The Internet is already a general service in the Philippines, benefiting nearly 30 million Filipinos for everything from looking for a place, reading news, shopping and connecting with others through social networks.
Lately, however, virus authors have been creating malicious software that is specifically targeted to infect websites. The idea is to infect a website and let the infection spread by infecting the PCs of the site’s visitors. Unfortunately, website administrators might not know their sites are infected.
Marta Janus, Security Researcher at Kaspersky Lab, a leading developer of secure content and threat management solutions, said in a report there were incidences of website owners complaining that a Kaspersky Lab product incorrectly blocks access to their portal and it must be a false alarm as they do not host any malicious content. “Unfortunately, in most cases they are wrong and malicious scripts can indeed be found within their websites, injected into their sites’ original code,” said Janus
“These scripts redirect visitors to malicious websites. In most cases, the execution of malware is completely invisible to the user, who sees the website appearing to operate as usual,” she said.
This is a result of drive-by download where the computer becomes infected just by visiting a website which contains malicious code. Malicious code exploits vulnerabilities in software running on the user\\\'s computer (like Java, Flash, PDF viewers, browser plugins, etc.) to silently install itself on an attacked machine.
Janus said that the cybercriminals who created the codes have different evil goals. These include widening their targets for spamming and phishing, stealing content and passwords, hijacking Internet traffic, promoting illegal activities, among others. “Generally speaking, there’s nothing new here. It\\\'s indirect financial gain that drives cybercriminals to infect websites,” said Janus.
Identifying the culprit
There are ways for website administrators to identify if their website has been infected. Among the most obvious ones are:
1. users complain that the website is blocked by the browser or security software
2. website is blacklisted by Google or added to some other database of malicious URLs
3. significant change in traffic and/or drop in search engine rankings
4. website doesn\\\'t work properly, displays errors and warnings; and
5. after visiting the website, computers show strange behavior.
The infections usually remain unnoticed for a long time, often because of the level of sophistication of the malware. Some of these malware’s codes are usually obfuscated or obscured, thus misleading the administrator that their website is still clean.
“If you do not notice any of the above mentioned symptoms it’s a good indication that your server is clean, but always be on alert for any suspicious activities,” Janus warned.
When an infection is indeed found, there are still ways to remove it. Janus said if there are any symptoms of possible infection, the website has to be deactivated until the problem has been resolved. This is really essential, as every moment of delay acts in favor of the cybercriminals, exposing more potential victims to the problem and spreading the infection over the Internet. The administrator also needs to check the server logs to see if there are any suspicious activities, like strange requests from IP addresses located in unusual countries, and so on.
Other methods of fighting malware in an infected site include backing up content, website scanning using online or installed security applications, and manually removing them. The latter method is one where the website administrator needs to be very careful with. This means having to look at all the codes in their website and finding out codes that look obscure and unreadable.
“Code obfuscation is a common technique for malware writers and it\\\'s relatively unusual for any other website-related software. If you haven\\\'t obfuscated the code yourself, you have every reason to be suspicious about it. Do be careful, though – not all obfuscated code will prove malicious!” Janus said.