Website Security: Malware & Blacklisting
Matt Wilson
Front End Developer
A topic that tends to get overlooked when businesses are thinking about their website is security. Design & development are frequently held to a higher degree of importance, but a secure site is just as important. There are many different layers to security, and here we’ll discuss malware & website blacklisting.
What is Malware?
Malware is a shortened form of “malicious software” designed to destroy, disable, or otherwise compromise the integrity of a website. The most common use of malware is to access and collect sensitive data, such as personal emails, passwords, financial data, and healthcare records. More sophisticated malware can be used to take over entire networks of computers or to install software on individual computers to mine bitcoin or other cryptocurrencies. Cybercriminals seek to hack websites to embed different types of malware on the site and often on entire servers which house multiple sites.
Types of Malware
There are many types of malware. Following are brief descriptions of some of the more common types.
- Viruses – The most commonly known type of malware, viruses are software attached to a document or file. They will lay dormant until the file is opened and used. Once active, viruses spread from host to host, infecting computers and disrupting the system’s ability to operate. Viruses can cause significant performance problems and loss of data.
- Trojan Viruses – A Trojan virus is a virus disguised as a helpful software program. Once downloaded, the virus is able to gain access to sensitive data and modify, block, or delete the data. Unlike normal viruses, Trojan viruses aren’t designed to self replicate; instead, they rely on continued downloads of the disguised program.
- Worms – Worms are software that rapidly replicate and spread throughout a network. Unlike viruses, worms don’t require a host program to spread. A worm can infect a system through a file download or network connection and will then multiply and spread at an exponential rate. Generally, worms will affect systems in the same way as a virus.
- Spyware – Spyware does exactly what its name would suggest. Once installed on a system, Spyware “spies” secretly in the background and reports back to a remote user. It can be harder to detect as the operations of the computer will usually not be noticeably affected. The Spyware targets and collects sensitive information and can even grant remote access to a computer.
- Adware – Adware is an interesting category of malware. Its function is to collect data on how you use your computer and provide relevant advertisements based on that data. It is not always dangerous but can sometimes cause issues. Adware may redirect your browser to an unsafe website, contain Trojan viruses or Spyware, or cause performance issues if many Adware programs are running simultaneously.
- Ransomware – Ransomware is software that is used to gain access to sensitive information on a computer or network. Once it has access, it will encrypt the information so that the user no longer has access and subsequently demand payment to release the encrypted data.
What is Blacklisting/Blocklisting?
Companies like Google are constantly checking the safety of websites. Google has “crawlers” that continuously examine sites for many purposes. One such purpose is to monitor sites for malware. They use advanced algorithms to detect, label, and categorize anything unsafe (such as malware) found within the structure of a website. If something unsafe is found, the site is added to Google’s blacklist. When a website is added to a blacklist it means that Google and other search engines and anti-virus companies are marking the website as not secure to visit.
A site that has been blacklisted is expelled from search engine results. This can lead to a drop of over 95% in organic visits to the site. If a user attempts to go to the site directly by manually typing in the web address, the user’s browser will warn them that they are attempting to visit an unsafe site. This is usually accompanied by very clear visual warnings such as a bright red screen. The message varies from browser to browser, but is clear that visiting the site will most likely result in harm to their computer.
How Do I Remove My Site from a Blacklist?
To remove a site from a blacklist, you must remove every trace of the detected malware, and then submit the site to Google (or whichever company enacted the blacklist) so that they can confirm that the malware no longer exists anywhere that their scans can find. If multiple companies have blacklisted the site, it needs to be submitted to each company individually. It generally takes ten to twelve hours for a site to be removed once it has been cleaned and submitted, though the wait can be longer.
Most hosting companies will provide assistance with malware removal, which may or may not be included with your usual hosting fees. Some employ security specialists in-house that can clean a site or server of malware, and some use a third party to provide security.
What Do I Do to Keep My Site Safe?
The most important thing to do to ensure your site remains safe and secure is to stay out in front of any possible problems that may arise. This can be difficult given how intelligent and creative cybercriminals can be. The most well-protected site can still potentially be infected by malware, even when following all best practices in security.
Here at First Flight Agency, we take every possible precaution to keep websites as secure as possible. This means a proactive approach to catch potential problems before they have a chance to take hold. Every one of our websites and our servers are scanned multiple times each day for malware. The scan programs keep an up-to-date database of all known malware and also look for any anomalies that may indicate the presence of unknown types or versions of malware.
We are constantly evaluating our approach to website security to ensure we provide the best defense we possibly can.