Home > SEO News Blog > More Malicious Malware Maladies

Translate:

Latest SEO Articles:

Speaking At:

Follow Us:

Hear Us On:

Blog Partner Of:

Helping Out:

Archives

RSS

Top Posts

Beanstalk's SEO News Blog

At Beanstalk Search Engine Optimization we know that knowledge is power. That's the reason we started this SEO blog. We know that the better informed our visitors are, the better the decisions they will make for their websites and their online businesses. We hope you enjoy your stay and find the SEO news contained within this blog useful.

June 20, 2012

More Malicious Malware Maladies

I wrote on Monday about what to do if your website is hacked. In that post Matt Cutts states that besides "clear-cut black-hat webspam" the second largest category of spam that Google deals with consistently is that of hacked websites.

In a new post today, Google shared some interesting stats regarding how many sites are infected with malware and what they are doing to protect users from it.

Google discovers 9,500 new malicious websites every day.
Google displays the hacked or compromised warning on about 12-14 million Google Search queries per day.
Google sends out thousands of notifications daily to webmasters.
Google send thousands of notifications daily to Internet Service Providers.

It has been five years since Google announced their malware and phishing protection with their Safe Browsing effort. The goal of this initiative was to protect people from malicious content on the Internet.

Google realizes of course that these are not completely solvable problems since new threats continue to emerge and evolve. They highly recommend (and so do I) reviewing their Safe Browsing page for ways to help prevent your site from becoming infected.

SEO news blog post by guestpost @ 11:19 am

Categories: internet security
Tags: malware, phishing, trojan, virus —

June 18, 2012

“My Site Was Hacked….Now What Do I Do?”

I was reading a blog post from Matt Cutts in which he gave us an excellent reminder about dealing with hacked sites. Cutts states that besides “clear-cut black-hat webspam” the second largest category of
spam that Google deals with consistently is that of hacked websites.

Preventing Malware Infection

This article contains tips and pointers for preventing malware infection. However, it is by no means exhaustive, and Google encourages encourage webmasters to conduct more thorough research as well.

Cutts reminds us that the best way to protect yourself against having your site hacked is to keep your web server software up to date and install the most current patches. This is an easy fix that can help prevent major downtimes associated with the time involved to repair the hack. Another common method of hacking is to use malware.

hacked page

Malware

Malware is a blanket term describing the use of malicious software written to specifically harm a computer or on a network of computers. Common types of malware are viruses, spyware and Trojan horses. Once a computer or network is infected by malware and had been compromised, the machine(s) are usually used to host phishing site, or used to take administrative control over the site(s) infected.

Phishing

Often hackers will change the content of the site for to add spam or add new pages to the site with the intent of phishing, which is an attempt to trick individuals into divulging their personal or banking information for their own nefarious purposes.

How Do I know if My Site is Infected?

If your site has been hacked, it is normally because an attacker has managed to find vulnerability on your web server that has allowed them to take control of your website. In most instances, this is in order to install malicious software that either allows access to the infected computer, or as an attempt to steal personal data or banking information.

Google reminds us that the easiest way to detect problems with your site and possible hacks of your site is to use their Google Webmaster Tools. Once you verify your account, you can see if Google has detected malware on your site.

Google’s reports are based on the guidelines established by stopbadware.org, but admit that they have their own set of criteria, procedures and tools to identify hacked sites. They also state that in some cases, third parties manage to insert malicious code into legitimate site causing the warning message to show.

Google automatically scan website to determine if a hacker has inserted malware into your site and will list your site as being “infected” in the search results in order to alert others. This designation that your site is infected in based solely on the content of the affected page and not dependent on your site’s reputation or you as a webmaster.

