The merciless malignancy of malware Part 3 (SEM 101)

We’re going to diverge a bit from our regularly scheduled programming. Normally this column discusses search engine optimization (SEO) and related elements of search engine marketing (SEM), but we’re knee deep into our multi-part series on malware and we’re going to begin the wrap-up with a talk about improving computer security. However, I geeked out a bit here, and the column went a bit long (yeah, even longer than usual!), so I decided to break this last section up into two pieces. Who wants to read a white paper as a blog post? I mean, besides me? :-)

While beefing up your computer security practices won’t necessarily have a direct affect your site’s SEO performance, consider the repercussions of not doing so. Presenting a malware-infected website to your customers is a great way to ruin the integrity and conversion potential of your online business. Top tier search engines like Bing will either block a malware-infected page from showing up in its search engine results pages (SERPs) or will redirect the affected page’s link to a malware warning message. Bing presents the following warning message when searchers click its SERP link for a malware-infected page:

Since the vast majority of searchers will never opt to click through to override a malware warning from a SERP, assuming the link to the affected page is even shown in the first place, failure to quickly address detected malware infections is a great way to kill off pretty much all of your search referral traffic. And those customers who navigate directly to your site will not likely come back once they’ve determined your site was the source of their newly acquired malware infection.

In Part 1 of this series on malware, we discussed how to detect a malware infection on your website using tools like Bing’s Webmaster Center. The Part 2 post was a long discussion on the resources and strategies for identifying the types and locations of malware code that typically affect websites, and included high-level information on removing it from your site. Today’s post, Part 3, and the next one, Part 4, present altogether 10 solid recommendations on how to better secure your workstation and web server computers so that the infections don’t come back. After all, what good is it to invest time in shooing away a kitchen full of house flies when you haven’t bothered to close the screen door?

Recommended security strategies

Once malware is removed, steps need to be taken to secure your website to prevent malware from reappearing on your website in the future. Securing all of the computers involved with creating, managing, and serving your website are the keys to success. If you were infected with malware, that means your computer infrastructure has one or more security vulnerabilities that need to be addressed. The following preventive measures are key tasks that either you or your hosting provider (likely a combination of both) need to take.

1. Install and use an antivirus tool

If you have not done so yet, install and run a fully capable antivirus software tool on the computer workstation you use to develop and upload your website content. If your web server is not otherwise protected, also install an appropriate antivirus solution on it as well. A high-quality antivirus product will support scanning embedded scripts and other locally saved webpage controls used in your website’s source code for any known malware, so don’t skimp on quality and features here.

Once you have an antivirus solution installed, be sure to regularly update both the tool’s program code and its malware signature files used for detection. Most modern antivirus tools have update features built-in, but make sure the update feature is working as expected before setting it and forgetting it. If you need some convincing as to why keeping your antivirus solution updated is important, I can only refer you to the Microsoft Security Intelligence Report (to which Bing is a key contributor). And lastly, remember to use your antivirus tool! You need to regularly scan your Internet-connected computers for malware to ensure they remain clean.

Microsoft offers a free, web-based, anti-malware scanner called Windows Live OneCare safety scanner. It works on computers running Windows XP, Windows Vista, and Windows 7. It checks for and removes viruses, spyware, and other likely unwanted software, as well as detects vulnerabilities in your Internet connection. Heck, it can even be used to clean up your hard drive and tune up your computer’s performance!

Microsoft has also just released its Microsoft Security Essentials program, a new, no-cost, anti-malware solution that runs in the background of your computer and protects it in real-time against viruses, spyware, and other malicious software. Check it out.

2. Install and use an anti-spyware tool

If your antivirus solution doesn’t specifically include it (and many do these days), you should also install a good anti-spyware scanning and protection tool on your workstation (since you likely don’t surf the Web directly from your web server, this protection is likely not needed there). As with the antivirus tool, keep this tool updated and use it regularly to scan your computer for problems. The last thing you want to do is introduce malware into your web server environment from a compromised workstation!

Microsoft also offers a free antispyware tool called Windows Defender. It actively protects your computer in real-time against pop-ups, performance problems, and security threats by detecting and removing spyware and other unwanted software.

