Threat Intelligence Blog

Posted April 29, 2011

In recent years, cyber criminals have made a point of hijacking popular websites. Their goal is usually to spread malwareMalware: Software that is intended to damage or disable computers and computer systems. to end users’ computers or to trick search engines into driving web traffic to their own websites. Neither outcome is good for corporate webmasters, as the malware they unwittingly spread is designed to do very unpleasant things to site visitors’ computers, and the sites that they promote by hacking your corporate site are very seedy destinations.

It’s not just small sites that are victims of such attacks. The European Space Agency was recently targeted, large e-commerce sites are regularly defending themselves from electronic break ins, and universities are especially juicy targets for black hat search engine optimization experts.

If the unthinkable occurs and your corporate site is hacked, it may not be immediately obvious to visitors that anything is awry. The last thing most profit-motivated web hackers wish to do is to alert anyone of their work.

Fortunately both Google and Bing offer a way to learn if your site has been hacked. Any webmaster can sign up for Google Webmaster Tools and Bing Webmaster Tools (both are free) for insight on how their sites are perceived by these major search engines when they visit to index your content. They can often detect infected or hacked websites when they visit. If they do, you can see exactly where it was found on your site. (Google will even email you!)

In Bing Webmaster Center Tools, the information would be found under the Crawl Details section.

In Google Webmaster Tools, information about malware found on your site would be shown under Diagnostics.

Of course, preventing your website from being hacked in the first place is best case scenario. Staying current with all the applications you have installed on your website and applying patches as soon as they are available are some of the best ways to prevent your site from being compromised by cyber criminals in the first place. Applications that are designed in-house deserve extra scrutiny for potential security holes. Don’t let your corporate website become a part of the Internet criminal ecosystem. If you don’t have one already, put a plan in place to regularly scan your web servers for malicious software and make sure all software is always up to date.

 

Additional Posts

System Compromised? It’s Likely Due to a Matter of (Misplaced) Trust

As the CTO of a leading cyber-intelligence company, I’m often asked about the biggest ...

Hacked WordPress Sites: An Open Letter to WordPress Developers

The content management system WordPress is a fantastic tool. Its ease of use has has helped it ...