Security service automatically removes malicious code from Web pages

Startup StopTheHacker's newest features may be good for small businesses who want hands-off Web page security management

Startup vendor StopTheHacker has added a feature to its subscription security service that automatically removes malicious code placed on Web pages by hackers.

Many businesses, such as law firms, have small IT staffs and few resources with which to run their websites, said Peter Jensen, CEO of StopTheHacker, which officially opened for business in San Francisco last month.

[ Also on InfoWorld: Hackers infect WordPress 3.2.1 blogs to distribute TDSS rootkit. | The Web browser is your portal to the world -- as well as the conduit that lets in many security threats. InfoWorld's expert contributors show you how to secure your Web browsers in this "Web Browser Security Deep Dive" PDF guide. ]

That makes it difficult for them to know if their site has been hacked and quickly fix it before more of their users are victimized. The problem of hacked websites has grown worse over the last few years: Google estimates it blocks 6,000 new websites a day that have been rigged to deliver malicious code to users.

If a website has, for example, a database vulnerability, hackers can gain access to the site, and plant code that attacks visiting computers. The style of attack is known as a drive-by download and usually occurs unnoticed by the victim.

Earlier this week, 30,000 Wordpress blogs -- some of which were running outdated versions of Wordpress' software -- were hacked to redirect visitors to sites hosting fake antivirus scans.

Several companies scan the Internet to detect such hacked pages. Google scans for malicious pages as part of its Safe Browsing service and warns users before they navigate to an infected Web page. Google said last year it served up 3 million warnings of unsafe websites to 400 million users per day.

Google will also warn website owners if their site had been hacked, similar to StopTheHacker. But StopTheHacker has now updated the 3.1 version of its software to automatically remove the malicious code from a hacked website.

If a law firm's website is hacked in the middle of the night and StopTheHacker detects the change, malicious code -- whether it be a line of JavaScript or a PHP script -- can be removed, Jensen said.

StopTheHacker detects malicious code by using an artificial intelligence engine that performs static and dynamic analysis of code such as JavaScript, decompiles Web page objects and then scores the probability of malicious behavior, said Anirban Banerjee, co-founder of StopTheHacker, who developed the technology while at the University of California in Riverside.

Website owners can choose whether they want to enable the automatic removal feature. Jensen said some administrators may prefer to just be notified by email so they can go in and manually make the change.

But the automated removal feature may be good for smaller businesses with fewer IT resources and time, Jensen said. In order for the feature to work, StopTheHacker must have the client's FTP credentials to get access to the website's code.

Acorn Technology Corporation in Riverside, California, has been using StopTheHacker for about 100 domains it manages for customers, said Ryan Hoskin, vice president of operations.

Acorn offers it as an added-value feature for its customers, wrapped into the overall pricing for its hosting and management services, Hoskin said.

"We've had a few customers where StopTheHacker found issues with customers' websites," Hoskin said. "We've been able to notify the customer and get it resolved."

StopTheHacker has also built a Facebook application that scans profiles for malicious activity around games, content posted to a person's Wall, advertisements and links. Facebook, however, doesn't allow StopTheHacker to remove content from a person's profile, so that has to be done manually, Jensen said.

StopTheHacker's pricing is based on different features sets, ranging from a basic up to an enterprise offering ranging from $10 to $100 per month.

Send news tips and comments to jeremy_kirk@idg.com.

Join the discussion
Be the first to comment on this article. Our Commenting Policies