What is Badware? Is your Website infected?

The term malware brackets all possible malicious software – Worms, virus, spyware etc. Badware, although it my look as if it could be used interchangeably with malware, is different, as it is reserved for a certain set of malware, that propagate through infected websites and malvertising. This article tells you what is badware and steps to take to stop badware and keep it away.

What is Badware

What is Badware

The best way to infect thousands of computers is to set up a malicious website. Better still, hack a popular website and insert malicious code. That way, thousands of website visitors will be affected when they visit the website.

Badware is the name given to the malware present on websites – in the site code or in the malicious advertisements or malvertisements being displayed on the website. While webmasters may not have control over the malicious advertisements being served on their websites by advertising networks, users can still stay safe using some precautions. Please read our article on Malvertising to know how malicious advertising works without the knowledge of webmasters.

Badware is software that fundamentally disregards a user’s choice about how his or her computer or network connection will be used. A badware website is a website that helps distribute badware, either intentionally or because it has been compromised. Many normal, legitimate websites are infected and turned into badware websites without the knowledge of their owners.

Coming back to websites, badware is set up by webmasters in very rare cases. In more than 90% of cases, they are victims, who do not that know their website has been compromised and that a malicious code has been inserted into the site code. This in turn, infects the many visitors who visit the website.

There are different elements on a website out of which, the site content and advertisements form the important elements and hence these two sets are primary targets of web-criminals. Be aware that using an Ad Blocker will not reduce your chances of being infected via an infected website as these kind of malicious scripts circumvent the ad blockers.

How do I know if a Site is infected

If there are no visible warnings and if the webmasters themselves do not know that their websites have been compromised, how do you know if a site is infected?  I will break down the answer into the following:

  1. When you attempt to visit the infected site using any of the standard browsers, you will get a message that visiting the site may be dangerous. The wording of message can be different, but you will see an alert about the website. Since there can be false positives, most browsers give you an option to continue visiting the website at your own risk. You security software too could throw up a warning, that it could be dangerous visiting a website.
  2. Searching for a website using popular search engines give out a description that is not related to the website. If you have been visiting the website before, you can instantly tell that something is not right after seeing the site description in the search engine result pages (SERPs).
  3. If you are a website owner and have webmaster accounts with Google, you will receive notifications about possible malware on your website.
  4. You find that file permissions have been changed.
  5. You may encounter unwanted and unexpected redirects when you click your website name when it appears in search engine results pages.
  6. In some cases, you can see new users on the webmaster dashboard; in other cases, the permissions for users may have changed.

Out of all the five indications listed above, the fail-proof method to detect if a website has been compromised is the first one. To receive such alerts, your browsers, plugins  and your security software must always be updated to the latest version. If you have a good antivirus or an Internet Security Suite installed, it will auto update itself almost every day.

I will stress more on browsers being updated and running the latest versions, as they would then contain the different security precautions built into the browser. In Internet Explorer, there is a SmartScreen Filter. Similarly, in Google Chrome, there is an option to turn on or off malware protection under the Settings. It is turned on by default. Mozilla Firefox has the option turned on and do not enable you to turn them off. In some cases, Firefox may simply refuse to load a website it considers is not safe for you.

You can use any of these Online URL Scanners to Scan websites for malware, virus, phishing, etc. If you feel the need, you can also install any of these Website URL Scanners & Link Checker addons in your browser.

If you do come across a potentially dangerous website, you can report it to Google here. Google will then scan the website and find out if it indeed is a badware website.

How are Websites infected by Badware

There are two main methods:

  1. Hack the site and insert malicious script inside the code without the knowledge of webmasters
  2. Insert a malicious advertisement using advertising networks that compromises the website

There are some other methods too. For example, if you used an infected PC to upload files to a website, it is infected. In this case, there is no third party involved but the website is still dangerous. Hacking the sites is easy if the webmasters are using outdated tools and forget to apply patches, etc.

What to do if your Website contains Badware

There are some steps listed on StopBadware.org. I am listing some of them in plain language and in brief.

  1. Take your website offline, so that it does not affect any more users. If you have a backup copy of your website, you can upload it after checking if it is clean.
  2. Scan the website code for malicious JavaScript. They can be tricky as they can look like legitimate scripts. For example, the letter L in Google is identical to the letter “i” in capitals. This can take much time, depending upon your sites’ size.
  3. Check for .htaccess file for invalid re-directions.
  4. Look for iframes that have height and width with zero as their value.

How does Badware affect a Website’s reputation

The first thing is that it will scare off users trying to get to your site. As explained above, when users try to access a website that has malicious code, they get a warning either from the browser or from their antivirus software. Such warnings will deter users from visiting your sites – especially the new one’s.

Second but more important, Google, Bing and other major search engines will display a warning in the search result or even blacklist your website, if they are find that your website has been compromised. You have to be proactive.

malware site google warning

When you remove the malicious code from your website, you have to ask Google or any other organization, which blacklisted your website, to review and include your site in their search results pages. You might be interested in checking out the Webmaster Tools of Google and Bing, that explains what to do when website is hacked.

StopBadware.org has made a humorous video that helps you better understand badware and how to deal with it. The website also offers useful resources about Badware.

WordPress users may want to check out this post on how to secure a WordPress site.

Play safe, stay safe!

Posted by on , in Category Security with Tags
Anand Khanse is the Admin of TheWindowsClub.com, an end-user Windows enthusiast, & a 10-year Microsoft MVP Awardee in Windows for the period 2006-16. Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.