What Happens in a Malware Attack
On Monday, I was looking for a local business which I know, so I searched for what they do. Does anybody use Yell or BT.com any more? They didn’t appear in my search results. So, thinking this might turn out to be an SEO sales opportunity;-) I searched for it by business name, specifically.
Bing listed them this time, but when I clicked the link to open their website, this note appeared next to the search results. Bing would not take me straight to their website.
Google, similarly, listed them but with this immediate and scary warning, “This site may harm your computer.” One click fewer than Bing, you notice.
If you go straight to an infected website, your browser will warn you very clearly not to open it, too. If you decide to visit, be prepared to get rid of some spam!
This is all very upsetting for web user and site owner alike.
Why Malware Attacks Happen
Hackers, the source of malware, seek out weak targets. Everyone is vulnerable.
Think of your website like your house: how do you reduce the risk of burglary? You make your house less attractive to burglars than those around it. You buy a house in an area with a low crime rate. You fit decent locks and security lights. You fence the garden, install robust, lockable gates, and plant thorny bushes in vulnerable places. And then you take out insurance so that, should the worst happen, you can replace what you’ve lost.
All these points have website equivalents:
- Chose a secure web host, one with a good reputation, big enough to afford the serious cost of real security, small enough not to be a target;
- Understand, implement and check your client and server firewalls and anti-virus systems; keep them up to date;
- Cover web server gateways with strong passwords and change them regularly;
- Make sure somebody with sufficient authority “owns” your domain name and those ISP passwords;
- Validate carefully all data entry fields, blog comments, and anywhere someone else can data enter into your website, as this is where many hacks come from;
- Keep your operating system, web server and database software up-to-date with the latest versions to cope with new threats;
- Take regular back-ups – and test them – so you can get back up and running fast if disaster strikes.
And keep constantly vigilant: add regular website audits into your Business Continuity Plan.
Further Reading on Malware
Here’s some more information about malware attacks.