Bing blogs

This is a place devoted to giving you deeper insight
into the news, trends, people and technology behind Bing.

Webmaster Blog

November
11

Getting flagged as malware? Some insights.

Malware.  Just mention the word and watch people cringe in fear.  No one likes it and most seek to even avoid saying the word out loud, lest they be stricken by something nefarious.  The topic should not be taken lightly, as getting infected with malware can have dire consequences.  From your brand being tarnished to identity theft, nothing involving malware is a joke.

Which is why it’s taken so seriously by the search engines.

In fact, you’ll notice, inside your Bing Webmaster Tools account, we even post alerts to you if we think your site is associated with malware in some way.  The next step, announced last week, is to send you email alerts when we flag a URL on your site for malware, making sure you have the best chance possible of seeing this important information as fast as possible.

To get the alerts via email, make sure you’ve enabled your account to receive emails.  When you log into your account, look to the left and you’ll see the SETTINGS > Preferences option – click this and you’ll see the information below.   Make sure to fill in an email address you frequently check, otherwise we will email the LiveID associated with your account.  These emails do you no good if they go to an account you don’t check. 

You have to explicitly check the box stating you would like to receive communications from Bing Webmaster tools.  Our privacy policy is handy, but the nuts and bolts are that we won’t be sending you advertising and we won’t share the email with anyone.

Tell us the frequency of emailing you’d like to see, then be sure to select the types of alerts you want to be notified of from the list provided.  Finally, hit the Save button at the bottom.  You can change these settings at any time.

Now, if we see malware associated with your website, you’ll receive not only the alert message inside your tools account, but we’ll also send an email to the account you provided.

Why we flag for malware

The answer might seem obvious, but the reason we scan sites for malware is to protect searchers.  It won’t do us any good to send searchers to a formerly trustworthy site to have the searcher’s computer infected with malware.  That is very bad for business.  In fact, we will even go so far as to remove a listing from the index if that’s what it takes.

Some instances of being flagged for malware aren’t so clear cut, however.  From time to time we encounter scenarios where the site itself is trustworthy, but something the site is associated with, such as an advertising network, may have been flagged for malware.  If your “partner” still has the issue, we’ll flag your listing to ensure searchers remain protected.  If the ad network, in this example, has cleaned up the issue, the flag may still trigger (and thus an alert appears), but we’ll leave the result in the index as we know the threat is passed and the alert from an older instance.
Now, it’s often not as simple as something being infected or not.  While offending code can be easily removed, we have to gain trust again, which is never easy.  If the offending code can be easily removed, it can just as easily be placed back in when we reinstate links within a result. 

What this all boils down to is if you’re seeing a malware alert in your account, don’t panic.  It may not in fact be your site that is infected.  It may be a service you’re using to port something into your website, like the ad network mentioned above.   

The point is you needn’t panic, but you should investigate.  If you see the warning, and know your own site is clear, check the Search results.  Are you still appearing there?  If yes, you can ratchet down the anxiety another level.  But get started investigating on what’s causing the flag, and don’t forget to look to service providers you are connected with.  Being flagged for malware for a short period of time will generally not interfere with your ranking, as we understand it’s usually not a webmaster’s fault.

Step one, though, is to make sure you’re able to get the email alerts.  Sign up for an account, enable the functionality and we’ll keep you looped on anything we find.

Comments

  • Thanks.  Looks like getting tagged as a malware can be avoided.

  • Hey Why i can not see this all i verify my account also i can not get this report why?

  • Our site was flagged for malware in November. It's been nearly three months since we sent in a trouble ticket asking for an explanation, but we still have not received any feedback. For every email alert we receive we check the page for malware. We also check every outbound link on those pages that are flagged.  We've never been able to find a single instance of malware on any page of ours or any outbound link and we're just stumped...and very disappointed. Our site is one of the top 250 sites in the US, has been around since 2006, and because Bing serves traffic to Yahoo and Facebook, combined we're losing over 25K visits every day that this continues.  We're a small but growing business, and this is costing us dearly. We're willing to do anything to get this fixed -- but as of yet, we're stuck clueless on how to proceed.

  • Hey michael123, I also got the malware infection flag back in November... must have been something in the air!! I reported it and they did research and fix it as of 01/17/12 so, don't give up hope!!

  • Two of our Wordpress sites were recently flagged by Bing for malware. I carefully examined the code and could find nothing; then I ran some scans by a number of online services including Qualys, all of which came up with nothing. We have very few links on our site but I checked them and they are not flagged. We don't run any advertising. We do have links to Facebook, Twitter, LinkedIn, etc. but I assume they are not flagged by Bing. Google has not found any malware on any of our sites. When I go into Bing Webmaster tools to the crawl details page, it says there are zero instances of malware on our site. I submitted a support ticket and have not received a response so far.

    I am disappointed in Bing, and not only for this. Even before the malware tag, we got almost no traffic from Bing even though we are running Microsoft ads-- we were getting something like 1/100 of the traffic we get from Google. We set up a Bing local listing, but you can't even find it if you do a search-- unlike Google places where it comes right up in the search results.

    We would like to give Microsoft an opportunity to challenge Google's monopoly on Internet search but as a webmaster with about 20 live sites, I am not seeing the results and this malware tag and lack of response has caused me to question whether it's worth bothering with Bing at all.

  • It's very frustrating seeing that Bing has identified Malware on every page of my Wordpress based site.  I have no idea what is causing this, but sucuri.net indicates that the site is clean, and I cannot see any obvious Malware on the site.  Google Webmaster Tools does not flag it as infected either.

    That leaves me with advertisers and links that appear on every page.  Since the site is very similar to 3 others that I have which Bing says are clean, and this one uses the same Wordpress theme, but a few subtle differences, that really limits my search.

    I have looked at all links on the page source, visited all sites listed in the sidebar to see if they are flagged as Malware by Bing, and they are not, which leaves me at a loss as to exactly what is causing the site to be flagged.

    It's a bit like having a copy of the Bible reviewed and being told you have a spelling error, but not told which word or what it is...

    Should I resubmit the site, and if so am I likely to just receive the same message telling me that the site is infected?

    Is there any way to identify what is causing the site to be flagged as having Malware, other than going through the page source again and again?

  • It's very frustrating seeing that Bing has identified Malware on every page of my Wordpress based site.  I have no idea what is causing this, but sucuri.net indicates that the site is clean, and I cannot see any obvious Malware on the site.  Google Webmaster Tools does not flag it as infected either.

    That leaves me with advertisers and links that appear on every page.  Since the site is very similar to 3 others that I have which Bing says are clean, and this one uses the same Wordpress theme, but a few subtle differences, that really limits my search.

    I have looked at all links on the page source, visited all sites listed in the sidebar to see if they are flagged as Malware by Bing, and they are not, which leaves me at a loss as to exactly what is causing the site to be flagged.

    It's a bit like having a copy of the Bible reviewed and being told you have a spelling error, but not told which word or what it is...

    Should I resubmit the site, and if so am I likely to just receive the same message telling me that the site is infected?

    Is there any way to identify what is causing the site to be flagged as having Malware, other than going through the page source again and again?

  • How long does it take until my malware flag gets removed? It's been a week since I've cleaned all the malware.

    Thanks !