Bing blogs

This is a place devoted to giving you deeper insight
into the news, trends, people and technology behind Bing.

Webmaster Blog

September
11

The merciless malignancy of malware Part 1 (SEM 101)

The Web is an incredible place, filled with amazing media, fascinating content, and wonderful social opportunities, and there’s more of each than anyone can possibly ever consume. But unfortunately, it’s not a benign place. There are more than a few malefactors out there who actively seek to take over your computer for a variety of nefarious purposes. These purposes usually include turning your computer into a:

  • Member of their computer zombie army, available on command (and to the highest bidder) to execute massive distributed denial-of-service (DDOS) attacks on other web-based computers
  • Recorder of keystrokes so they can steal passwords to users’ online financial accounts, along with their cash and other, personal data of value to identity thieves
  • Secret, hidden repository for their stolen and hacked software and pornographic content
  • Vector for spreading their malicious software (aka malware) to other computers

The people who do this today are usually not the one-off, script kiddies of yore. These miscreants are now often very sophisticated computer software engineers who work for organized criminal groups. And make no mistake: the motive is now profit-based, not simple mischief. These hackers attempt to do all this and more by infecting your computer with a wide variety of malware.

Malware is the name for software created specifically to stealthily install, take control, and perform harmful actions on a computer without the computer owner’s knowledge or permission. Programs such as viruses, worms, Trojan horses, root kits, key loggers, malicious scripts, drive-by downloads, and corrupted program controls are today typically Internet-borne threats, much of it coming from otherwise innocent websites whose content is often secretly hacked.

Many tech savvy users know how to basically protect their computers from these denizens of the dark, but not everyone does. That lapse in universal security consciousness has to include, sad to say, some webmasters and web server hosts. When Bing crawls the Web to gather new and revised content to index, it invariably comes across malware-infected sites. While a few appear to be clear attempts to lure in unsuspecting users like a Venus Flytrap waiting for its next insect meal, a large number of sites appear to be infected from external sources (aka hackers), and the webmasters of these affected sites are almost guaranteed to be innocent victims of sabotage.

This is Part 1 of a three-part series on malware and what webmasters need to know. We’ll cover malware detection (how to tell if your site is infected), strategies and resources for cleaning up (what to do about it), and how to secure computers against the security vulnerabilities that allowed the malware to be injected there (how to stop it from coming back). We’ll also cover what to do once malware is cleaned up so that the Bing index lists your site as being clean again. Let’s get to it!

Detection

So how do you know if your site has unwittingly become a malware vector? It’s not always obvious for webmasters to tell. You can wait for victimized users to send you reports (often in the form of furiously rude complaints!), but by then who knows how many of your site’s visitors have been infected (and how many of them will come back once they determine where the infection came from)?

The search engine crawlers (aka bots) have seen it all. They see the attempted effort to inject malware in drive-by attacks as they crawl the Web. While the bots themselves don’t get infected, they do note the source of the infection attempt in their database.

Wouldn’t you like to peer into that database to see if the bot found malware on your site? Well, I’ve got good news for you. You can! Bing’s Webmaster Center tools offer a peek at what the bot found when crawling your webpages. And unlike the webmaster tools from other search engines, Bing Webmaster Center will show you if we detected malware when we crawled your pages. To get this invaluable insider’s view of your site, you’ll need to first have an account with Webmaster Center. If you don’t yet have an account, follow the instructions at Authenticate your website to set up your account and register your site(s). Note that you’ll need access to either the root directory of your website or to the source code to your site’s default page for deploying a customized authentication code that proves you are the owner of the site. This data about your website is business confidential, after all!

Once your site is registered and can be authenticated, log in to the tools, click the registered site you want to investigate from the Site List page, and then click the Crawl Issues tool tab. In the Select Issue Type drop down list, select Malware Infected. If any infected pages were detected by MSNBot, we’ll identify those pages for you by file name. Note that getting no explicit results in the Malware Infected list is not necessarily the equivalent of a clean bill of health for your entire website. That merely means we didn’t detect malware on the pages that are in the index. To see how many of your site’s pages are in the Bing index, click on the Summary tool tab, and then look at the Indexed pages field. If not every page in your site is indexed, you might remain reasonably suspicious, even with no detected malware. But if any malware was detected, consider this to be a giant red flag hoisted up high. In this case, every page on your site needs to be examined closely, especially those not indexed. A detected malware infection means your site has likely been hacked, and if your site’s security was compromised once, every page should be suspected as dirty until individually verified by you as clean.

