Has your website been hacked and spreads malware such as viruses, spyware, and computer worms all over the Internet? Probably not. But are you sure? You 'd not only be endangering the computers of your visitors, you'd also be risking the reputation of your organization, and your site might even be removed from Google's index. In my last post I outlined why I think that the probability of your websites getting infected increases steadily. In this article, I discuss some free tools that allow you to check or scan your website for malware.

Latest posts by Michael Pietroforte (see all)

I already mentioned Google Safe Browsing and Bing's malware detection in my last article. Today, I will introduce free third-party website malware detection tools.

Unmask Parasites

Unmask Parasites is a free service that allows you to scan a particular web page for malware. Thus, this service is only useful if you already suspect that something strange is going on your website. Unmask Parasites scans the entered page for malware and suspicious code. Because the tool uses heuristics to detect suspicious code, there is the danger that it will detect false positives.

The result page also lists all external references. If you find a URL in this list that you don't know, you should have a closer look. By the way, Unmask Parasites classifies microsoft.com as suspicious. Not that we didn't know that before. 😉

Unmask Parasites

Unmask Parasites also offers a good practical guide to deal with Google's malware warnings.


The Badware Website Clearinghouse is a database of sites that contain what StopBadware calls "badware." "Badware" is a general term that includes malware and software that behaves badly. Such bad software is doing things that visitors don't expect and might not be approved by them. This could be code that violates the user's privacy or installs additional software.

Unlike Unmask Parasites, StopBadware doesn't scan your site. StopBadware uses data from Google, Sunbelt Software, and web users who reported badware URLs.

You can search for sites in the Badware database. Let's hope that your site is not a badware site.

McAfee SiteAdvisor

SiteAdvisor was acquired by McAfee in 2006. The service crawls websites to search for spyware, spam, and scams and then assigns one of these ratings: Safe, Caution, or Warning. Sites that have not been scanned are marked as Unknown. McAfee also uses heuristics and in the past some websites have been flagged incorrectly.

McAfee offers free plugins for Firefox and Internet Explorer that warn users about flagged sites. There is also the third-party Chrome extension for SiteAdvisor.

You’d better ensure that SiteAdvisor judged your site correctly. You can search for the rating of your site in the sidebar on the SiteAdvisor homepage.

McAfee SiteAdvisor


Qualys is the only the free service I know of that allows you to scan your whole website for malware and suspicious code. You can manually start scans or schedule them. Qualys will send you an email informing you if malware has been found on your site. You can view a report online that includes all scanned pages.

QualysGuard scans quite thoroughly. It even executes JavaScript code. A Qualys representative told me that their scanner pretends to be a real browser on a real machine. Thus, hits from QualysGuard will look like true user visits.

This can be a problem in some environments. For example, QualysGuard's scans could appear in your Web analytics statistics. If your site has many pages this can have a significant impact on your statistics if you let QualysGuard scan your site regularly. Hence, you have ensure that your analytics software filters QualysGuard visits.


Do you know of another malware scan service for websites? There are also commercial website scan services. If you can recommend one of these, please post a comment below.

  1. Jeff 13 years ago

    I wanted to mention another site rating service call Web of Trust, or WOT for short. I use this myself and like in alot. It shows site ratings right in search engine results and in your browser toolbar. There is a plugin for all the major browsers… IE, Firefox, and Chrome. Check it out here. http://www.mywot.com/

  2. Jeff, I considered adding WOT to the list but decided against it because WOT doesn’t scan websites. User ratings can’t tell you if a site contains malware or not. I think the real danger comes from trusted sites that have been hacked.

  3. Jesper Ravn 13 years ago

    Hi Michael

    Check out URLVoid.


  4. David Dede 13 years ago

    There is also http://sucuri.net. It not only does on time checks, but also scheduled malware scans every few hours.

  5. Thanks! Are URLVoid and Sucuri free?

  6. David Dede 13 years ago


    Sucuri is free for 1 domain through our automated/daily scan. For more domains (or if you need the scans done more often), it is not free (but very cheap 🙂 – $9 per month).

  7. Jesper Ravn 13 years ago

    Hi Michael

    URLVoid is a free service.

  8. Jeff 13 years ago

    @Michael Pietroforte – Yes, WOT doesn’t scan websites for malware. It has been pretty reliable for me though. I guess if you are going to a blind link from an email or other source WOT most likely wouldn’t help.

    I wanted to mention another free web rating tool. It is called Firetrust SiteHound. It is being re-written right now. Here is a link to the tool http://www.firetrust.com/en/products/sitehound

  9. A Alba 13 years ago

    WOT is a fake website, will record all your trafic

  10. IT Technical Advisor 13 years ago

    Thanks for the great article. It is really helpful for IT Consultants like us.

    Remember, after removal of malware, you have to request a re-review of your site from Google.

  11. didier 12 years ago

    Thanks for the info and the article indeeed Malware is a big problem for website reputation and security.

    I had used the services of wwww.gamasec.com that provide an online free website blacklist and malware check and also a good quality price application web scanner in order to be 100% update with your website security.

    Check the tools they have also a free trial version of the application scanner http://www.gamasec.com


  12. balaji 11 years ago
  13. Фън Шуй 11 years ago

    10x for this 🙂

  14. Dave Davies 11 years ago

    Huge thanks. Even 2 years after the post went up I found what I needed int he final site on the list. 🙂

  15. Genry 11 years ago

    I can add this free malware scanner:



  16. Paul Wright 10 years ago

    I have recently come across a similar scaner to McAfee Site Advisor called Advanced System Care Surfing Protection by IObit. Its free – installs with IObit’s Advance System Care software with a plugin for Firefox. What do you think of this one?

  17. Borgia 9 years ago

    Sucuri is very good in my experience. Unmask Parasites has a lot of false positives. Any site that has obfuscated javascript (That’s something people do to prevent their scripts from being stolen) gets incorrectly flagged as suspicious. I don’t recommend WOT. WOT is filled with fake submissions by people using bots.

  18. jason 9 years ago

    I now use sucuri but also used bulletproof which is a wordpress plugin. Works really well. Its very important to lock down your site asap to try and avoid malware.

  19. Supratim Sanyal 7 years ago

    It is interesting how many of these malware scanning services can be bypassed simply by moving to an unusual port. I have two servers, running on ports 81 and 82 – all except one could even access it.

  20. Conleth 5 years ago

    Nice post

Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account