Saturday, December 3, 2011
Malware is a type of software that attempts to steal your personal information or use your computer to do things that you do not intend. Malware infections quite often lead to harsh consequences, causing victim’s computer become slow or unresponsive. Malware is usually spyware, deceptive adware, etc. Common malwares are free screen savers that secretly generate advertisements, malicious web browser toolbars that take your browser to different pages than the ones you expect or could be key logger programs that can transmit your personal data to others.
Malwares affect client systems but use innocent webservers to reach a large number of clients. You may not have any evil intentions but someone might have secretly modified your web pages on your website, by injecting malicious code, insert iframes, adding links to a different website which actually hosts the malware in it or caused due to the third party ads that appear on your website. Quickly detecting malware on your website and removing it will avoid dangers to your visitors and reputation of your site.
Let us look at few ways to detect the presence of malware on your website:
Once it is confirmed that your website is infected with malware, you have to stop all advertising media on your website and make the whole site offline temporarily so further damage can be prevented until you are sure that your site is free of malware.
The first step when you find a malware on your site is to do a thorough check for more malwares. There could be other pages on your site that download and install rogue programs on the user’s computer without his/her consent. Check your server logs for any suspicious activity, like failed login attempts, remote command execution, unknown user accounts, etc.
You have to check mainly for attacks which would be the main reason for such behaviors. Your website will become more vulnerable to attacks when you are not using the latest security updates. When a hacker gains access to your website, he would modify webpages so that his malicious code gets executed and the spam links get displayed or redirect to a malicious website when people view your web pages.
Most of the hackers would not place the malware on the infected website, instead they would inject a redirect code on the legitimate website so identify such recent activity on your website where user content can be added. Discard the pages which are suspected to have malware and redesign these pages.
Update your web server software and website software, install all latest patches available. Perform manual checks instead of depending on just antivirus software because generally, the antivirus software will only check for malwares installed or present on your system.
Key prevention measures to be taken in common suspected areas for malware behavior:
Use encrypted protocols like SSH and SFTP for file transfer instead of clear text protocols like telnet or FTP. Telnet and FTP are both considered insecure, since they transmit user credentials in a way that anyone with access to the network can read, hence they are called clear text protocol. SSH and SFTP are based on an encrypted protocol which prevents network sniffing.
Use strong password policies in your website so that no one can break into user accounts and mess up.
The malware may have been inserted into your application through some vulnerability in your code. Detecting this and fixing it may be the most important step to take. This will be discussed in more detail in more articles to come in the next few issues.
Update any software you use on your web server, and make sure you are always running the most recent versions, with recent security patches. Perform regular scans on your site for security vulnerabilities using any vulnerability auditing scanners. Use security updated management tools to track down missing patches and apply those patches instantly. Actively monitor areas in your website, which is affected by user activities for suspicious links or executable files. Run webmaster tools frequently to review about any malware in your website.