Security vendor CodeGuard has released a patented technology designed to deal with malware attacks on websites. MalwareGone is now shipping and is the latest product in CodeGuard’s security portfolio.
David Moeller, CEO of CodeGuard said: “MalwareGone has been a long time coming – we have been waiting for years to release this product. The reason there isn’t a product like this on the market is that its foundation is our patented backup technology, which obviously no one else possesses.”
What does it do?
The CodeGuard blog claims MalwareGone is: “..designed to discover viruses, trojans, rootkits, spyware and other malware on any websites. It searches for early-life and next-generation malware; the kind of malware that doesn’t yet have a detection signature.”
It’s a bold claim and one that will inevitably have people raising their eyebrows. There are a number of new security companies who claim to not require signature libraries. Their view is that waiting for signatures makes security reactive not proactive. In changing how they work they are able to find malware before it becomes a problem.
MalwareGone is not an isolated tool. It is designed to work closely with other CodeGuard products. The process starts with the backup technology mentioned by Moeller. This is more than just a simple backup. CodeGuard uses it to monitor changes on the website using another product called ChangeAlert. This sends emails whenever it detects changes to the site. What MalwareGone adds to this process is the ability to detect unauthorised changes and restore the site to a pre-infected condition.
Stopping hackers using your site as a distribution point
The vast majority of websites are open to attack by hackers. Every day sites are defaced or have the personal data collected from visitors, in other words, stolen. These are the things that people become aware of fairly quickly. What they are less aware of is the number of sites that are being used to distributed malware. Hackers install small pieces of code on the site and use that to redirect visitors to locations where malware is downloaded on their computer.
The problem for the website owner is that many of these attacks are short lived. That makes it hard to detect them. One of the most common ways this happens is through malvertisements. These are adverts placed on a website that is compromised. Many sites get their advertising from brokers who in turn buy from other brokers.
This has meant that even large sites such as the BBC, MSN, the Daily Mail and the New York Times have delivered malware in the past. Ars Technica reported on a press release by Trend Micro earlier this year. It said that ransomware was being distributed via malvertising on large websites. Tens of thousands of visitors were exposed to malware in just one 24 hour period.
CodeGuard is not promising it will prevent all incidents from ever happening. What it is saying is that MalwareGone will: “This ensures that remediation happens as quickly, efficiently, and accurately as possible – no more destroyed websites from a “fixing” service.”
Conclusion
Hackers are using a wide range of tools to identify vulnerabilities in websites. Even carefully monitored sites are not immune from attack. Hackers will exploit any weakness that they find. The size of the website is irrelevant to hackers. Campaigns rewards hackers for infecting end user machines with ransomware from any source. This places any site at risk.
CodeGuard is not just targeting website owners. It has released its solution as a white label service that hosting and cloud vendors can sell. It will be interesting to see in one years’ time how many attacks CodeGuard claims that MalwareGone has prevented.
