650-384-0535  |  sales@dasient.com

Already a Dasient Customer? Log in

How do websites get infected with Web-based Malware?

There are many different ways that websites can get infected with Web-based Malware. Following are just a few:

• Vulnerabilities in web applications: Hackers can use vulnerabilities in common software packages (such as blogging software, shopping cart engines, forum software, etc.) to inject malicious code onto websites.
• Sourcing in malicious content: Websites often source in content from third-party widgets or ad networks. If the hackers are able to introduce malicious content into the third-party widgets or ad networks, they are able to then infect large numbers of websites.
• Compromised FTP credentials: If the hackers are able to compromise the website's administrator credentials, they can inject malicious code onto the site as they please.
• Vulnerabilities in the network: Hackers can exploit network vulnerabilities to gain access to web servers and infect all of the websites hosted on those servers.

Does your service prevent my site from getting infected?

Dasient's Web Anti-Malware (WAM) services focus on the detection and quarantining of malware infections on websites. Given that the hackers are constantly evolving their attacks, there is no perfect preventative measure that can always block malware infections from appearing on a website. For example, if the hackers are able to acquire the web administrator's FTP password, then no preventative measure may be able to avoid the infection. Similarly, if the malware infection comes in from a "trusted" third-party widget that gets compromised, it is unlikely that a purely preventative measure would be able to stop the infection. In these cases, it is important for the website to have a mechanism to detect and contain such infections when they occur. The same model is true for PCs. Despite the presence of preventative measures such as personal firewalls, network firewalls, and email attachment scanners, viruses still manage to propagate on PCs because the hackers continue to develop new ways to evade the prevention efforts. Thus, PCs have desktop anti-virus software to continually monitor the files on the PC and quarantine any infections as soon as they are detected. Given that desktop anti-virus software cannot defend a website, it is important that websites deploy analogous detection and containment protections in the form of Web Anti-Malware.

If I don't have access to configure my web server, can I still use the Dasient WAM Quarantining service?

If you do not have access to configure your web server, you can still take advantage of the Dasient WAM Monitoring service. The monitoring service is "cloud-based" and can operate entirely from Dasient's servers, and does not require you to have make modifications to your web server. If you want to use our Quarantining service but you cannot make modifications to your web server (either because you are on a shared hosting server and/or someone else manages your server for you), then please introduce us to your web hosting provider (or managed services provider). We can work with them to deploy our Quarantining service for you.

I am a customer of the Dasient WAM Monitoring service, but I don't have the Quarantining. How do I get Web-based Malware off my site?

If a malware attack has been detected, Dasient's Monitoring service provides you with detailed diagnostic information (including a list of infected URLs and samples of the malicious code that has infected your site). With this information, many of our customers have been able to successfully remove the malicious code that has been injected onto their site. If you are unable to remove the code yourself, please send a copy of Dasient's diagnostic information to your web hosting provider or managed IT services provider. They should be able to help you manually remove the malicious code. In addition, you could also request that your web hosting provider help you deploy Dasient's Quarantining service so that any future infection can be automatically and instantly quarantined.

My site had been blacklisted, but I removed the malicious code thanks to the diagnostic information provided by Dasient's Monitoring service. How do I get my site cleared from the blacklist?

Each blacklist has a slightly different appeals process to get your site cleared. Both Google and Microsoft provide you with the ability to request a review (including a re-scan of your site) from their respective webmaster tools consoles. Norton SafeWeb asks you to verify your ownership of a site, and then you can request a re-evaluation from the Norton SafeWeb website itself. McAfee SiteAdvisor will accept site re-test requests through the user feedback form on Site Advisor's website. Depending on the blacklist source, the appeals process can take anywhere from 1 day to 2 weeks. Please visit the respective websites for more information about how to get your site cleared from a particular blacklist.

I already have anti-virus software. Do I also need Web Anti-Malware?

Dasient’s Web Anti-Malware (WAM) service is fundamentally different from anti-virus software for desktops. Traditional anti-virus software looks for malicious binaries or applications that would reside on a PC. Desktop anti-virus software does not crawl and scan entire web sites for web-based malware, even if it does notice that individual web pages may be infected. Even if you run a traditional anti-virus package on the web server where you host your website content, it focuses on protecting the web server itself from being infected, instead of protecting the users of the web site from being infected. In order to detect web-based malware, the Dasient WAM service leverages behavior-based, server scanning technology. Dasient’s system looks at how the code on a page behaves, in addition to just looking for signatures of known attacks.

What is the difference between WAM and WAF?

WAM (Web Anti-Malware) and WAFs (Web Application Firewalls) are both website security products. WAFs provide some protection against certain web application security attacks (such as SQL injection and XSS), but typically do not prevent attacks that arrive from other vectors (e.g., compromised FTP credentials, network security attacks, malicious ads, or third-party widgets). Since malicious code can get onto websites along any of these vectors, it is important for websites to employ a “defense-indepth” approach, including both preventative measures such as a WAF or vulnerability assessment and WAM to detect and contain malware infections when they do occur.

What is the difference between WAM and vulnerability assessment (VA)?

WAM (Web Anti-Malware) is complementary to VA (Vulnerability Assessment), just as it is to a WAF (Web Application Firewall). Both VA and WAF are preventative measures, and as discussed above, it is important for websites to employ a “defense-in-depth” strategy to protect their web presence. Vulnerability Assessment tools can help identify vulnerabilities in your network or your web applications. However, given the fact that malware attacks are highly mutable, and that preventative measures are not perfect, they may not be able to successfully block malware infections from appearing on websites in all possible cases. Furthermore, they would not be able to help you avoid any attacks that come in as a result of compromised FTP credentials, malicious ads, or third-party widgets. Therefore, in addition to preventative measures like VA, websites must also deploy services to detect and contain malware infections when they occur.

Get a Free White Paper

Drive-by-Downloads and Web Malware Threats

LEARN MORE »

Stay in Touch

Our Blog
read & comment

Twitter
@dasient

Copyright © 2010 Dasient, Inc. All rights reserved

Home | Feedback | Privacy policy | Terms of service
Partner Center | User Center