The merciless malignancy of malware Part 1 (SEM 101)

The Web is an incredible place, filled with amazing media, fascinating content, and wonderful social opportunities, and there’s more of each than anyone can possibly ever consume. But unfortunately, it’s not a benign place. There are more than a few malefactors out there who actively seek to take over your computer for a variety of nefarious purposes. These purposes usually include turning your computer into a:

  • Member of their computer zombie army, available on command (and to the highest bidder) to execute massive distributed denial-of-service (DDOS) attacks on other web-based computers
  • Recorder of keystrokes so they can steal passwords to users’ online financial accounts, along with their cash and other, personal data of value to identity thieves
  • Secret, hidden repository for their stolen and hacked software and pornographic content
  • Vector for spreading their malicious software (aka malware) to other computers

The people who do this today are usually not the one-off, script kiddies of yore. These miscreants are now often very sophisticated computer software engineers who work for organized criminal groups. And make no mistake: the motive is now profit-based, not simple mischief. These hackers attempt to do all this and more by infecting your computer with a wide variety of malware.


Malware is the name for software created specifically to stealthily install, take control, and perform harmful actions on a computer without the computer owner’s knowledge or permission. Programs such as viruses, worms, Trojan horses, root kits, key loggers, malicious scripts, drive-by downloads, and corrupted program controls are today typically Internet-borne threats, much of it coming from otherwise innocent websites whose content is often secretly hacked.


Many tech savvy users know how to basically protect their computers from these denizens of the dark, but not everyone does. That lapse in universal security consciousness has to include, sad to say, some webmasters and web server hosts. When Bing crawls the Web to gather new and revised content to index, it invariably comes across malware-infected sites. While a few appear to be clear attempts to lure in unsuspecting users like a Venus Flytrap waiting for its next insect meal, a large number of sites appear to be infected from external sources (aka hackers), and the webmasters of these affected sites are almost guaranteed to be innocent victims of sabotage.


This is Part 1 of a three-part series on malware and what webmasters need to know. We’ll cover malware detection (how to tell if your site is infected), strategies and resources for cleaning up (what to do about it), and how to secure computers against the security vulnerabilities that allowed the malware to be injected there (how to stop it from coming back). We’ll also cover what to do once malware is cleaned up so that the Bing index lists your site as being clean again. Let’s get to it!


So how do you know if your site has unwittingly become a malware vector? It’s not always obvious for webmasters to tell. You can wait for victimized users to send you reports (often in the form of furiously rude complaints!), but by then who knows how many of your site’s visitors have been infected (and how many of them will come back once they determine where the infection came from)?


The search engine crawlers (aka bots) have seen it all. They see the attempted effort to inject malware in drive-by attacks as they crawl the Web. While the bots themselves don’t get infected, they do note the source of the infection attempt in their database.


Wouldn’t you like to peer into that database to see if the bot found malware on your site? Well, I’ve got good news for you. You can! Bing’s Webmaster Center tools offer a peek at what the bot found when crawling your webpages. And unlike the webmaster tools from other search engines, Bing Webmaster Center will show you if we detected malware when we crawled your pages. To get this invaluable insider’s view of your site, you’ll need to first have an account with Webmaster Center. If you don’t yet have an account, follow the instructions at Authenticate your website to set up your account and register your site(s). Note that you’ll need access to either the root directory of your website or to the source code to your site’s default page for deploying a customized authentication code that proves you are the owner of the site. This data about your website is business confidential, after all!


Once your site is registered and can be authenticated, log in to the tools, click the registered site you want to investigate from the Site List page, and then click the Crawl Issues tool tab. In the Select Issue Type drop down list, select Malware Infected. If any infected pages were detected by MSNBot, we’ll identify those pages for you by file name. Note that getting no explicit results in the Malware Infected list is not necessarily the equivalent of a clean bill of health for your entire website. That merely means we didn’t detect malware on the pages that are in the index. To see how many of your site’s pages are in the Bing index, click on the Summary tool tab, and then look at the Indexed pages field. If not every page in your site is indexed, you might remain reasonably suspicious, even with no detected malware. But if any malware was detected, consider this to be a giant red flag hoisted up high. In this case, every page on your site needs to be examined closely, especially those not indexed. A detected malware infection means your site has likely been hacked, and if your site’s security was compromised once, every page should be suspected as dirty until individually verified by you as clean.


You should also click on the Outbound Links tool tab and select the Show only outbound links to malware check box to see if you’re linking to any indexed, malware-infected pages on other sites. If so, you can protect your site’s customers by removing the link to the infected page. It’s also good form to inform your fellow webmaster of what you’ve detected on their site so they can fix the problem and you can restore the link (wouldn’t you want to know if another webmaster found something wrong with your site?).

  Implications of a positive result  

OK, so unlucky you – your site has one or more pages that were detected as infected with malware. What does this mean? Do you really need to fix it? Well, let’s address these questions by describing what Bing does with malware-infected sites.


Through the use of its malware filter and the drive-by download detection features, Bing helps protect its users against a variety of malware infections whenever possible. These protections either identify and remove malware sites from our search engine results pages (SERPs) or block access to infected URLs. If your malware-infected page does show up in the Bing SERP, the blue link to your page will be disabled. When a user clicks on the disabled link, instead of going to your page, they will see a malware warning box pop up to the right of the SERP listing. The pop up warning box looks like the following example:


A recent study at Microsoft revealed that 98% of searchers who get a malware notification will heed the warning and opt to not click the visit the website link in the warning message. That means that if your site is flagged by Bing as malware-infected, your search engine referral traffic will drop off the charts! As such, it is in your best interest as webmaster to rectify the malware issue so that you can get your search engine referral business back in gear!


In the next article of this series on malware, we’ll dive into strategies and identify resources for cleaning up a malware mess. If you have any questions or comments about malware, please feel free to post them in our General Questions forum. For regular SEM and SEO questions and suggestions, please go to our SEM forum. Until next time…

  -- Rick DeJarnette, Bing Webmaster Center