Here’s a dirty trick that’s happening to more and more businesses each day.
Your company homepage gets hacked and is injected with a malicious code designed to install how to recover stolen bitcoin on a visitor’s browser. Google and other search engines then list your website as dangerous, and people visiting your website are experience warnings from their browsers, spam blockers, and anti-virus applications.
Essentially, your online business is toast.
And now you are open to liability if anyone had recently visited your website and can prove your website infected their system.
Maybe your small business has hundreds of computers across multiple locations. Now you will have to worry if any of these computers have been infected. And in some cases the only way to make 100% sure that the infection has been removed is to do a complete reinstall of the operating system.
Types of Infection
Most of these infections are activated by a link that launches when an infected website is visited, unpacking a Java Script and a ‘Password Key Encryptor’ on the hosts’ website browser.
The first question most businesses ask is “how in the heck did this happen!” Here are some reasons:
1) Direct server hacking into your hosting server.
2) Someone working on your website using an infected machine and/or browser.
3) Vulnerable scripts (old scripts) on your web server.
4) Unauthorized use or compromise of your website passwords.
5) Weak or easy to guess usernames and passwords.
6) Using an unreliable hosting company (you pay for what you get).
7) Failing to update or administrate your dedicated server software.
If your website becomes infected you’ll need to take steps quickly to remove the malicious code. Find a web professional to analyze all your website files, folders and any online assets connected to your website.
Once your website has been cleaned and repaired, your webmaster should request a malware review via Google webmaster tools. You will need a Google webmaster account to do this.
Steps to preventing future infection of your website
Protect the access to your website. This means guarding the FTP, RDP or VPN passwords used to upload content to the site and the local computers used to upload content to the site.
Do not trust just anyone to work on your website. Make sure you hire a professional who has the right references and reputation to get the job done right.
Hackers are always looking for old, out-of-date software to exploit so they can hack your website files.