When an infection is indeed found, there are still ways to remove it. Janus said if there are any symptoms of possible infection, the website has to be deactivated until the problem has been resolved. This is really essential, as every moment of delay acts in favor of the cybercriminals, exposing more potential victims to the problem and spreading the infection over the Internet. The administrator also needs to check the server logs to see if there are any suspicious activities, like strange requests from IP addresses located in unusual countries, and so on.
Other methods of fighting malware in an infected site include backing up content, website scanning using online or installed security applications, and manually removing them. The latter method is one where the website administrator needs to be very careful with. This means having to look at all the codes in their website and finding out codes that look obscure and unreadable.
"Code obfuscation is a common technique for malware writers and it's relatively unusual for any other website-related software. If you haven't obfuscated the code yourself, you have every reason to be suspicious about it. Do be careful, though -- not all obfuscated code will prove malicious!" Janus said.
Website security basics
Nothing beats having all the preventive measures than just the cure for malware attacks. Janus emphasized on a number of basics that website administrators must have if they are to ensure the safety and security of their websites and their visitors:
Use of strong passwords
However trivial it may sound, this really is the foundation of server security. Passwords should not only be changed after any malware incident and/or attack on the server -- you should change them on a regular basis - say, once a month. A good password should meet specific criteria.
The next thing to remember is to perform regular updates. Cybercriminals tend to exploit vulnerabilities in software, no matter whether the malware is aimed at PC users or at websites and web servers. All the software that you manage from your server account should be the newest possible versions and every single security patch should be applied as soon as they are released. Keeping all software fully patched and up-to-date will decrease the risk of an exploit-based attack. A regularly updated list of known vulnerabilities can be found on http://cve.mitre.org/
Creating frequent backups
Having a clean copy of server content will certainly save you a great deal of time and effort -- not to mention that a fairly recent backup may prove very useful when dealing with other problems, as well as infection.
Regular file scanning
Even if there are no visible infection symptoms, it's good practice to scan all server files once in a while.
Sign up for CIO Asia eNewsletters.