) by which a website can be compromised. You need to take appropriate steps (read as control measures) to fix those security weakness to prevent the incident from happening again. Some of the most common ways of malware or malware links being introduced into a website are as follows:
A cause analysis of the incident could reveal the security vulnerabilities that could have been used to infect your website.
Follow the preventive action associated with most common vulnerabilities listed below to reduce the risk of getting infected again.
To prevent “SQL Injection” attacks, follow the most common preventive control measures mentioned below:
To prevent “injection” attacks, follow the most common preventive control measures mentioned below:
To prevent attacks exploiting “default and weak password”, follow the most common preventive control measures mentioned below:
To prevent attacks exploiting “Software Vulnerabilities”, follow the most common preventive control measures mentioned below:
As threat scenarios evolve, a continuous vigil and check on the intact of preventive and corrective action is inevitable. The following activities should help to assess the security status of the website:
If your website has been already blacklisted for containing Malware or links to Malware, the search engines may flag them accordingly in search results containing your website URL with a warning message. The warning message would vary with different search engines. For example,
All popular browsers may also detect malware content in the website being accessed and also to check against blacklisted websites and accordingly block access to the website. The warning message by the browsers also vary as follows:
If your infected website belongs to scenario-2, subsequent to cleaning your website for any Malware and Malware links, you need to submit “Request for Malware Review” with different search engines through different processes. This review process is a must to remove the warning messages for your website URL related search results in respective search engines.
This would be covered in detail in our next article “Request Malware Review - Process and Steps”.