We love destroying malware, and we’ve been at it for a while!
Our removal process uses our proprietary remediation engine. We have been researching and collecting malware definitions that affect web sites since 2004. Its history can be traced to early open source projects we released before becoming a company, Sucuri, in 2010. You can find information on the early incarnation of the engine by looking at Owl, version .1, and the Web Information Gathering System (WIGS).
If you need to have your site recovered and cleaned, the malware removed and unlisted from any type of web site blacklist (Google, Norton, etc), you can just go and sign up to any of our plans here: http://sucuri.net/signup/
What does the Cleanup Process Consist Of?
The cleanup process has been refined over the past few years. It’s very effective, but continues to evolve. The process is both manual and automated. The automated elements are quite restricted. Every cleanup is handled by a malware analyst whose responsibility it is to look through the results, identify anomalies and clean manually as required. The beauty of it is that the cleanup is included in every package for the no additional fees.
Yes – cleanup is included in every plan!
What do you Clean?
As malware evolves, so will our service. Under the current cleanups we include remediation for the following:
- Obfuscated JavaScipt Injections
- Hidden & Malicious iFrames
- Embedded Trojans
- Phishing Attempts
- Cross Site Scripting (XSS)
- Malicious Redirects
- Backdoors (e.g., C99, R57, Webshells)
- Stupid, Pointless, Annoying Messages (SPAM)
- SQL Injection
- IP Cloaking
- Social Engineering Attempts
How do you Clean?
In most instances our cleanups are conducted remotely, using preferably SFTP, but also HTTP and FTP. Because of the challenges with HTTP, specifically time-outs and other connection issues, we may request secure shell (SSH) access.
Once we have access to your server we load tools that allow us to authenticate with the mothership. This connection allows us to traverse your server files and databases.
How am I Notified?
The internal ticket system uses the same notification options set in the alerting section. When a ticket is updated you are notified via email, you must log in to the system and update the ticket.
It’s Not Automated?
The clean up process needs to be initiated and requested via the “Malware Removal Request” form on our system. Here is why:
- We require access to your server in order to perform the remediation process.
- We do not offer services as a ‘Password Manager’ so we do not create or reset existing passwords.
- After every cleanup the first change we ask you to make is to update every password you have (i.,e., administrator page, database, FTP, SFTP, SSH, etc.. )
- We prefer to have a trained malware analyst working with each client.