Security Service Automatically Removes Malicious Code From Web Pages
Startup vendor StopTheHacker has added a feature to its subscription security service that automatically removes malicious code placed on Web pages by hackers.
Many businesses, such as law firms, have small IT staffs and few resources with which to run their websites, said Peter Jensen, CEO of StopTheHacker, which officially opened for business in San Francisco last month.
That makes it difficult for them to know if their site has been hacked and quickly fix it before more of their users are victimized. The problem of hacked websites has grown worse over the last few years: Google estimates it blocks 6,000 new websites a day that have been rigged to deliver malicious code to users.
If a website has, for example, a database vulnerability, hackers can gain access to the site, and plant code that attacks visiting computers. The style of attack is known as a drive-by download and usually occurs unnoticed by the victim.
Earlier this week, 30,000 Wordpress blogs -- some of which were running outdated versions of Wordpress' software -- were hacked to redirect visitors to sites hosting fake antivirus scans.
Several companies scan the Internet to detect such hacked pages. Google scans for malicious pages as part of its Safe Browsing service and warns users before they navigate to an infected web page. Google said last year it served up 3 million warnings of unsafe websites to 400 million users per day.
Google will also warn website owners if their site had been hacked, similar to StopTheHacker. But StopTheHacker has now updated the 3.1 version of its software to automatically remove the malicious code from a hacked website.
Website owners can choose whether they want to enable the automatic removal feature. Jensen said some administrators may prefer to just be notified by e-mail so they can go in and manually make the change.
But the automated removal feature may be good for smaller businesses with fewer IT resources and time, Jensen said. In order for the feature to work, StopTheHacker must have the client's FTP credentials to get access to the website's code.
Acorn Technology Corporation in Riverside, California, has been using StopTheHacker for about 100 domains it manages for customers, said Ryan Hoskin, vice president of operations.
Acorn offers it as an added-value feature for its customers, wrapped into the overall pricing for its hosting and management services, Hoskin said.
"We've had a few customers where StopTheHacker found issues with customers' websites," Hoskin said. "We've been able to notify the customer and get it resolved."
StopTheHacker has also built a Facebook application that scans profiles for malicious activity around games, content posted to a person's Wall, advertisements and links. Facebook, however, doesn't allow StopTheHacker to remove content from a person's profile, so that has to be done manually, Jensen said.
StopTheHacker's pricing is based on different features sets, ranging from a basic up to an enterprise offering ranging from US$10 to $100 per month.
Send news tips and comments to firstname.lastname@example.org