There has been a dramatic increase in the amount of malware found on Internet websites in past few years. The Q4 2017 Website Security Insider analysis found that 1% of the world’s websites (an estimated 18.5 million websites) are now infected with malware. In many cases, the owners of affected sites are not even aware that there is malware present.
Having malware on your website can be very detrimental. Not only can malware potentially infect the computers of website visitors, it can cause the website to be suspended from programs like Google Adwords.
If your website has been suspended from Google Adwords, it means you can no longer run campaigns. This can result in a dramatic loss of traffic and loss of revenue if you are running a business website reliant on advertising.
Fortunately, it is possible to have a suspended Google Adwords campaign restored after malware was detected. This guide will explain this simple process.
What is malware?
The term “malware” is short for Malicious Software. It describes software programs that are designed to cause harm. Most malware programs are designed to steal information from a user’s computer or to somehow gain control over the user’s computer.
Hackers sometimes use compromised websites to distribute their malware. They do so by tricking website visitors into believing the software they are being asked to download is legitimate and provided by the website.
The most common types of malware include:
Ransomware will lock a user’s computer so it is not usable, then demand a ransom to remove the malware. There have been some very large ransomware attacks in the past few years, including “Wannacry”, an attack that affected high profile targets including the United Kingdom’s National Health Service (NHS).
This type of malware will spy on a person’s computer — collecting their keystrokes, stealing data, modifying software, and using the computer’s webcam or microphone.
Viruses are complex pieces of malware that are capable of copying themselves and spreading to other computers automatically. They are often used to steal information, steal money and install botnets.
Worms are very common pieces of malware that spread via computer networks using vulnerabilities in other pieces of software. They are often used to overload computer networks or to deliver payloads of other malicious software.
Google’s approach to protecting users from malware
Google has taken a very pro-active stance when it comes to dealing with malware. They have developed the Google Safe Browsing initiative, which actively scans the Internet, looking for websites that contain malware.
Upon finding a website that contains malware, it will quarantine that website. Users who attempt to visit the site from Google Search will receive a large warning telling them of the potential presence of malware and the risks they would be taking (see below). Website owners are also immediately notified that their website contains malware and are asked to take action. You can check your website against several blacklists including Google Safe Browsing with ThreatPress SiteScan. It checks your website status on Google Safe Browsing, PhishTank, Malware domain list and Spamhaus ZEN. Our WordPress security plugin has the same system and can check your site automatically.
Google applies the Google Safe Browsing Initiative across all of their products, including Google Adwords, Google Chrome, and Google Adsense. That means that the presence of malware can significantly damage your website and affect your business. They are particularly concerned about Adwords being used to display advertisements that send a user towards a malware-infected website.
Google has also developed an Unwanted Software Policy, which refers to software that is installed without a user’s permission or full knowledge. If your website offers users software, it must be fully transparent about the program’s functionality. You must also provide a Terms of Service or an End User License Agreement, be honest about fees associated with your software, and make it simple to uninstall the software. Failure to meet these expectations may result in Google labelling your software malware and suspending Adwords advertising campaigns for your software product.
Is your website suspended on Google Adwords for malware?
The first sign that you have malware on your website will usually be one or more emails from Google. You may also notice that your Adsense advertisements are no longer displaying on your website or that you are receiving the warning message listed above.
Google will also add warning messages to Google Webmaster Tools and within Google Adwords itself. The messages will usually be along the lines of:
Unfortunately, it appears that your site has been hacked. A hacker may have modified existing pages or added spam content to your site. You may not be able to easily see these problems if the hacker has configured your server to only show the spam content to certain visitors. To protect visitors to your site, Google’s search results may label your site’s pages as hacked. We may also show an older, clean version of your site.
How to fix a suspended Google AdWords campaign due to malware
Fortunately, fixing a suspended Google Adwords campaign due to malware is usually a fairly simple process.
1) Identify the reason for suspension
The first step is to find the reason why your Google Adwords campaign was suspended. Start by visiting Google Adwords to check which policy you are in violation of. Log into Google Adwords, then click on Campaign Tab, then click on the Ads. At this point, you can customise the columns to add the Policy Details matrix column. This will tell you which policies each ad campaign is in violation of. It will explicitly tell you if malware is the problem.
2) Identify the malware
You have multiple options available when identifying malware that Google has found on your website. The easiest option for most people is to use Google Webmaster Tools. This tool is designed to give you a comprehensive report on the status of your website and any problems that it faces. It is integrated into Google’s Safe Browsing Initiative so it receives information about any malware events involving your websites.
If you have not added your website to Google Webmaster Tools, do so now — it is a very useful product. It is a simple process, but here is a short guide to help you. If you are adding a site for the first time, you might have to wait for Google to retrieve more information about the malware that is affecting it.
To check if there are security issues affecting your site, visit the Security Issues section in Google Webmaster Tools. If there are security issues, click on Show Details button to view more information. Google will usually list the Malware infection type, the pages that are affected by the issue and the date that the malware was last detected.
If you don’t want to use Google Webmaster Tools, you have other option like Google Free Malware Checker. This is another useful product created by Google. It will tell you what if they have found any malware or security issues on your site. Visit Google Free Malware Checker or another similar online service.
3) Remove the malware
Once you understand which files contain malware, you have a few options. You can delete, repair, or replace each file. Additionally, you may have to locate the malware file that the compromised page was forcing people to download. If Google webmaster tools or another malware scanner has given you the URLs which are affected, this should be an easy task.
You will also need to tighten security on your website and server, so your pages aren’t compromised again in the future. Here are a few options for doing so:
- Install code monitoring and backup software – you can purchase applications that constantly monitor your website’s source code and notifies you if any changes are made. This will alert you if a hacker has managed to compromise a file and upload malware to your website. We offer WordPress security plugin which continuously monitors WordPress core files.
- Install security plugins for your content management system – most content management systems have plugins that improve the security of the application’s codebase. These plugins will scan your files to ensure they are correct and alert you to any anomalies.
- Server-side malware detection applications – your web server can also be configured to regularly scan for malware. The most common application for this task on Linux servers is ClamAV, an open source antivirus engine that scans for malware, trojans, and viruses.
- Manual inspection – you can also hire someone to inspect individual files to ensure that there are no pieces of malware present. ThreatPress can help you with that by making website security inspection, repair and WordPress hardening.
4) Request a review
Once you are certain you have removed all malware from your website, you can request a review of your website from Google. They will examine your site again to ensure it is safe for their users. Once they have confirmed it is safe to use, they will lift restrictions on their various products. You may also have to resubmit your ads for approval. If you have successfully removed all malware from your site, they should automatically be approved.
Google Webmaster Tools users can also request a review of their website in the security section after removing any malware.