Google has launched an education campaign this week aimed at helping hacked website owners detect and eradicate malware hijacking their content.
The search engine giant issued a hacked website information page with more than a dozen articles and 80 minutes of videos on how to restore a site's presence after an infection occurs. Websites are frequently targeted by widespread automated attack toolkits and, once infected, Google and other search engines and security firms often flag a site, blocking it from being listed in search results and warning visitors that the site hosts malicious content.
"We hope that by adding our educational resources to the great tools and information already available from the security community, more hacked sites can restore their unique content and make it safely available to users," wrote Maile Ohye, developer programs tech lead at Google, in an announcement about the new campaign. "The fact remains, however, that the process to recovery requires fairly advanced system administrator skills and knowledge of source code. Without help from others -- perhaps their hoster or a trusted expert -- many site owners may still struggle to recover."
Ohye cited a study by the nonprofit antimalware organization StopBadware in 2012, which found that 25 percent of sites that are hacked remain infected with malware and an additional 2 percent of sites are abandoned altogether following an intrusion. Hacked sites are used by financially motivated cybercriminals to spread malware by setting them up as an attack platform using automated scripts.
The StopBadware report found that content management systems and their plugins are the most frequently targeted by attackers. Vulnerabilities in WordPress and its third-party components are targeted most because of its popularity, but Joomla, Blogspot and osCommerce are also frequent targets, the study found. Website owners frequently fail to apply patches to content management systems and update components, the organization said.
"The diversity of platforms hosting compromised sites, and the variety of methods by which they were compromised, demonstrate the opportunistic nature of cybercriminals," StopBadware said in its report. "Many consumer and small business site owners lack awareness of the threat to their sites and how to get assistance once their sites have been compromised."
Ohye said that Google takes extra steps with sites that are hacked to distribute malware. The company provides verified site owners with a sample of the infected URLs, often with their malware infection type. Owners also need to follow security best practices, such as keeping software updated, eliminating unused software and enforcing a strong password policy, Ohye said.
PUBLISHED MARCH 13, 2013