If you site is infected, follow the following steps established by Google:

Quarantine your site
- Take your site down immediately
- contact your web hosting provider
- chane all passwords and user accounts
Assess the damage
- Visit the Google SafeBrowsing diagnostics page for your site (http://www.google.com/safebrowsing/diagnostic?site=www.example.com)
- Scan your site with an up-to-date anti virus program that scans for malware
- Check the Malware page in Webmaster Tools
- Use the URL Removal tool in Webmaster Tools to request removal of hacked pages or URLs. This will prevent the hacked pages from being served to users.
- Report phishing pages to the Google Safe Browsing team.
- Use the Fetch as Google tool in Webmaster Tools to detect malware that might be hidden from the users’ browsers, but served to Google’s search engine crawler.
- Review the antiphishing.org recommendations on dealing with hacked sites.
- If you have other sites, check to see if these have also been hacked.
Clean up the site
- Update any software packages to the latest version. Google recommends doing a complete reinstall of your OS from a trusted source to be sure that you’ve removed everything the hacker may have done. Also make sure to reinstall or update blogging platforms, content management systems, or any other type of third-party software installed.
- Once you feel confident that your site is clean, change your passwords again.
- Get your system back online. Change your server’s configuration so that it no longer returns a 503 status code and perform any other necessary steps to make your site publicly available.
- If you used the URL Removal tool to request removal of any URLs that are now clean and ready to appear again in search results, use the same tool to revoke your request.
Request a review of your site from Google
- On the Webmaster Tools Home page, select the site you want.
- Click Site Status, and then click Malware.
- Click Request a review.

Requesting a Malware Review

Once you’re sure your site is free from any infected code and content, you can request a malware review.

For complete details of the detection, removal and reviewing of your site, please refer directly to the Google page here: http://support.google.com/webmasters/bin/answer.py?hl=en&answer=163634

“If you feel your site has been mistakenly identified, or if you make changes to your site so that it no longer hosts or distributes malicious software and you secure your site so that it is no longer vulnerable to the insertion of badware, you can request that your site be reviewed here.”

SEO news blog post by guestpost @ 1:05 pm

Categories: internet security
Tags: adware, malware, phishing, trojan, virus —

July 7, 2011

Google is taking out the trash

For some time now the “free hosting” Korean company Co.cc has been a target of malware, phishing, and large volumes of spam content.

Over at Google I can picture a hand full of their best ‘whack-a-mole’ admins looming over activity from .co.cc sites.

It’s anyone’s guess what kind of resources this one company has tied up over at Google (and other search engines) but I’m going with “too much” as my guess. When you consider that most of the results are spam, and the rest are mainly malware and phishing attacks, it shouldn’t be a shock that Google has done us all a favour and just blocked the whole *.co.cc stream from showing in the search results.

Sadly, spammers will be spammers and already I can see http://jzp.cc/ is acting as a portal to .co.cc sites and Google is currently showing these sites in their search results.

Wait, I see the problem! Going to need a bigger hammer!

The very unpleasant problem with this tactic is that the spam tends to just squish around, like a full diaper. The .cc TLD belongs to the Cocos Islands in Australia and while there are legit sites on that domain, the figures from the Anti-Phishing Working Group in 2010 are quite amazing. In the latter half of 2010 .cc domains accounted for almost five thousand phishing attacks in that time period!

While the percentage of good sites in the .cc realm might be questionable Google is effectively removing over 11 million registered domains run by almost 6 million users! My personal guess is that the block will stay up for some time, and once the spam has shifted elsewhere, we’ll silently see .co.cc domains back in the search results.

Google has stated they aren’t above blocking an entire bulk sub-domain in the past, they have clearly proven they will follow through, and I expect them to continue to do this as companies lose control of the content from their users.

The best way to fight spam is at the user level. Do you purchase anything that was ‘spammed’ at you? Are you rewarding people who put things on-line for your review, or are you spending money on things that are forcefully presented to you without solicitation? If the only way to make a sale is to respect the customer, retailers wouldn’t spam us because they would shoot themselves in the foot. As the consumers in this ecosystem of commerce, the matter is entirely in our hands if we so choose.

SEO news blog post by Ryan Morben @ 6:14 pm

Categories: Google,internet security,Search Engine News,web hosting
Tags: .co.cc, freehosts, malware, phishing, spam —