Malware Scanning – Customer Scenario

Malware…  Yes, its been around for many years.  However the attack vector has changed.  Long ago the primary distribution method was by sharing dirty data (yes, exchanging floppy disks….remember those days?!

Then it went onwards into distributing viruses and malware via email (this is the early days of outlook express!).  Then, came the solutions to block this (antivirus on your email, desktop solutions that block installs on your PC, etc.)

Now however, it is much more sophisticated.  As unfortunately some of you have experienced, the hackers are now cracking PCs and websites to inject malware.  Hence the term ‘drive-by malware’.  By infecting your website the hackers are now able to enjoy a free distribution method for their wares – your website.  Target any sized website, inject your bad code, and watch the infections grow by the minute!

Consider this scenario…  we have a customer who came to us (name not mentioned of course), that had been injected my malware.  The alerts went up in Google HQ.  His site was dropped from search engine rankings immediately.  So, boom – there goes all of his google traffic (in this case, responsible for about 2,000 unique visitors a day).

Worse yet, now that Google was aware to his sites problems, the browser vendors now pick up on this and start warning ALL people visiting his site with this nice little alert:

So now, he has -0- traffic from Google.  ALL of his users are now getting told this is ‘an attack’ site.  All bookmarked entries, links from other sites, etc. ALL reflect that this site is now worse than the worse of worse!  You are evil!  You are spreading the scourge of the earth!  How could you!

Now, this guy is in a panic.  He’d just started a major campaign (offline and online), and had paid for a lot of advertising that was non refundable.  He was loosing 1000’s of dollars a day, and his business was evaporating before his eyes.

Personally, I don’t like to scare monger my customers into solutions.  I think it is a disservice that many of our competitors do.  However, I do like to highlight true to life stories, and their true impacts.

In this case, we were able to quickly shut down his site to stop the spread.  Taking the site offline also minimized any infections he was spreading (because, in reality, he was).  After stripping out the hacked code, we scanned all of his site (100’s of pages) and plugged up any holes the web vulnerability scanner found (there were more than one in his shopping cart and forum systems).  Turns out, some of the lovely little hit counters and subscriber forms he had on his site were wide open as well.

Anyways, after the cleanup, and a few runs through our malware scanner to ensure we were clean, we stood the site backup and asked please, please please! Google, please allow his site to be back in your good graces…

After about 36 hours, Google’s scanners had verified that he was now indeed clean, and re included him in the indexes.  Luckily, since we caught it quick enough, this did not affect his PR rankings and his SEO work he’d invested so much into was saved.

Now, the browser alerts were another problem.  Firefox released their warnings within a few hours of Google.  Microsoft IE shortly thereafter.  Safari and a few other smaller footprint browsers took a few days.

All in all, this attack cost him well over $10,000 in immediate losses due to his PPC campaign and offline media buy losses.  Of course, now he had a perception problem with his customers (yes you are safe, no I’m not a hacker, etc.), and on top of that, one very long, long weekend on the phone with customers.

How to protect from these effects?  Well, since nothing is 100%, regular scanning of your website with Acunetix is your best defense, since you’ll know before the hackers do that there is a problem with your site.

This, all told, allows him to sleep better at night!

Share this post

Leave a Reply

Your email address will not be published.