Malware Re-Evaluation

Every day there are thousands and thousands of sites on the web — many of them owned by webmasters like yourself — that unknowingly are infected by malware. Often, this happens because of some vulnerability that allowed a malware distributor or hacker to take control of the site. In turn, the security of unsuspecting visitors to these sites is at risk. To protect and warn our users from this risk we automatically scan the web to look for web pages that have been infected. If Bing detects that a site is willingly or unwillingly serving malware or other harmful elements that put our searchers at risk, we will tell our users that the page they are trying to navigate to from our results could be dangerous. In addition, the webmaster of the site receives a notification in the form of a Malware Alert in Bing Webmaster Tools.

If you're seeing warnings on results from your site in Bing (and Yahoo! for that matter) and you haven't signed up for the Bing Webmaster Tools and verified ownership yet, please sign up to get additional information about the harmful elements we discovered on you site. Bing Webmaster Tools is the only place that allows you to submit a re-evaluation request once you have cleaned your site.

What should I do if my site has malware?

If your site has been infected by malware, please follow these steps:

  1. Clean your site
  2. Ensure that vulnerabilities that allowed your site to get infected in the first place have been addressed
  3. Once you are sure that your site is clean and all vulnerabilities have been fixed, login to Bing Webmaster Tools and navigate to the Malware tool, located under Security.
  4. In the Malware tool, click Request a Review to start the review process.

Getting Malware Information in Bing Webmaster Tools

If your site has pages that contain harmful elements, we will provide you with a sample set of URLs for which our scans detected issues in the URLs with Malware table. For each sample page we will show the URL, the type of issue we discovered, and the date when the issue was last detected and the last scan date. There are two over-arching issue categories:

  1. Malware found on the page: the issue is immediately present on the page with the reported URL
  2. Malware reference found on the page: the issue is present on a resource linked or associated with the page

In those categories, there are several issue types we report:

Issue Short Description Description
Malware Network Reference Reference to known malware distribution network detected. This could be via inclusion of an iframe or frame tag, an embedded object, or a script tag.
Browser Exploit Malicious browser exploit detected, causing unsolicited execution of malicious, external code.
Malicious JavaScript Malicious JavaScript detected embedded in page or one of its attached scripts or frames. This could include code facilitating a redirect to a known malware distributor, behaviors matching those from known exploit kits, or browser exploit code.
Malicious ActiveX Malicious activity detected via ActiveX interactions.
Heapspray Potential preparation for a browser exploit detected via a heapspray. Heapspraying is a technique used in exploits to facilitate arbitrary code execution. The exploit can force the application to read this address from the sprayed heap, it can control the flow of execution when the code uses that address as a function pointer and redirect it to the sprayed heap.
Malware Found on Adjacent Pages URL is a part of malware container (e.g. a folder or sub-domain).
Malware Reported by External Source Malware was reported by external sources.

Additionally, if your site has been flagged due to vulnerabilities on linked pages, we provide the option to Request a Review at a page level.