1. SEJ
  2.  ⋅ 
  3. SEO

Yes, You’re An Attack Site That Contains Malware, Now Here’s What To Do About It

Yes, You’ve Been Labeled An Attack Site, Now Here’s How To Fix the ProblemIt’s undeniable how powerful search traffic can be from Google. In addition, search marketers understand how important a specific listing can be in the SERPs. Even if you have high rankings, a poor title or meta description can really hurt your click through.

Now imagine someone messed with that listing (like Google) and injected one line saying something like “This site may harm your computer”. Now how would you feel? I know some search marketers that would blow a gasket over someone messing with their listing, let alone adding something scary about viruses and malware.

Let’s take a quick look at a potential scenario. Imagine you woke up one morning and noticed a drop in search traffic from Google. Your first move might be to check which categories and keywords were impacted. But upon further analysis, you notice a larger drop in traffic, and not just from search. Now you’re really concerned…

Then as you’re doing some test searches, you notice a new line in your listing (in the SERPs) and then a great interstitial page scaring potential visitors away. That’s when you realize what happened… you’ve been labeled an attack site by Google!

What Does That Actually Mean?

This doesn’t mean you’re a horrible person, that your staff suddenly became a freewheeling bunch of hackers overnight, or that your company’s master plan was to infect the world with malware.

It simply means that Google’s automated scanning system has flagged your site for containing malicious content (which doesn’t mean you put it there.) You can’t blame them right? They want to protect users and not be associated with evil things like malware. So, let’s take a closer look at what your potential visitors (or customers) are seeing.

The Manifestation of Being Labeled an Attack Site…It’s Not Pretty

First, when searching on Google, visitors might see a message in the SERPs notifying them that your site has been identified as an attack site and that it may harm their computer. {How’s that for generating high click through!}

Google warning about malware

Then, if you are lucky enough to have some brave Google users that day who actually decide to click through, they will be taken to an interstitial page further warning that your site is an attack site and could hold malware. {What do you think this does to your click through?}

Google warning about the malware

But it doesn’t stop there…to make things worse, Firefox 3.x users who are about to visit your website will also be taken to a specific page explaining that they might be visiting an attack site. In addition, this doesn’t have to be from a search listing. It’s a bright red page with warnings that your site has been identified as an attack site and can harm their computer.

FireFox message to warn about the malware

One piece of advice, don’t take this lightly and think many people aren’t seeing these messages. If you see it, don’t assume this is an anomaly. Denial won’t help your situation. It’s a problem that can seriously impact your business. Your goal at this point is to fix the problem and ensure Google and its partners know your site is free of malware.

Quick Note About the Firefox 3.x Warning

I saw this exact warning message last week, and I can tell you, I wasn’t about to click through to the site in question. Firefox receives a continuously updated list of websites labeled as attack sites and will warn users when they attempt to visit those sites.

Although I’m going to explain how to resolve attack site issues below, Firefox users may still receive that warning message after Google clears your site (due to caching). I’m not saying they will see that message forever, but there may be some lag between the site being cleared and the data that Firefox is using to flag attack sites. That’s even more reason to act quickly…

Will I Be Notified That I’m An Evil Attack Site?

Yes, you should be notified via Google Webmaster Tools (GWT) that your site has been flagged. If you don’t know what Google Webmaster Tools is, then visit the site and sign up today. In my opinion, it’s an absolute necessity for several reasons beyond the one covered in this post.

If you have already set up GWT and your website has been flagged as containing malicious content, you should receive a message from Google in your message center and see a warning on your overview page. To get to your overview page, you would click through to one of your websites listed on your GWT dashboard. Google should also identify which URL’s were flagged as containing malware.

Here is a sample message from Google (which was provided on their blog post about warnings for hackable sites):

Google message sent to hacked sites

Taking Action and Making Your Case

So what can you do if your site is labeled as an attack site? Simply put, target the root problem and move quickly. The Google Webmaster Central Blog has some great tips for sites that have been flagged.

I would identify the problematic URL’s via webmaster tools, track down the specific issues security-wise, and fix those problems as soon as possible. For example, is badware being downloaded from your website, are you linking to malware, do ads on your site link to malware, has your site been hacked, etc.

Once you determine the issues and fix the problems, you can request a review to determine if your site is clean. You can request a review from within Google Webmaster Tools (see screenshot below for the link.) Google will reevaluate your website relatively quickly, and if they determine your site is clean, the removal of malware messages could occur in a timely manner (even within 24 hours).

The scanning process is fully automated, so there are times your site can be scanned within a few hours (although that’s not guaranteed).

If you need to take down your site temporarily while fixing the problem, then make sure you return a 503 status code, which will prevent it from being crawled.

You can also visit to request a review. You can read more about stopbadware on their website, but they partner with Google’s anti-malware team to communicate information about websites that have been deemed a threat.

You would first want to search their database to see if your site was showing up as being flagged. If it was, you can click through to a report about your site, and then click “request a review” to have them check your site again. But don’t do this unless you are confident that your site is free of malware…

Some Final Tips:

  • Set up Google Webmaster Tools for all of your websites. It provides a wealth of information and tools that can benefit you as a website owner (and for SEO purposes.)
  • Check the Google safebrowsing diagnostics page for your website. You can use the following link and append your own URL to the querystring to see what Google’s automatic scanners have found. If your site has been flagged, check webmaster tools to identify the problematic URL’s.<site-name-here>
  • Be vigilant and analyze your websites frequently using your web analytics package. That might sound obvious to many of you, but ensure you know when traffic drops, which channels drop off, which keywords drop off, etc. For example, if you checked your analytics reporting for the previous day and saw a significant traffic drop, you might reveal that it was Google organic traffic, which typically led to a specific landing page. Then you could possibly begin to target a problem quickly.
  • Analyze new content hitting your site as much as possible (including advertising). For example, do you have a new content partner? Find out exactly where their content is coming from, are they scanning that content on a regular basis, and can they provide references you can actually speak to? For example, one call could save you days of headaches and lost traffic (and possibly revenue). i.e. “They were great other than that attack site problem last summer.” 🙂
  • Secure your website. Stopbadware has some excellent tips for cleaning and securing your website. Spend some time reading the information they provide. It could save you from dealing with a stressful malware situation…

So there you have it. If you wake up one morning and find out you have been labeled an attack site, you can get over the shock quickly and start to tackle the problem. I recommend that you bookmark this page and the pages I linked to from this post. They can get you moving in the right direction so you can clear your name in a timely manner. And that will be good for you, your company, your customers, and your job security. 🙂

If anyone has experienced other malware or attack site situations, please feel free to share them below. I’d love to hear how you tackled the situation and cleared your website!

Glenn Gabe is an online marketing consultant at G-Squared Interactive. He currently helps clients maximize their digital marketing efforts via SEO, SEM, Social Media, Viral Marketing and Web Analytics. You can read more of Glenn’s posts on his blog, The Internet Marketing Driver and you can follow him on Twitter to keep up with his latest projects, news, and updates.

Category SEO
Glenn Gabe G-Squared Interactive

Featured SEO Writer for SEJ   Glenn Gabe is a digital marketing consultant at G-Squared Interactive and focuses heavily on ...

Yes, You’re An Attack Site That Contains Malware, Now Here’s What To Do About It

Subscribe To Our Newsletter.

Conquer your day with daily search marketing news.