Proactive Malware & Phishing Monitoring and Infection Detection: Sucuri Web Integrity Monitor

Recently, while working on a vBulletin clients’ forums I encountered some web site red boxed background malware infection alerts. Using Google Chrome web browser with Google Safe Browsing technology enabled for phishing and malware protection, I experienced one of these malware alerts. You will either get one of the two below alert warning messages.

Warning: Something’s Not Right Here!

This warning appears if Google Chrome detects that the site you’re trying to visit may contain malware.

Warning: Suspected phishing site!

This message appears if Google Chrome detects that the site you’re trying to visit is suspected of being a phishing site.

What is malware ?

Malware is software that gets installed on your machine or web server, often without your knowledge, and is designed to harm your computer or potentially steal information from your computer. The malware can do this via a type of malware infection called, backdoors.

What is phishing ?

A phishing attack takes place when someone masquerades as someone else to trick you into sharing personal or other sensitive information with them, usually through a fake website.

Google Chrome web browser has phishing and malware protection enabled by default under

Options > Under the Hood > Privacy > Enable phishing and malware protection

How do you get Malware/Phishing infections ?

There are many ways in which a web site or forum can get infected with malware, via SQL injections and insecure web application code are most common. For vBulletin from my experience, such malware infections come from a few sources:

1. Running out dated vBulletin versions – not keep vBulletin updated to patch security issues.
2. Third party vBulletin plugin, hacks/code – be careful what plugins and hacks you install. And keep up to date with patches and updates released by vBulletin add-on plugin authors. One common plugin to keep updated is vBSEO.
3. Third party scripts and software. Common ones are web advertising and banner serving scripts such as phpads/OpenX.

For WordPress and Joomla and other CMS web scripts, they can also get infected through add on plugins and extensions which are out of date or insecure.

Google Web Master Tools and Malware

What do you do when your web site or forum gets infected ? And how to unblock your web site or forums from Google’s Safe Browsing alert ?

Google Web Master Tools help articles has a few pages dedicated to just this.

• About malware and hacked sites
• Cleaning your site
• Report spam, paid links, malware, and other problems to Google
• Preventing malware infection
• Request a malware review of your site
• Open redirects

If you currently don’t have any malware or phishing infections, then you should pay attention to the preventing malware infection page. I’d also registered a Gmail email account and sign up to use Google Webmaster Tools and register your web site or forum domain name within Google Webmaster Tools as it has a Diagnostic page for regular reporting of any detected Malware infections to your web site and you can even configure the alerts to be forwarded to your Google message center/email address.

Sucuri Web Integrity Monitor

If you have read through all Google Webmaster Tool’s malware prevention and cleaning information, you’ll probably come to the same conclusion as me – that is it’s very time consuming whether your actively monitoring for malware and phishing infections and even more time consuming if you are unfortunate enough to get malware and phishing infections on your web site or forums and need to clean up and remove such malware infections.

While working on a vBulletin clients’ forums, I came across Sucuri Web Integrity Monitor service while searching for malware site check scanners. Their Web Integrity Monitor service automatically updates and monitors your web site or forums for unauthorised changes to your site (malware, phishing, SQL injections), DNS, Whois and SSL certificate changes. A must have for any vBulletin, WordPress, Joomla or commonly infected scripts. If you do get malware infections, their service will send you alerts via email and Twitter and will also clean up and remove the malware infection from your web site.

Of course this doesn’t replace the need to keep software, scripts and add on plugins up to date, but adds another layer in being proactive against malware and phishing infections. And if you do get malware infections, you have Sucuri professional folks to help clean up and removal the malware infection. As I found, just figuring out where and how you got malware or phishing infections is very difficult if you don’t know what you are looking for in the first place!

Both the vBulletin client and I signed up with Sucuri.net to proactively monitor our sites against malware and phishing infections. Now vbtechsupport.com is actively monitored.