3. Use a firewall

At a minimum, you should use a software firewall utility to protect your workstation and server from external hackers. A software firewall blocks unauthorized and inappropriate network traffic to your computer. Hackers employ these techniques to take control of, and thus install malware on, your system. Many software firewall options exist, both for Windows users and users of other platforms. On your server, use the firewall to block all inbound traffic except for normal web server requests traffic and a secure access method for your webmaster site uploads from predefined computers.

To improve security further, consider installing a separate hardware firewall device between your computers and the Internet that offers, at a minimum, stateful packet inspection (SPI). Firewall devices use SPI to track the state of the network connections passing through them. Rogue or malformed TCP/IP network packets, sometimes implemented by hackers to get through weaker firewall solutions, are rejected by SPI-enabled firewalls. Application-level filter firewalls are better yet, as they work at the application layer of the network protocol stack, where they can more safely examine which network protocol is used on which port and determine whether its use is appropriate.

4. Use a secure protocol to access your web server

Standard FTP protocol doesn’t encrypt the data as it’s transmitted, so if your computer or its network has been compromised by hacker using network sniffer technologies, your web server’s logon credentials are at risk of being stolen. As alluded to in the section on firewall, using Secure FTP or Secure Shell (SSH) eliminates this potential vulnerability. Make sure you do this end-to-end, from the site developer to the webmaster and from the webmaster to the server.

5. Change and strengthen your passwords

Your computer security is usually only as good as the freshness and strength of the passwords you use to access your computer. If your passwords haven’t been changed since the days ‘N Sync was still hot, it’s time to say “Bye Bye Bye” to that. You need to implement a regimen of regularly changing your passwords. And when you do, please make them harder to guess than "password" or something else hyper-obvious. Check out the article, Create strong passwords, for helpful tips on doing this.

Yeah, you don’t need to tell me that this is inconvenient. But if you choose to skip doing this, while you might be happier temporarily, hackers will be thrilled. Static, simple passwords are easy to crack, and once hackers figure out your logon credentials, they can do anything they want to your site, including locking you out! Imagine having a hacked site and you can’t even log in to fix the problem!

More recommendations to come

We’ll continue with another five recommendations for securing your webmaster computing environment in our next post. If you have any questions or comments about malware, please feel free to post them in our General Questions forum. For regular SEM and SEO questions and suggestions, please go to our SEM forum. I’ll be back…

– Rick DeJarnette, Bing Webmaster Center

Join the conversation

14 comments
  1. Embedded Flash Player

    Very Good Articles.

  2. Alsace Web Agency

    point 4 (FTP and SSH) is very important according to me. there are lots of FTP attacks.

  3. hotels

    very good article!

  4. Anonymous

    thanks a lot it's very helpful

    very

  5. aifnet

    My clients site was hacked and a malware script was placed on all their pages. The problem I have now is after spending hours cleaning up their site I am unable to find a place to ask bing to take off the malware warning on the serps. I have resubmitted to bing, and the site has been crawled and indexed a couple of times since, but the warning is still on the serps even though the malware is not … any ideas?

  6. rickdej

    aifnet,

    You were almost there. This article is Part 3 of the malware series, and the answer to your question is in the Part 4 article. Go to http://www.bing.com/…/the-merciless-malignancy-of-malware-part-4-sem-101.aspx and scroll to the bottom of that article for the procedure for requesting reinclusion into the index.

    If you have any lingering questions about this process after attempting to request reinclusion, go to the Webmaster Center forums and post your request for assistance there. Good luck!

    Rick

  7. ksaal

    thanks a lot it's very helpful

    <p align="center"><a href="http://www.n-khvoq.com"&gt;

    <span style="background-color: #800000">نبض الخفوق</span></a></p>

  8. askpavel

    From my experience, point #4 is very important, as there are a lot of hacking attempts through FTP.

    Pavel Israelsky

    http://www.askpavel.co.il/

  9. positivek9

    It has been over 4 weeks since contacting Bing Support and Bing is still showing a Malware Warning on over 800 URL's, which in turn Yahoo shows a Dangerous Download warning on the same URLs. At one point Bing started to remove the warning…2 weeks into their "investigation". But all of the warnings are back. We have lost tens of thousands of dollars in sales, since we suspect our URLs were tagged earlier this year, without our awareness. We have been an online business for over 4 years, our site and sever has been repeatedly checked and there is NO Malware. The same URLs appear in Bing Shopping with no warning, so it makes no sense why the same URLs in search would be tagged. Bing Support keeps giving me the run-around and the same pat replies. 3-8 weeks at the first contact.. again told 3-8 weeks the other day in an exact same email when I contacted them.. I have asked for an explanation as to why the warning is there and what part of the code could possibly be triggering it, and they refuse to answer. What resource does a company have to combat this? No company, Bing or Yahoo have the right to defame a business in this manner. Google loves our site and it shows as a SAFE site when ran through their site checker. Any advice would be welcome.

