Jump to content

Detect and remove web based malwares from Websites


Recommended Posts

Hi Guys, Does malwarebytes removes web-based malwares such as Trojans, backdoors, shell scripts and other malicious code from PHP, JS, HTML, images, etc ? We have clients who wants to remove some sort of Obfuscated codes from their websites and we are wondering if malwarebytes can detect and remove such malwares from php files? Any recommendations ? Please take a look at the attached file for some of the sample from our client.

lware.zip

Link to post
Share on other sites

48 minutes ago, Plurkstar said:

Does malwarebytes removes web-based malwares such as Trojans, backdoors, shell scripts and other malicious code from PHP, JS, HTML, images, etc ?

No it does not.

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Link to post
Share on other sites

Checking a website's code for malware is a very different process from scanning a normal system for threats; I don't really know of any tools/scanners that do this, however I do believe there may be some companies that offer such a service, and of course if the site is blacklisted the site owner can reach out to whoever is blacklisting it to seek info on the reason(s) for the block and details on any threats/malicious content identified on the site.

Edited by exile360
Link to post
Share on other sites

I am kind of surprised that most such softwares including Kaspersky, Avira, Bitdefender does not have scan for web-based malwares for obfuscated codes, etc when there are Millions and billions of websites hosted onto so many servers and they pay very little attention to these types of web-based malwares. I have been trying to find a provider that have this kind of service.

 

Link to post
Share on other sites

As I understand it, while they (like Malwarebytes), may identify things like exploit attempts and malicious downloads, looking at the raw content of the website's code itself is a separate matter.  I've seen such analyses done by threat researchers from time to time in blogs etc. where they discuss a threat discovered on a site, however that's always the result of manual, hands on analysis, at least as far as I'm aware.

Link to post
Share on other sites

3 minutes ago, exile360 said:

I've made a note of your request and will pass it on to the Product team for their consideration and perhaps one day they might decide to offer such a tool and/or service.

Thank you, I believe this is one area that need to be addressed and websites are being hacked and edited with some sort of obfuscated codes. From what I have searched so far, there are 3 companies (Virusdie.com, BitNinja.Io,imunify360.com) that are providing this as of now and I hope More big players such as malwarebytes, Kaspersky, Bitdefender can look into this issue and fix these web-based malware issues.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.