Has your website been hacked and spreads malware such as viruses, spyware, and computer worms all over the Internet? Probably not. But are you sure? You 'd not only be endangering the computers of your visitors, you'd also be risking the reputation of your organization, and your site might even be removed from Google's index. In my last post I outlined why I think that the probability of your websites getting infected increases steadily. In this article, I discuss some free tools that allow you to check or scan your website for malware.
Latest posts by Michael Pietroforte (see all)
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
- PowerShell remoting with SSH public key authentication - Thu, May 3 2018
I already mentioned Google Safe Browsing and Bing's malware detection in my last article. Today, I will introduce free third-party website malware detection tools.
Unmask Parasites ^
Unmask Parasites is a free service that allows you to scan a particular web page for malware. Thus, this service is only useful if you already suspect that something strange is going on your website. Unmask Parasites scans the entered page for malware and suspicious code. Because the tool uses heuristics to detect suspicious code, there is the danger that it will detect false positives.
The result page also lists all external references. If you find a URL in this list that you don't know, you should have a closer look. By the way, Unmask Parasites classifies microsoft.com as suspicious. Not that we didn't know that before. 😉
Unmask Parasites also offers a good practical guide to deal with Google's malware warnings.
The Badware Website Clearinghouse is a database of sites that contain what StopBadware calls "badware." "Badware" is a general term that includes malware and software that behaves badly. Such bad software is doing things that visitors don't expect and might not be approved by them. This could be code that violates the user's privacy or installs additional software.
Unlike Unmask Parasites, StopBadware doesn't scan your site. StopBadware uses data from Google, Sunbelt Software, and web users who reported badware URLs.
You can search for sites in the Badware database. Let's hope that your site is not a badware site.
McAfee SiteAdvisor ^
SiteAdvisor was acquired by McAfee in 2006. The service crawls websites to search for spyware, spam, and scams and then assigns one of these ratings: Safe, Caution, or Warning. Sites that have not been scanned are marked as Unknown. McAfee also uses heuristics and in the past some websites have been flagged incorrectly.
You’d better ensure that SiteAdvisor judged your site correctly. You can search for the rating of your site in the sidebar on the SiteAdvisor homepage.
Qualys is the only the free service I know of that allows you to scan your whole website for malware and suspicious code. You can manually start scans or schedule them. Qualys will send you an email informing you if malware has been found on your site. You can view a report online that includes all scanned pages.
This can be a problem in some environments. For example, QualysGuard's scans could appear in your Web analytics statistics. If your site has many pages this can have a significant impact on your statistics if you let QualysGuard scan your site regularly. Hence, you have ensure that your analytics software filters QualysGuard visits.
Do you know of another malware scan service for websites? There are also commercial website scan services. If you can recommend one of these, please post a comment below.