Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Tips on recognizing and defeating website malware

Computerworld Philippines staff | Nov. 27, 2012
The Internet is already a general service in the Philippines, benefiting nearly 30 million Filipinos for everything from looking for a place, reading news, shopping and connecting with others through social networks.

The Internet is already a general service in the Philippines, benefiting nearly 30 million Filipinos for everything from looking for a place, reading news, shopping and connecting with others through social networks.

Lately, however, virus authors have been creating malicious software that is specifically targeted to infect websites. The idea is to infect a website and let the infection spread by infecting the PCs of the site's visitors. Unfortunately, website administrators might not know their sites are infected.

Marta Janus, Security Researcher at Kaspersky Lab, a leading developer of secure content and threat management solutions, said in a report there were incidences of website owners complaining that a Kaspersky Lab product incorrectly blocks access to their portal and it must be a false alarm as they do not host any malicious content.

"Unfortunately, in most cases they are wrong and malicious scripts can indeed be found within their websites, injected into their sites' original code," said Janus

"These scripts redirect visitors to malicious websites. In most cases, the execution of malware is completely invisible to the user, who sees the website appearing to operate as usual," she said.

This is a result of drive-by download where the computer becomes infected just by visiting a website which contains malicious code.

Malicious code exploits vulnerabilities in software running on the user's computer (like Java, Flash, PDF viewers, browser plugins, etc.) to silently install itself on an attacked machine.

Janus said that the cybercriminals who created the codes have different evil goals. These include widening their targets for spamming and phishing, stealing content and passwords, hijacking Internet traffic, promoting illegal activities, among others.

"Generally speaking, there's nothing new here. It's indirect financial gain that drives cybercriminals to infect websites," said Janus.

Identifying the culprit

There are ways for website administrators to identify if their website has been infected. Among the most obvious ones are:

1. users complain that the website is blocked by the browser or security software

2. website is blacklisted by Google or added to some other database of malicious URLs

3. significant change in traffic and/or drop in search engine rankings

4. website doesn't work properly, displays errors and warnings; and

5. after visiting the website, computers show strange behavior.

The infections usually remain unnoticed for a long time, often because of the level of sophistication of the malware. Some of these malware's codes are usually obfuscated or obscured, thus misleading the administrator that their website is still clean.

"If you do not notice any of the above mentioned symptoms it's a good indication that your server is clean, but always be on alert for any suspicious activities," Janus warned.

Cleaning tools

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.