Summary: ‘how to’ uncover and detect malware on your website

Summary: ‘how to’ uncover and detect malware on your website

Henry Dalziel | Concise Courses, General Hacking Posts, Hacker Hotshots | September 12, 2013

We had an excellent Hacker Hotshot event yesterday (September 12th 2013) that we have to share with you. Quick recap, the title was: “Uncovering Malware in Your Website” with Jason Kent from Qualys. Jason is the Director of Web Application Security at Qualys.

Jason shared a lot of excellent content and frankly it’s all superb info that we can all use whether you are a small site blogger or running a large organization. The learning objectives for this web show were officially twofold: to understand how to detect malware on your website, and what happens if you do? In fact, Jason covered a lot more and answers some great questions that came from our awesome community (the questions are listed at the bottom of this blog post).

Here are only a few take away items from the nearly half an hour web show!
The Website Malware Risk. The malware risk is huge. Jason showed us reports by the Verizon Data Breach Investigations Report (DBIR) and the 2013 Symantec Internet Security Threat Report (ISTR) that clearly demonstrate that breaches and hacked websites have been increasing each year. A key table and data set that was shared by Jason was the ‘Top 10 Threat Action Types by Number of Breaches and Records‘ which lists the mix of malware and hacking types that have been most ‘popular’ or commonly seen, to date. At the top of the list was keylogging, ‘form grabbing’ and spyware. Dropping backdoors was also touted as being an increasing risk in the latter half of 2013. To see that table forward the presentation to the fourth minute.

Zeus had a special mention during the talk – and if you work in the financial space then you absolutely should be watching Jason’s presentation.

XSS, Cross Site Scripting had a mention in that it facilitates malware injection through drive-by downloads, and also, iFrame injections were also discussed as being an unfortunate growth area, (for more on iFrame hacking and injection listen to the Q&A at the end of the video – the link to the video is at the top of this blog post).

Interesting in learning more about malvertising? Then forward the video to the sixth minute of the show where Jason explains the subject in more detail.

Other take-away points include advice and information on how to detect website malware and how today’s malware has mutated and developed over time. Finally, right before the Q&A, Jason also touches on ‘better website security.’

Questions that were asked during the show were, as follows:

  • “You mentioned Zeus, how is that typically installed by the hacker?
  • Is having your entire site HTTPS better for security? Thing is that our site is all HTTP and has been indexed by Search Engines so we have a concern about losing our rankings so I guess there is now a trade-off?
  • What is the main purpose of Reputation Services? Are they giving opinions on a security profile?
  • Do you think an organization has an obligation to let customers know that they have been infected because they might have infected their users?

To see the answers just hit-up the video here.

In Summary
The presentation was brilliant – watch it. We order you! We have only covered a few items from the web show above so expect more when you watch the 25 minute Hacker Hotshot web show. Just quickly – the first couple of minutes have a little slight echo – just ignore that – the quality becomes excellent thereafter.

Let us know your thoughts? Has your site ever been hacked, and if so, what by, what caused it and how did you discover the compromise? The last thing we want to leave you with is this: back up your data! Yes, that is an obvious and predictable thing to say in a post like this but since we are on the subject of website malware – websites (and their often accompanying databases) often contain tons of data and web apps that are reliant on that data, so, make and store regular back-ups!

If malware is your thing then you will love our upcoming web show with Domingo Guerra titled: “Status of App (in)Security: A look at common risky behaviors in the top 400 iOS and Android Apps.”. Clearly, Jason highlighted web application malware, and the relentless threat of website malware, but Domingo will bring in another and even faster growth area: mobile malware.

Whilst on the subject of malware and Hacker Hotshots, if the detection and analysis of malware is of interest of yours then check out a previous show titled: “Malware Analysis on a shoe-string budget” with Michael Bowman.

Lastly – if you have a particular interest in website defence then we’d encourage you to check out our course: “Learn How To Hack And Defend Your Website In Just 3 Hours” which is a live, online and fully interactive infosec training course. The entire purpose of our mini (and very affordable) course is to teach you how to defend your website against all the nasty malware that Jason referred to in his excellent presentation.

If you’d like to reach out to Jason his details are at the end of the video or you can always contact us and we will happily replay the message!

Leave a comment or reply below...thanks!