Malware Analysis Series — Part 4: Detection VS Removal

If you’ve ever seen me at a WordCamp, you’ve probably heard me answer this question, and likely more than once. When it comes to malware scanning on a WordPress website, what makes the SiteLock® malware scanners different from the competition? Well, scanners simply are not created equal. My go-to short answer is typically explaining one of our scanners’ “killer features,” like its ability to automatically remove malware.

In techno-lingo, a killer feature is any attribute of a product or service that, for a particular type of use, becomes essential to users due to its considerable value. A killer feature provides the product or service such an advanced competitive edge that it figuratively “kills” any competitor’s feature set.

It would be fair to say that practically any website owner would be peeved, to say the least, if their website becomes infected with malware, especially when it means an interruption of service. I would venture to say that for WordPress website owners, doubly-so. Most WordPress website admins, especially when eCommerce is involved, are always seeking to make their website run faster and better.

“Don’t even say downtime, you might jinx it!”

Unfortunately, when a website has a serious compromise, interruption of service (i.e. downtime) is all but guaranteed to happen. Whether it be because the malware corrupted the site’s files so badly that the website fails to load correctly, the website was suspended by you or your hosting provider due to the potential dangers to visitors, or having visitors deterred from entering the site after being blacklisted by Google or other search engines, you may as well consider the lights turned off. Once an infection occurs, expedient recovery is the thought on your mind.

When it comes to most other security providers’ solutions, their scanning systems may detect malware, but manual intervention is required in order to actually resolve the crisis. Your typical experience may look something like this:

• Malware is detected during a routine scan.
• You receive a vague email or a dashboard prompt from the vendor indicating malware has been found.
• You navigate to your security control panel to view the details of the alert.
• The dashboard presents a call-to-action with either an option to request a clean or an advisory to clean it yourself (hopefully with some info on the malware’s location).
• If your security provider offers malware remediation, you may generate a ticket to request having them clean the site.
• You wait for your security provider to execute their process of allocating the work to an employee and proceed with the clean.
• You wait a little longer. If you’re fortunate, you’ve received an email of some kind by now, but this often takes over 24 hours.
• Your security vendor sends a canned resolution email indicating that the site has been cleaned.
• After taking your blood pressure medication and combing your hair back into place, business can proceed.

It’s a bit of a lengthy process that can often take 24 to 48 hours to complete. Along the way, you’ll probably want to pick up the phone to call for a status update, but unfortunately, your security provider most likely does not offer phone support. For a WordPress website under under siege by malicious attackers, this experience leaves something to be desired, in my opinion.

What if you could automate that process to speed things up? With SiteLock scanning, we do just that. Your typical SiteLock customer experience will look more like this:

• Malware is detected during a routing scan.
• SiteLock® SMART removes the malware and sends you an email notifying you that it has done so.

The vast majority of malware cleans on WordPress websites take only a few minutes to complete, getting your site secure and operational in the absolute minimum time frame. That’s the difference between just having automated detection versus automated cleaning. If the malware incident is an edge case where human intervention is required, we have an entire team standing by for that as well. If you end up with questions about your malware case, you don’t need to submit a ticket… you can just pick up the phone and call our 24/7/365 US-based customer service team.

Many website security vendors provide malware scanning. Some provide automatic malware scanning, and a few do it quite well. Only one website security provider offers automatic malware removal … SiteLock.

Have a question for our security professionals or a topic that you would like us to write about? Message @SiteLock and use the #AskSecPro tag!

Want to learn more about malware? Check out these additional resources from SiteLock:

• What is Malware?
• Common Types
• The Evolution of Malware
• Ways Malware Can Get Onto Your Site
• The Dangers of Malware
• The Effects of Malware on Small Businesses
• How to Check Your Website for Malware & Common Signs
  • How to Check for Malware in Databases
• Ways to Protect Your Site
• How to Remove Malware
• Malware Analysis Series:
  • Signature based Analysis
  • How a Signature is Born