What is Badware? Is your Website infected?

The term malware brackets all possible malicious software – Worms, viruses, spyware, etc. Badware, although it may look as if it could be used interchangeably with malware, is different, as it is reserved for a certain set of malware, that propagates through infected websites and malvertising. This article tells you what is badware and the steps to take to stop badware and keep it away.

What is Badware

The best way to infect thousands of computers is to set up a malicious website. Better still, hack a popular website and insert malicious code. That way, thousands of website visitors will be affected when they visit the website.

Badware is the name given to the malware present on websites – in the site code or in the malicious advertisements or malvertisements being displayed on the website. While webmasters may not have control over the malicious advertisements being served on their websites by advertising networks, users can still stay safe using some precautions. Please read our article on Malvertising to know how malicious advertising works without the knowledge of webmasters.

Badware is software that fundamentally disregards a user’s choice about how his or her computer or network connection will be used. A badware website is a website that helps distribute badware, either intentionally or because it has been compromised. Many normal, legitimate websites are infected and turned into badware websites without the knowledge of their owners.

Coming back to websites, badware is set up by webmasters in very rare cases. In more than 90% of cases, they are victims who do not know that their website has been compromised and that a malicious code has been inserted into the site code. This, in turn, infects the many visitors who visit the website.

There are different elements on a website, out of which the site content and advertisements form the important elements, and hence these two sets are primary targets of web-criminals. Be aware that using an Ad Blocker will not reduce your chances of being infected via an infected website, as this kind of malicious script circumvents the ad blockers.

How do I know if a Website is infected?

If there are no visible warnings and if the webmasters themselves do not know that their websites have been compromised, how do you know if a site is infected?  I will break down the answer into the following:

1. When you attempt to visit the infected site using any of the standard browsers, you will get a message that visiting the site may be dangerous. The message’s wording can differ, but you will see an alert on the website. Since there can be false positives, most browsers allow you to continue visiting the website at your own risk. Your security software too could throw up a warning that it could be dangerous visiting a website.
2. Searching for a website using popular search engines gives out a description unrelated to the website. If you have been visiting the website before, you can instantly tell that something is not right after seeing the site description in the search engine result pages (SERPs).
3. If you are a website owner and have webmaster account with Google, you will receive notifications about possible malware on your website.
4. You find that file permissions have been changed.
5. You may encounter unwanted and unexpected redirects when you click your website name when it appears in search engine results pages.
6. In some cases, you can see new users on the webmaster dashboard; in other cases, the permissions for users may have changed.

Out of all the five indications listed above, the fail-proof method to detect if a website has been compromised is the first one. To receive such alerts, your browsers, plugins and your security software must always be updated to the latest version. If you have a good antivirus or an Internet Security Suite installed, it will auto-update itself almost every day.

I will stress more on updating browsers and running the latest versions, as they would then contain the different security precautions built into the browser. In Internet Explorer, there is a SmartScreen Filter. Similarly, in Google Chrome, there is an option to turn on or off malware protection under Settings. It is turned on by default. Mozilla Firefox has the option turned on. In some cases, Firefox may simply refuse to load a website it considers is not safe for you.

You can use any of these Online URL Scanners to Scan websites for malware, virus, phishing, etc. If you feel the need, you can also install any of these Website URL Scanners & Link Checker addons in your browser.

If you do come across a potentially dangerous website, you can report it to Google here. Google will then scan the website and find out if it indeed is a badware website.

How do Websites get infected by Badware?

There are two main methods:

• Hack the site and insert malicious script inside the code without the knowledge of webmasters
• Insert a malicious advertisement using advertising networks that compromise the website

There are some other methods too. For example, if you used an infected PC to upload files to a website, it is infected. In this case, there is no third party involved, but the website is still dangerous. Hacking the sites is easy if the webmasters are using outdated tools and forget to apply patches, etc.

What to do if your Website contains Badware?

There are some steps listed on StopBadware.org. I am listing some of them in plain language and in brief.

1. Take your website offline, so that it does not affect any more users. If you have a backup copy of your website, you can upload it after checking if it is clean.
2. Scan the website code for malicious JavaScript. They can be tricky as they can look like legitimate scripts. For example, the letter L in Google is identical to the letter “i” in capitals. This can take much time, depending on your sites’ size.
3. Check for .htaccess file for invalid re-directions.
4. Look for iframes that have height and width with zero as their value.

How does Badware affect a Website’s reputation?

The first thing is that it will scare off users trying to get to your site. As explained above, when users try to access a website that has malicious code, they get a warning either from the browser or their antivirus software. Such warnings will deter users from visiting your sites – especially the new ones.

Second but more important, Google, Bing and other major search engines will display a warning in the search result or even blacklist your website, if they find that your website has been compromised. You have to be proactive.

When you remove the malicious code from your website, you have to ask Google or any other organization, which blacklisted your website, to review and include your site in their search results pages. You might be interested in checking out the Webmaster Tools of Google and Bing, which explains what to do when a website is hacked.

StopBadware.org has made a humorous video that helps you better understand badware and how to deal with it. The website also offers useful resources about Badware.

WordPress users may want to check out this post on how to secure a WordPress website.

Play safe, stay safe!