Are You Hosting Malware on Your Website?
Right now there's a key-logger installed on a UK laptop recording every keystroke it's owner makes. That little piece of software is busily transmitting all that information to a cyber-criminal somewhere in Russia. When our Russian friend is ready, he'll run an algorithm over the data he's collected to highlight information he can use. Stuff like website login details. You know, the user name and password to your online banking. Or perhaps your Amazon login details. Or anywhere you may have your credit card details stored. I think you get the picture.
So, what has that got to do with your website?
A ‘Drive-by-Download’ is where a website hosting Malware exploits a weakness in someones browser (such as an out-of-date Flash plugin, or old version of Internet Explorer). It uses this weakness to install a script on that persons computer. A recent example of this exploit was via a ‘Malvertisement’ on Yahoo’s website. So, if you say had an out of date version of Flash installed in your browser and you visited a Yahoo web page with that ad, the Malware would have installed itself on your computer. Without you even clicking on the ad.
Many thousands of computers were infected before Yahoo dealt with the issue. Once infected there's a load of different mischief the Malware could get up to. For example, it could record all the keystrokes made on your computer and 'phone home' with the results. Or it could recruit your computer to the zombie ranks and have it join a botnet. So when your computer slows down for no apparent reason, there's a good chance it's being controlled from afar. It might be used to act as a relay for thousands of spam emails, or be taking part in a DDOS attack against
You may be thinking that this sort of thing only happens to organisations the size of Yahoo. Well, if you think that, you’d be wrong. More and more SMEs, and even personal websites, are being targeted by scammers. According to Experian, 74% of SMEs in the UK experienced a security breach in 2014. In fact, you may be hosting malware on your website and not even know. The first you might become aware of it is when Google blacklists your site and you no longer appear in search engine results. Because Google detected the malware. Or maybe one or more of your clients had their computers infected because they visited your website. Then they hooked into the WI-FI at the office and infected all the machines on the network. That won't do much to strengthen your relationship with them.
About 25% of every website on the Internet has been built in Wordpress. Because Wordpress is so popular and freely available, it’s become a favourite target for scammers. Out of date versions of Wordpress, free themes and the huge number of unchecked third party add-ons provide numerous ways to hack Wordpress. In fact, according to the 'Akamei State of the Internet' report, insecure Wordpress plugins are one of the main methods scammers use to distribute Malware. And one of the largest users of Wordpress are small to medium sized businesses. Chances are, your website has been built in Wordpress.
Don’t get me wrong, this isn’t a Wordpress bashing exercise. It’s just there are millions of Wordpress installations that are not maintained, or were built by people with little experience. These are the most vulnerable to exploits and provide an irresistible target for scammers. This issue isn’t exclusive to Worpress either. Other free CMSs, such as Joomla and Drupal have similar issues, just not on the same massive scale as Wordpress.
Because there are millions of people using computers with exploitable software on them, it makes great business sense for a scammer to install malware on as many websites as they can. I'm sure you can see how lucrative it can be to infect websites on a grand scale. Infecting a website like Yahoo is obviously a shortcut to reaching millions of potential victims quickly. But the reality is that a company like Yahoo will detect such activity very quickly and deal with it. They will also fix the vulnerability that allowed the attack in the first place. It’s also a lot harder to successfully infiltrate a large organisation like Yahoo in the first place.
Targeting small to medium sized businesses is a lot easier. It’s very simple to identify a website running Wordpress and then run a few scripts to identify a weakness. Once the weakness is found installing the malware script is very simple. If they do this on an industrial scale, they soon start to reap the same rewards they would get from hacking a large corporation, but with a lot less risk. If a few businesses work out their website has been compromised and fix it, there are plenty of others that don’t. The main aim is to go undetected for as long as possible.
What to do?
There are freely available online tools that will scan your website to check for malware. If you run your website through the Securi scanner it will tell you if it finds any nasties on your website. It’s not 100% perfect, but should pick up most threats. Of course, this tool can also be used by scammers too. It will tell them if your version of Wordpress is out of date and identify any obvious security holes.
If you think your website may have been compromised, or would like more information about how we create secure installations, please contact me directly.