  10. Botox Injections

    Was wondering what additional measures can be taken.  On my site I don't have any particular anti-malware software installed.

    However I have all the software you mentioned installed on my PC: antivirus, firewall, anti-spyware (I use AVAST and it is kept up to date).

    Recently I've been trying to add a verisign seal to my site, however I still haven't received it.  I haven't had any luck contacting them.  I know that as part of their scan they check for malware… I constantly see a "scan in progress" and it's been over a week now.

    Is there any anti-malware software that I can install no my web server to make sure that the process goes smoothly?

    The address is:

    http://www.botoxtelaviv.co.il

  11. Stuart1980

    Although being almost 3 years old, this post is most relevant today.

    My site has been slightly damaged by malware and after taking care of the problem, used this post to take new and improved security measures for my site.

    Thank You

    http://www.actvtec.co.il/

  12. firebird1354

    positivek9 10/2/2011 7:29 PM – Their Comment above is still happening as of March 14, 2013. I have checked my client's website with the GOOGLE Malware Tool and also with a WEPANET Tool my Client's website is clean. I have filed a complaint with th BBB of WA. I have been a web designer, since 2001. I am a Gold VIP reseller for Network Solutions & a Value Added reseller for Earthlink. I have designed and developed over 100 websites, since 2001. All of my web sites have been respectable websites. I pride myself on developing my client's websites to get them on the 1st page of both YAHOO (Bing) and GOOGLE, which I have always been able to accomplish.

    This is the first time in 12 years that I am having an issue with YAHOO. My client's Cleaning Services is a small home based business of a young woman in her late 30s. Her website went online last February 2012. If you search for cleaning services Lehigh Valley PA she is number 1 in both YAHOO & GOOGLE. YAHOO Canada and GOOGLE have no problem with her website. Since YAHOO (Bing) has updated their search engine, they place a WARNING DANGEROUS DOWNLOADS in front of her website name. They are saying that there is MALWARE associated with her site, which in NOT TRUE. I have contacted Earthlink and they have assured me that with their UNIX servers, there is no chance of MALWARE affecting any of my hosted websites.

    I have also check my client's website in GOOGLE's Safe browsing site the results are as follows: Diagnostic page for http://www.jenscleaningservices-lehighvalley.com

    What is the current listing status for http://www.jenscleaningservices-lehighvalley.com? This site is not currently listed as suspicious.

    Has this site acted as an intermediary resulting in further distribution of malware? Over the past 90 days, http://www.jenscleaningservices-lehighvalley.com did not appear to function as an intermediary for the infection of any sites.

    Has this site hosted malware? No, this site has not hosted malicious software over the past 90 days.

    My complaint is that Microsoft BING has sent numerous emails stating that they will resolve the issue in 4 weeks that is a full month with this negative WARNING on my client's site. I have threatened with a lawyer to no avail. Cannot speak to live person.

    Desired settlement:

    I need to have them remove this WARNING from my client's website before 4 weeks. I do not want to proceed with a lawyer, which would be a lengthy & expensive process. I want to speak to a live person, the only way to speak to a live person is to buy a service from them, and enter your account number. By placing this warning on my client's site, it seems like they are forcing me to buy a service to resolve this problem, as the emails state this will remain for 4 weeks. This company is TERRIBLE!

  13. Duane Forrester

    Have you submitted a ticket to the support email, firebird?  I suspect yes since you say we've sent emails to you with an expected resolution.  If not, here is the link: support.discoverbing.com/eform.aspx

    Are you aware that if her site is linking to another site that has issues, we may flag her's as well.  We've documented that here on this blog plainly. http://www.bing.com/…/getting-flagged-as-malware-some-insights.aspx

    At the bottom of the home page are sites being linked out to, so if one of them has an issue, we flag all sites that could show in the results and lead a searcher to the malware, etc.  So, while the malware may not, in fact, be on her site, if she's a direct path to a server which is hosting malware, we'll trigger a warning her site.

Comments are closed.