How does malware affect your website and how can you remove it?

Cybersecurity
Written By Shasheen Bandodkar
unsplash-image-iar-afB0QQw.jpg
 

When you open your internet browser, does a website you've never seen before load and redirect you to many other websites? Are many unknown pop-ups opening everywhere your disk or network is active or connected to? These are some common signs that your website is affected by malware.

Many users have no idea their site is infected. It is easy for malware to hide among lines of legitimate code. Malware can go undetected for a while before you realize it is messing up your website.

Unrecognized admin users in CMSs. Often, malware payloads create backdoors enabling bad actors to re-enter a site after it was cleaned. One famous backdoor attack involves creating an admin account using access gained through a vulnerability. Even if the vulnerability is patched, the attacker retains access to the wrong user account.

Strange or misspelled file names. It does not take much experience to spot a file called "jdD9dcL2XXdR.php" and question its legitimacy. However, many attackers strategically name files to appear legitimate. For example, the login file for WordPress is called "wp-load.php," but it is not uncommon to find malware in a file called "wp-lood.php." Since this looks legitimate, malware can sit in plain sight beside regular files.

Bad search engine results for your site. Here, attackers use an infected site's traffic to boost another site's rankings in Google. If you have unrelated information or foreign characters in your domain's Google search results, malware may be negatively impacting—or even harming—your organic search results and online reputation.

Website errors. Malware is foreign code added to existing code. With that in mind, it only takes a single character in the wrong location to cause an entire site to fail. Fortunately, website errors can help you spot malware more easily.

Fortunately, malware can be wiped off an infected website. This process can be highly technical and is easier said than done. It requires knowledge and experience with modifying files and databases.

Before attempting to clean or delete anything, make sure you have a complete backup available should you need to restore for any reason. Investigate the issue thoroughly. If you are in a shared hosting environment, your host is likely running a daily malware scan. When malware is flagged in these scans, the results are added to a file called "malware.txt" in your hosting root. This is invaluable, as it provides a path to each infected file. Connect to your files using your preferred method like FTP example: FileZilla. You could use VirusTotal to scan infected files. To check different code snippets of the files, you could use MobileFish, a Deobfuscator, a Decoder like Unphp or Quttera. Malware is often added to legitimate and necessary files. In these cases, simply deleting the infected files can cause future site issues. Often, you can replace your file with a clean one to ensure it's malware-free. You could use a tool like DiffChecker to check the infected code snippet between file contents.

Shasheen Bandodkar
Previous

Why Regular Expressions are a game changer!
Next

What is a Social Engineering Attack?