There are multiple different ways to detect invisible malware on a website:
- You can scrutinize the HTML code of web pages.
- Use external scanners like SiteCheck or UnmaskParasites.
- Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools).
- Try to open web pages with different User-Agents and check for changes.
- Sometimes it is even helpful to open a page using a script blocker (the disabled scripts may hide spammy links injected into web pages).
It’s not a definitive list and sometimes we see some interesting ways that malware reveals itself. This time I’ll show how a fake WordPress plugin that was injecting invisible links to a porn site unmasked itself in via RSS feeds.