Has your website been hacked and spreads malware such as viruses, spyware, and computer worms all over the Internet? Probably not. But are you sure? You 'd not only be endangering the computers of your visitors, you'd also be risking the reputation of your organization, and your site might even be removed from Google's index. In my last post I outlined why I think that the probability of your websites getting infected increases steadily. In this article, I discuss some free tools that allow you to check or scan your website for malware.
- Poll: How reliable are ChatGPT and Bing Chat? - Tue, May 23 2023
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
I already mentioned Google Safe Browsing and Bing's malware detection in my last article. Today, I will introduce free third-party website malware detection tools.
Unmask Parasites
Unmask Parasites is a free service that allows you to scan a particular web page for malware. Thus, this service is only useful if you already suspect that something strange is going on your website. Unmask Parasites scans the entered page for malware and suspicious code. Because the tool uses heuristics to detect suspicious code, there is the danger that it will detect false positives.
The result page also lists all external references. If you find a URL in this list that you don't know, you should have a closer look. By the way, Unmask Parasites classifies microsoft.com as suspicious. Not that we didn't know that before. 😉
Unmask Parasites also offers a good practical guide to deal with Google's malware warnings.
StopBadware
The Badware Website Clearinghouse is a database of sites that contain what StopBadware calls "badware." "Badware" is a general term that includes malware and software that behaves badly. Such bad software is doing things that visitors don't expect and might not be approved by them. This could be code that violates the user's privacy or installs additional software.
Unlike Unmask Parasites, StopBadware doesn't scan your site. StopBadware uses data from Google, Sunbelt Software, and web users who reported badware URLs.
You can search for sites in the Badware database. Let's hope that your site is not a badware site.
McAfee SiteAdvisor
SiteAdvisor was acquired by McAfee in 2006. The service crawls websites to search for spyware, spam, and scams and then assigns one of these ratings: Safe, Caution, or Warning. Sites that have not been scanned are marked as Unknown. McAfee also uses heuristics and in the past some websites have been flagged incorrectly.
McAfee offers free plugins for Firefox and Internet Explorer that warn users about flagged sites. There is also the third-party Chrome extension for SiteAdvisor.
You’d better ensure that SiteAdvisor judged your site correctly. You can search for the rating of your site in the sidebar on the SiteAdvisor homepage.
QualysGuard
Qualys is the only the free service I know of that allows you to scan your whole website for malware and suspicious code. You can manually start scans or schedule them. Qualys will send you an email informing you if malware has been found on your site. You can view a report online that includes all scanned pages.
QualysGuard scans quite thoroughly. It even executes JavaScript code. A Qualys representative told me that their scanner pretends to be a real browser on a real machine. Thus, hits from QualysGuard will look like true user visits.
This can be a problem in some environments. For example, QualysGuard's scans could appear in your Web analytics statistics. If your site has many pages this can have a significant impact on your statistics if you let QualysGuard scan your site regularly. Hence, you have ensure that your analytics software filters QualysGuard visits.
Do you know of another malware scan service for websites? There are also commercial website scan services. If you can recommend one of these, please post a comment below.
I wanted to mention another site rating service call Web of Trust, or WOT for short. I use this myself and like in alot. It shows site ratings right in search engine results and in your browser toolbar. There is a plugin for all the major browsers… IE, Firefox, and Chrome. Check it out here. http://www.mywot.com/
Jeff, I considered adding WOT to the list but decided against it because WOT doesn’t scan websites. User ratings can’t tell you if a site contains malware or not. I think the real danger comes from trusted sites that have been hacked.
Hi Michael
Check out URLVoid.
http://www.urlvoid.com/
/Jesper
There is also http://sucuri.net. It not only does on time checks, but also scheduled malware scans every few hours.
Thanks! Are URLVoid and Sucuri free?
Michael:
Sucuri is free for 1 domain through our automated/daily scan. For more domains (or if you need the scans done more often), it is not free (but very cheap 🙂 – $9 per month).
Hi Michael
URLVoid is a free service.
@Michael Pietroforte – Yes, WOT doesn’t scan websites for malware. It has been pretty reliable for me though. I guess if you are going to a blind link from an email or other source WOT most likely wouldn’t help.
I wanted to mention another free web rating tool. It is called Firetrust SiteHound. It is being re-written right now. Here is a link to the tool http://www.firetrust.com/en/products/sitehound
WOT is a fake website, will record all your trafic
Thanks for the great article. It is really helpful for IT Consultants like us.
Remember, after removal of malware, you have to request a re-review of your site from Google.
Thanks for the info and the article indeeed Malware is a big problem for website reputation and security.
I had used the services of wwww.gamasec.com that provide an online free website blacklist and malware check and also a good quality price application web scanner in order to be 100% update with your website security.
Check the tools they have also a free trial version of the application scanner http://www.gamasec.com
DR
i recommend you to add the following links to check malware..
http://www.urlvoid.com/
http://siteinspector.comodo.com/online_scan
http://sitecheck.sucuri.net/scanner/
10x for this 🙂
Huge thanks. Even 2 years after the post went up I found what I needed int he final site on the list. 🙂
thanks!
I can add this free malware scanner:
http://evuln.com/tools/malware-scanner/
regards
I have recently come across a similar scaner to McAfee Site Advisor called Advanced System Care Surfing Protection by IObit. Its free – installs with IObit’s Advance System Care software with a plugin for Firefox. What do you think of this one?
Sucuri is very good in my experience. Unmask Parasites has a lot of false positives. Any site that has obfuscated javascript (That’s something people do to prevent their scripts from being stolen) gets incorrectly flagged as suspicious. I don’t recommend WOT. WOT is filled with fake submissions by people using bots.
I now use sucuri but also used bulletproof which is a wordpress plugin. Works really well. Its very important to lock down your site asap to try and avoid malware.
It is interesting how many of these malware scanning services can be bypassed simply by moving to an unusual port. I have two servers, running on ports 81 and 82 – all except one could even access it.
Nice post