If you’ve ever visited a website only to be greeted by a red screen warning you about a malware infection, you’ve found a blacklisted site. Search engines do their part to protect users everywhere from malware and cybercrime through a process known as “blacklisting.” While this can be helpful, it is not the most reliable way to look for malware. We’ll discuss what blacklisting does and does not do, as well as the most effective ways to know if a website is infected with malware.

What is blacklisting?

To encourage a safer internet and protect users from dangerous malware infections, Google and other popular search engines review websites for malware.

  • What is malware? Malware is software created for malicious purposes. Website malware can be used to attack websites in a variety of ways.

It’s not always obvious when a website has malware, so these warnings are intended to be helpful to the average website visitor.

Search engines detect malware by sending out bots (the good kind) to crawl or “index” your site. The primary purpose of indexing is to make the crawled pages available to appear in search results, but these bots also look for website malware. If malware is definitely detected on the site, the website will be inaccessible to visitors, or “blacklisted.” Blacklisting means that the site will be removed from search results so that it can’t be found through search, and a warning will prevent direct visitors from entering the site. This prevents visitors from being affected by malware attacks, which could steal their personal data, send spam, or even spread more malware.

Unfortunately, while it may sound like blacklisting makes it easy to know when a website has malware, this isn’t always the case.

Is blacklisting the best way to find website malware?

The truth is, blacklisting occurs only when malware is definitely identified and there is no chance of a false positive. This is done because blacklisting can be devastating to a business’s bottom line and reputation. However, this has two major drawbacks:

  • The damage has likely already been done. Search engine bots generally do not crawl websites every day. How often they crawl depends on a variety of factors. Therefore, by the time a website has flagged, it has likely been infected for days, if not weeks.
  • Many infected websites go unflagged. Only 17 percent of infected websites were blacklisted in Q1 2018 – that’s less than one in five infections being caught by search engines, according to SiteLock research. This means that 83 percent of infected websites receive no warning at all from search engines.

Blacklisting is still a valuable service that protects many from harmful malware infections. However, blacklisting is not designed to protect website owners, and it is dangerous to rely on search engines to find malware. Fortunately, whether you’re a website owner or just a visitor, you won’t need to.  

How can I tell if a website has malware?

While many types of malware are difficult to detect with the naked eye, some common malware attacks do show symptoms that all visitors should be aware of:

  • Defacements. This attack is the easiest to spot, as cybercriminals will replace a site’s content with their own name, logo, and/or ideological imagery.
  • Suspicious pop ups. Are you really the lucky one millionth visitor? Think before you click on pop ups ads that sound too good to be true. Clicking on them may rcause you to accidentally download malware to your computer.
  • Malvertising. We recommend exercising caution when clicking on any ads, as  legitimate ads can be infected with malware. However, some malicious ads are more obvious. They typically contain spelling/grammar errors or unprofessional graphic design, feature products that don’t match your browsing history, or promote “miracle” cures/celebrity scandals.
  • Phishing kits. This attack tricks users into handing over sensitive information by imitating commonly visited sites, like banking websites. They may seem real at first glance, but spelling and grammar errors will give them away.
  • Malicious redirects. Often used in conjunction with phishing kits, malicious redirects take visitors from one site to another, usually malicious, site.
  • SEO spam. If you see unusual comments, usually with links, in a website’s comments section, it’s likely SEO spam.

While this can help the average visitor detect an infected site, website owners will need to take it a step further to be sure their website is free from malware.

What is the best way to find website malware?

A website scanner is the easiest, most efficient, and most effective way website owners can look for malware. You’ll also save time and money – you don’t have to look for malware yourself, or hire an expert to look for you. SiteLock offers a powerful website scanning solution that not only works automatically, but also includes the following:

  • Accurate and comprehensive detection. New types of malware are created every day, so you’ll want a scanner backed with a threat database that’s updated every day.
  • Automatic response. SiteLock reviews your site every day for malware, and will automatically remove known malware as it is detected.
  • Detailed reports that are easy to understand. You’ll always know what’s happening with your site’s security.
  • Increase visitor trust. Our scanner includes the SiteLock trust seal, which lets your visitors know your website is safe.
  • Get protected instantly. Our cloud-based solutions can be installed in minutes.

For the most accurate and efficient protection against malware, check out our plans and pricing today. To see how SiteLock has protected other businesses from blacklisting, check out our customer stories and SiteLock reviews.

Related Articles