You should also click on the Outbound Links tool tab and select the Show only outbound links to malware check box to see if you’re linking to any indexed, malware-infected pages on other sites. If so, you can protect your site’s customers by removing the link to the infected page. It’s also good form to inform your fellow webmaster of what you’ve detected on their site so they can fix the problem and you can restore the link (wouldn’t you want to know if another webmaster found something wrong with your site?).

Implications of a positive result

OK, so unlucky you – your site has one or more pages that were detected as infected with malware. What does this mean? Do you really need to fix it? Well, let’s address these questions by describing what Bing does with malware-infected sites.

Through the use of its malware filter and the drive-by download detection features, Bing helps protect its users against a variety  of malware infections whenever possible. These protections either identify and remove malware sites from our search engine results pages (SERPs) or block access to infected URLs. If your malware-infected page does show up in the Bing SERP, the blue link to your page will be disabled. When a user clicks on the disabled link, instead of going to your page, they will see a malware warning box pop up to the right of the SERP listing. The pop up warning box looks like the following example:

A recent study at Microsoft revealed that 98% of searchers who get a malware notification will heed the warning and opt to not click the visit the website link in the warning message. That means that if your site is flagged by Bing as malware-infected, your search engine referral traffic will drop off the charts! As such, it is in your best interest as webmaster to rectify the malware issue so that you can get your search engine referral business back in gear!

In the next article of this series on malware, we’ll dive into strategies and identify resources for cleaning up a malware mess. If you have any questions or comments about malware, please feel free to post them in our General Questions forum. For regular SEM and SEO questions and suggestions, please go to our SEM forum. Until next time…

-- Rick DeJarnette, Bing Webmaster Center

Comments

  • I enjoyed this very article. My PC was compromised sometime ago, when I was using an antivirus/antispyware program that couldn't detect much malware. Apparently I got the malware from sites I visited, and since I used the same PC to work on my sites, my sites login details were compromised.

    The perpetrator planted malicious iframes on every HTML page footer of my sites. And the hidden iframes in turn loaded some scripts from his/her site. That was my first dance with malware and I learned a lot from that ugly experience.

  • You have a bad link in your article. The link www.bing.com/.../webmaster should be http://www.bing.com/webmaster

  • BG Mahesh, very observant of you to spot the broken link. I hope someone here with the proper right will amend it.

  • that's why i use the yahoo anti-spyware toolbar. so i dont get them virues on my laptop.

  • This indeed is a valuable post. So much harm can be done through the use of such malwares. I am sure such culprits, when caught, should be treated like other criminals as they attempt to spreead so much destruction online.

    next-world-war.blogspot.com

  • BG Mahesh, very observant of you to spot the broken link. I hope someone here with the proper right will amend it.

  • thanks for these details about malwares.

  • Great article, but how about some recommendations on the best malware detection tools to use regularly? I am using Malwarebytes and AVG anti virus. So far, I'm ok... Is this good enough protection?

  • It would be nice if we were actually able to add sites to the webmaster tools. I've been trying to add http://storage-news.com/ for two days now, but all I get are error messages instead of the "add site" form. Your forum is also filled with people having this problem, so you might want to have a look at that.

    Oh, and while you're at it, how about a spam filter for your comments?

  • here is some useful tips for removing malware from website. www.myhtmlworld.com/.../iframe-attack-on-websites.html

  • here is some useful tips for removing malware from website.;

    what :S

  • Great article! And so true - anyone who has had a server infected would tell - its not an easy mess to clean up and sufficient warning for the webmaster is certainly helpful!

    A question though - is this crawl information available via an API? In fact is any of the webmaster tools info available through the API?

  • I enjoyed this article. thanks for detail about malwares.

  • An excellent article. I've followed the advice from beginning to end (it's all good, fortunately) and will now keep a wary eye out for malware.

  • thanks for sharing the information!