Any webmaster who has administered a blog with comments enabled or a forum knows all too well what a nightmare spam comment and post can be. While spam remains a problem, there are a lot of options (most notably Akismet for WordPress) how you can go about reducing it.

Spam is annoying, a nightmare to manage if not done correctly and can damage your site’s  search engine ranking in some cases, but a trend that is becoming even more common amongst spammers is spam that contains malicious links. These links will either redirect users to external sites known to host malware or that are known to be used for phishing attacks.

As a webmaster, this is can make life difficult on a number of counts – firstly, it’s bad for users visiting your website, secondly it can significantly impact not only your search engine ranking, but also your visitors from even visiting your site in the first place.

Search engine providers and web browser manufacturers have an interest in protecting their users from visiting malicious sites, and they will do everything in their power to stop unwary visitors from following phishy links. Google, for example will display the following warnings next to a search engine result with a malicious link.



To make matters worse, because all modern browsers have anti-malware and anti-phishing mechanisms built-into them, your website could be blacklisted. The following warning is what Google Chrome shows when a user treads into badware territory — it’s most certainly something you wouldn’t want to see on your own site.

Acunetix Vulnerability Scanner includes a malware detection service that detects URLs linking to such shady external sites known to host malware or that are known to be used for phishing attacks. Should the scanner find such links, it may indicate that the site being scanned has either been compromised, or that somehow an attacker has managed to inject URLs to the malicious site – a common occurrence in blogs and forums that allow the posting of links, finally It may also indicate that a legitimate site that your site links to has been compromised and is hosting malware.


Such malware lists need to constantly remain up-to date In order to provide accurate detection malicious or phishing URLs. Acunetix Vulnerability Scanner’s malware detection service uses two of the most accurate and up-to-date malware and phishing databases – Google’s Safe Browsing database and the Yandex Safe Browsing database.

If malware has been detected, it is suggested that you run a virus scan on the site and keep monitoring the site’s health by running regular automated security scans.


Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.