FAQ: Web Site Malware Scanning

Questions:

What is malware?
How do I know if my Web site is free of malware?
What does the service scan?
What happens if malware is detected on my Web site?
How much bandwidth will the scan require?
When does the scanning service begin?
Do I have to activate malware scanning for every SSL Certificate?
Can I customize the Web site malware scan
How does my customer know my Web site is free of malware?
Does this replace my enterprise scanning solution?
What does blacklisted mean?
How can I protect my site from malware?
What does the VeriSign Trust Seal mean to my customers?

Answers:

What is malware?
Malware is short for malicious software and also known as malicious code. Hackers exploit security weaknesses on your server to gain access to your Web site and install malicious code. They use your Web site to spread viruses, hijack computers and steal sensitive data such as credit card numbers or other personal information. Malware code is not easily detected and may infect your customers’ computers when they visit your Web site.

Back to Top

How do I know if my Web site is free of malware?
Malicious code is hidden in the source code of your Web site and can be difficult to detect without line-by-line analysis. Some malware is activated by the display of a page and may not be detected without behavioral analysis of your code using a browser simulator. When you protect your Web site with a VeriSign® SSL Certificate, we include a free daily malware scanning service for your public Web pages. If malware is detected, you will be directed to a list of infected pages and notified of the code causing the problem. Once you have deleted all instances of the code, you can request that your site be rescanned within 24 hours

Back to Top

What does the service scan?
VeriSign Web site malware scanning service scans the Web site code located at the hostname used in the SSL Certificate, including javascript and iframes. The service completes a static analysis of Web site code as well as behavioral analysis through a browser simulation to find code that may be activated by display of a page. The service does not scan every Web page on your Web site, but reviews an optimal number of pages to identify malicious activity. It does not scan your network or search for malware on internal desktop computers or scan attachments or internal Web pages that require sign-in.

Back to Top

What happens if malware is detected on my Web site?
If malware is discovered and you are an SSL customer, the VeriSign Trust Seal deactivates and is replaced by the VeriSign Secured® Seal. You receive an email alert warning you of the malware infection with instructions to access the scan results within your the VeriSign Trust Center account. Go to the Trust Seal Services tab to see a list of infected pages and the code causing the problem. You or your Web site administrator can find and delete all instances of the malware and request that your site be rescanned within 24 hours. When the scan confirms that all instances of malware are removed, the VeriSign Trust Seal displays again.

Back to Top

How much bandwidth will the scan require?
The scan is not like a vulnerability scan, searching for an exploit and consuming bandwidth. It works more like a search engine crawler that reviews your html code. As such, scanning is equivalent to a few people accessing your Web site at any given time and should not affect your site performance or take your site offline.

Back to Top

When does the scanning service begin?
Web site malware scanning is automatically activated when your business has been authenticated and you have been issued a valid SSL Certificate. There is nothing to download or install for you or your customers. If you decide that you do not want your Web site protected by a daily malware scan, simply sign in to the VeriSign® Trust Center to deactivate scanning.

Back to Top

Do I have to activate malware scanning for every SSL Certificate?
Scanning occurs by hostname. You may have many servers, each one secured by a unique SSL Certificate and all of them providing content to a single hostname. The scan is of the html pages located at the hostname, not the servers themselves. As long as you have one active SSL Certificate with the hostname, malware scanning is activated. If you decide that you do not want your Web site protected by a daily malware scan, simply sign-in to the VeriSign Trust Center to deactivate scanning of the hostname.

Back to Top

Can I customize the Web site malware scan?
Malware scanning may be turned on or off by signing in to your VeriSign Trust Center account and clicking the Trust Seal Services tab. Specific pages or sections of your Web site cannot be targeted. Note: The VeriSign Trust Seal only displays on Web sites and in search results with malware scanning activated. The VeriSign Secured Seal will display if malware scanning is deactivated.

Back to Top

How does my customer know my Web site is free of malware?
The VeriSign Trust Seal only displays after a successful malware scan. If your site fails a malware scan, the seal switches to the VeriSign Secured® Seal which indicates that encryption is available on your site and authenticates your business entity. When customers see the VeriSign Trust Seal, they know you are committed to keeping them safe and they can click the trust mark to see the status of your malware scan. Many large companies have malware scanning solutions today, but their customers do not know that they are protected. Now they have assurance through the VeriSign Trust Seal.

Back to Top

Does this replace my enterprise scanning solution?
No. VeriSign’s Web site malware scan is designed to provide additional assurance to business owners and their customers that the site is regularly checked for malicious code. Traditional anti-malware software focuses on the end point: the desktop. Most enterprise scanning solutions are designed to protect employees from downloading or installing malware rather than protecting the company’s Web site from distributing malware.

Back to Top

What does blacklisted mean?
Because of the potential damage caused by malware, Google, Yahoo, Bing and other search engines scan and then blacklist or exclude any site found with malware. If your site is blacklisted, it may be blocked entirely or flagged with a security alert to discourage click through. In addition, anti-virus plug-ins to popular browsers can detect malware and block access to infected sites.

Back to Top

How can I protect my site from malware?
Like most thieves, malware hackers look for easy targets—such as a Web site where malware will go undetected for as long as possible. Posting the VeriSign Trust Seal on your Web site is like posting an alarm security sign in your front window. It shows hackers that your site is scanned daily to detect malware.

Back to Top

What does the VeriSign Trust Seal mean to my customers?
As consumers become more concerned about identity theft, they look for signs that a site is safe before doing business. By posting the VeriSign Trust Seal, you show customers that you care about their safety and that your site has passed the VeriSign malware scan within the past 24 hours. Learn more: What VeriSign Trust Seal Means

Back to Top