Recent statistics released by Dasient show there has been a rise in malware being hosted on web sites – many of these sites are unknowingly spreading the malicious software. Dasient states that over 640,000 web sites are infected with malware.
Blacklisting by Google
As a result of this sudden rise, Google’s blacklist of infected sites has doubled over the past year. How does a site end up on Google’s blacklist? There are several reasons for Google to blacklist a site but in as far as how it pertains to malware, the culprit is doorway pages.
Parading as a doorway page
A doorway page is a page created specifically for search engines. Anyone visiting a doorway page would be completely unaware of it as they are designed to be invisible to the regular visitor. These doorway pages are keyword rich specifically targeting each search engine. The malware being placed on unsuspecting web sites creates exactly this type of blacklisted action.
How malware is placed within the site
Exactly how are these pieces of malicious software being placed into unsuspecting web sites? They are created using javascript and iframes and are inserted into web site advertisements or even widgets. In the case of infected advertisements, the ads are designed in such a way as to fool the average user. The usual modus operandi is to pop-up and flash a warning that the user’s computer might possibly be infected. Once the unsuspecting user clicks on the ad in any way (either by clicking “OK” or “Cancel”), they are immediately redirected to a web site that sells anti-virus software. The reality is the user’s computer is perfectly fine and they have been a victim of “scareware”.
How to prevent malware attacks
How can web site owners prevent their web sites from being attacked by malware creators? One straight forward way to fend off possible attacks is to not use javascripting within the web site. Another simple tactic is to remove any PHP scripting that requests user input. This can often be used to use SQL injection tactics. Placing tighter security rules within the server PHP.ini and htaccess files is also a very good step.
How to repair if already attacked
What if a web site has already been attacked? If the web site is small, a file by file clean-up can be done. A thorough search of each file for any unwanted javascript code or iframe coding will have to done. However, if the web site in question is rather large and extensive, contracting a service that specializes in web site malware removal may be the best option. There are a few places that can be found on the web that would be able to help should a web site already have this malware infection.
Conclusion
All told, it is a good practice to eliminate javascript and PHP coding that requests user input. Continuous vigilance over the security of one’s web site, unfortunately, is a fact of life.
