A malware attack is the act of injecting malicious software to infiltrate and execute unauthorized commands within a victim’s system without their knowledge or authorization.
The objectives of such an attack can vary – from stealing client information to sell as lead sources, obtaining system information for personal gain, bringing a site down to stop business or even just placing the mark of a cyber-criminal on a public domain. Malware attacks have been known to be executed by disgruntled employees, competing businesses, or even cyber-terrorist organizations.
In this article, we’ll provide an overview of how malware attacks work, clarify the importance of prioritizing defense against malware, and explain how to prevent and recover from an attack.
Contents:
- How do malware attacks work?
- Types of malware attacks
- Symptoms of a malware attack
- How do I know if my site is under attack?
- How to respond to website malware
- How to prevent malware attacks
How do malware attacks work?
Despite popular belief, individual businesses are not always the result of a targeted attack – though this can definitely be the case.
Generally, the attack is a result of cyber-criminals releasing their malicious code on the internet and attempting to infect as many sites as possible. A blanket attack of this magnitude would be the most effective means for the cyber-criminal to do the most damage. Because an attack like this can occur at random, it is always a good idea to be prepared.
Types of malware attacks
Malware attacks can manifest themselves as viruses, worms, trojans, adware or ransomware. As a general rule of thumb, malware attacks can be placed in one of two main categories:
Disruptive Malware
This is where the objective of the malware is to disrupt the normal flow of the system processes.
The attack can do this by overwhelming system resources to hinder them from completing or by hiding within the system code to add an “extra step” in a particular system process, so that it can intercept data in transit. Most malware would fall into this category and is the easiest to recover from. Once the attack is identified and removed, the system processes should continue to flow as it did before the attack.
Destructive Malware
This is where the objective of the malware is to destroy the system processes altogether.
While less common, the effects of this particular attack can be devastating. The data in the affected system can be deleted or corrupted beyond repair. Once the attack is identified and removed, the damage remains. The only way to fully recover from this type of attack is to restore the system from an uncompromised backup.
For a more in-depth look at how these specific attacks operate, be sure to check out Sucuri’s article on the difference between malware and a virus.
Symptoms of a malware attack
There are some important signs you should be on the lookout for that may indicate that your website has been compromised by malware.
- Browser redirects to unfamiliar or spam websites when visiting your site.
- Downloads are initiated on your web pages without consent.
- Blocklisting by Google and other search authorities.
- Customer complaints about credit card fraud after purchasing from your web store.
- Spam keywords or unwanted ads on your website.
- Phishing pages hosted on your domain.
- Emails sent without consent from your web server.
- New site errors and warnings in Google Search Console.
- Adwords is rejecting ads due to malicious or unwanted software.
If your website is exhibiting any of these symptoms, you’ll want to investigate as soon as possible to mitigate risk and reduce damage.
How do I know if my site is under attack?
Some malware attacks are obvious, such as the ad for a medical supplement suddenly appearing in the site’s header or a message by a specific cyber-attacker that the site has been hacked.
However, most malware attacks are designed to hide and survive – just like a parasite or virus. Because of this, the attack may not be apparent at all. Even if a site is not showing signs of an infection, it is a good idea to perform regular malware scans for possible incursions. Note that this information is not designed to elicit a fear response from the reader, but merely indicate that defense tactics should be a standard for any system in an environment where attacks are prevalent.
There are two effective ways that a site or web application can be scanned for malware:
External website scans
A remote website scan is the quickest way to scan your website’s environment for malware, as the surface of the system is interacted with to find any obvious signs of an attack.
Sucuri offers free external scans with the SiteCheck remote website scanner which can help detect problems on your site within seconds of submitting a URL.
Server scans
Also known as Server-Side Scanning, this method is not as quick as remote scanning options but is significantly more thorough.
Each file within the system is checked to find any malware hiding within the code. Since many types of malware lurk on the server and may not be detected front-of-site, it’s especially useful for identifying malicious PHP scripts, phishing, and website backdoors.
This scan method requires connectivity to the website’s server and is generally only available through a paid service, such as Sucuri’s malware detection and scanning solution.
How to respond to website malware
If malware is found within a system, steps need to be taken immediately to remediate the malware so that damage can be minimized. Furthermore, emphasis needs to be placed on the prevention of future attacks.
Sucuri discourages the act of removing malware without putting defenses in place immediately afterwards, such as with a one-time cleaning. Malware reinfections are common – and without any method to prevent the attack from reoccurring, the efforts of the remediation process may be wasted.
If you’ve detected website malware, we offer a number of free website guides to guide you through the steps you can take to clean up the infection — including our how to clean a hacked WordPress guide for the world’s most popular CMS.
For those that need a hand with cleanup, Sucuri offers website security that includes malware scanning, malware removal, and malware protection all together as a bundle. And if you’re an agency or web developer, we offer packages as a cost-effective security solution for multiple sites that can help you save money while protecting a large number of domains — chat with us to learn more.
How to prevent website malware attacks
There are a number of key steps you can take to prevent malware attacks:
- Use strong unique passwords for accounts, admin, and login credentials.
- Practice the principle of least privilege.
- Always keep your website and CMS updated with the latest patches.
- Use a web application firewall to deter brute force, bad bots, and DDoS attacks.
- Regularly scan your website for indicators of compromise.
- Avoid keeping websites in environments with other websites that have write access to each other
- Always use multi-factor or 2FA authentication on your admin panels
As a dedicated security company, Sucuri makes malware mitigation a priority and offers a simple solution that functions with minimal setup. The goal is to provide an invisible line of defense against such attacks, so that necessary systems can operate without the fear of exploitation.