Has your website been hacked and spreads malware such as viruses, spyware, and computer worms all over the Internet? Probably not. But are you sure? You 'd not only be endangering the computers of your visitors, you'd also be risking the reputation of your organization, and your site might even be removed from Google's index. In my last post I outlined why I think that the probability of your websites getting infected increases steadily. In this article, I discuss some free tools that allow you to check or scan your website for malware.

Michael Pietroforte

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of experience in IT management and system administration.

I already mentioned Google Safe Browsing and Bing's malware detection in my last article. Today, I will introduce free third-party website malware detection tools.

Unmask Parasites ^

Unmask Parasites is a free service that allows you to scan a particular web page for malware. Thus, this service is only useful if you already suspect that something strange is going on your website. Unmask Parasites scans the entered page for malware and suspicious code. Because the tool uses heuristics to detect suspicious code, there is the danger that it will detect false positives.

The result page also lists all external references. If you find a URL in this list that you don't know, you should have a closer look. By the way, Unmask Parasites classifies microsoft.com as suspicious. Not that we didn't know that before. 😉

Unmask Parasites

Unmask Parasites also offers a good practical guide to deal with Google's malware warnings.

StopBadware ^

The Badware Website Clearinghouse is a database of sites that contain what StopBadware calls "badware." "Badware" is a general term that includes malware and software that behaves badly. Such bad software is doing things that visitors don't expect and might not be approved by them. This could be code that violates the user's privacy or installs additional software.

Unlike Unmask Parasites, StopBadware doesn't scan your site. StopBadware uses data from Google, Sunbelt Software, and web users who reported badware URLs.

You can search for sites in the Badware database. Let's hope that your site is not a badware site.

McAfee SiteAdvisor ^

SiteAdvisor was acquired by McAfee in 2006. The service crawls websites to search for spyware, spam, and scams and then assigns one of these ratings: Safe, Caution, or Warning. Sites that have not been scanned are marked as Unknown. McAfee also uses heuristics and in the past some websites have been flagged incorrectly.

McAfee offers free plugins for Firefox and Internet Explorer that warn users about flagged sites. There is also the third-party Chrome extension for SiteAdvisor.

You’d better ensure that SiteAdvisor judged your site correctly. You can search for the rating of your site in the sidebar on the SiteAdvisor homepage.

McAfee SiteAdvisor

QualysGuard ^

Qualys is the only the free service I know of that allows you to scan your whole website for malware and suspicious code. You can manually start scans or schedule them. Qualys will send you an email informing you if malware has been found on your site. You can view a report online that includes all scanned pages.

QualysGuard scans quite thoroughly. It even executes JavaScript code. A Qualys representative told me that their scanner pretends to be a real browser on a real machine. Thus, hits from QualysGuard will look like true user visits.

This can be a problem in some environments. For example, QualysGuard's scans could appear in your Web analytics statistics. If your site has many pages this can have a significant impact on your statistics if you let QualysGuard scan your site regularly. Hence, you have ensure that your analytics software filters QualysGuard visits.

QUALYSGUARD Results

Do you know of another malware scan service for websites? There are also commercial website scan services. If you can recommend one of these, please post a comment below.

Are you an IT pro? Apply for membership!

0
Share
20 Comments
  1. Jeff 9 years ago

    I wanted to mention another site rating service call Web of Trust, or WOT for short. I use this myself and like in alot. It shows site ratings right in search engine results and in your browser toolbar. There is a plugin for all the major browsers... IE, Firefox, and Chrome. Check it out here. http://www.mywot.com/

    0

  2. Michael Pietroforte 9 years ago

    Jeff, I considered adding WOT to the list but decided against it because WOT doesn't scan websites. User ratings can't tell you if a site contains malware or not. I think the real danger comes from trusted sites that have been hacked.

    0

  3. Jesper Ravn 9 years ago

    Hi Michael

    Check out URLVoid.
    http://www.urlvoid.com/

    /Jesper

    0

  4. David Dede 9 years ago

    There is also http://sucuri.net. It not only does on time checks, but also scheduled malware scans every few hours.

    0

  5. Michael Pietroforte 9 years ago

    Thanks! Are URLVoid and Sucuri free?

    0

  6. David Dede 9 years ago

    Michael:

    Sucuri is free for 1 domain through our automated/daily scan. For more domains (or if you need the scans done more often), it is not free (but very cheap 🙂 - $9 per month).

    0

  7. Jesper Ravn 9 years ago

    Hi Michael

    URLVoid is a free service.

    0

  8. Jeff 9 years ago

    @Michael Pietroforte - Yes, WOT doesn't scan websites for malware. It has been pretty reliable for me though. I guess if you are going to a blind link from an email or other source WOT most likely wouldn't help.

    I wanted to mention another free web rating tool. It is called Firetrust SiteHound. It is being re-written right now. Here is a link to the tool http://www.firetrust.com/en/products/sitehound

    0

  9. A Alba 9 years ago

    WOT is a fake website, will record all your trafic

    0

  10. Thanks for the great article. It is really helpful for IT Consultants like us.

    Remember, after removal of malware, you have to request a re-review of your site from Google.

    0

  11. didier 8 years ago

    Thanks for the info and the article indeeed Malware is a big problem for website reputation and security.

    I had used the services of wwww.gamasec.com that provide an online free website blacklist and malware check and also a good quality price application web scanner in order to be 100% update with your website security.

    Check the tools they have also a free trial version of the application scanner http://www.gamasec.com

    DR

    0

  12. balaji 7 years ago
  13. Фън Шуй 7 years ago

    10x for this 🙂

    0

  14. Dave Davies 7 years ago

    Huge thanks. Even 2 years after the post went up I found what I needed int he final site on the list. 🙂

    0

  15. Genry 6 years ago

    thanks!
    I can add this free malware scanner:

    http://evuln.com/tools/malware-scanner/

    regards

    0

  16. Paul Wright 6 years ago

    I have recently come across a similar scaner to McAfee Site Advisor called Advanced System Care Surfing Protection by IObit. Its free - installs with IObit's Advance System Care software with a plugin for Firefox. What do you think of this one?

    0

  17. Borgia 5 years ago

    Sucuri is very good in my experience. Unmask Parasites has a lot of false positives. Any site that has obfuscated javascript (That's something people do to prevent their scripts from being stolen) gets incorrectly flagged as suspicious. I don't recommend WOT. WOT is filled with fake submissions by people using bots.

    0

  18. jason 5 years ago

    I now use sucuri but also used bulletproof which is a wordpress plugin. Works really well. Its very important to lock down your site asap to try and avoid malware.

    0

  19. Supratim Sanyal 3 years ago

    It is interesting how many of these malware scanning services can be bypassed simply by moving to an unusual port. I have two servers, running on ports 81 and 82 - all except one could even access it.

    0

  20. Conleth 1 year ago

    Nice post

    1+

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2019

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account