Comodo released SiteInspector, a free malware scanning and blacklist monitoring for websites. The free service allows website owners to set up recurring, daily checks on any 3 pages of a domain.
If malware is discovered or if the website is found on any one of a range of website blacklisting services, then the account owner is immediately notified via email.
Traditionally, viruses and malware were activated only after proactive user interaction (for example, double clicking on an infected mail attachment). Unfortunately, hackers today are far more adept at distributing their malicious code and a ‘drive-by-download’ malware attack can be triggered simply because a user visits a web page. Perhaps more alarming is that the owner of the website can often be unaware that their site is hosting this malware
Hackers use a wide variety of XSS techniques to invisibly insert malicious code on target websites and in some cases, even use served ads as a delivery mechanism. Whatever the technique used, once a service like Google Safe Browsing, PhishTank or Malwaredomainlist discovers malware on a site, they will place it on their official blacklist. In the case of the massively influential Google, this can be a devasting reputation and traffic killer for the website in question as all visitors will be shown a warning message stating ‘Visiting this site may harm your computer’.
The free service includes:
- Automatically recurring, daily malware scans on 3 pages of a domain
- Daily checks that a website is not present on major Internet blacklists
- Immediate notification via email if a problem of any type is detected
- In-application reporting and threat mitigation advice if malware is found
- Fast sign up and easy to use online interface so users can be up and running in minutes.
SiteInspector tests webpages for malware from a ‘customer’s point of view’. To do this, it downloads all specified pages and runs them in a sandboxed browser environment. If the browser attempts to execute a malicious activity; crashes; downloads a suspicious file; changes registry entries or exhibits behavior consistent with malware, then its flagged as malicious. A notification email will also be sent to the account holder.
“SiteInspector dramatically reduces the time between problem identification to problem resolution for business websites.” Said Melih Abduhayoglu, Comodo CEO and Chief Architect. “No longer will businesses have to wait for angry customers to complain that their website contains malicious content. To take advantage of this essential service, webmasters just need to take a few minutes to sign up and configure the service. SiteInspector will do the rest.”