Remediate detected malware

Malicious software (malware) is a name for software created specifically to stealthily install, take control, and perform harmful actions on a computer without the users' knowledge or permission. Programs such as viruses, worms, Trojan horses, root kits, malicious scripts, and corrupted web browser controls are today typically Internet-borne threats, much of it coming from otherwise innocent websites whose content is often secretly hacked by malicious, external attackers.

Bing detects malware on the Web as part of the webpage and link-crawling process. When the results of an end user search include content identified as containing malware, Bing notifies the user with a warning message. If content on your website is flagged by Bing for malware, you can follow these steps to resolve the issue:

Identify all affected webpages and/or links in your website with the Webmaster Center tools Crawl Issues and Outbound Links.
Find the security holes in your website and fix them. If necessary, replace compromised webpages with clean, original content.
Once the malware has been eradicated, request re-evaluation of your website from E-mail Support to remove the malware warning flag associated with your content.

Protect your website from third party abuse

Once malware is removed, steps need to be taken to secure your website to prevent malware from reappearing on your website in the future. Securing your website and web application are the keys. The following preventive measures are key tasks that either you or your hosting provider (likely both) need to take:

Create strong passwords and change them frequently
Keep system software (operating system, web server, and web application) current with the latest security updates
Regularly use anti-malware tools to scan your website files for security vulnerabilities and the presence of malware (several tools — free and commercial — are available to do this)
Ensure the sensitive configuration files from your websites aren't accessible to end users
If your website accepts user input, ensure it is cleansed before processing/displaying it back to the user. For instance, if you have a login form that accepts user name and password that are checked against a database, ensure the input is cleaned of any characters that might allow for the manipulation of the database. If user input is accepted and displayed (such as on forums), ensure users aren't able to modify the source code of the webpage, such as adding script of iFrame HTML code.
Learn about anti-malware strategies, tools, and techniques:
- Read up on malware remediation and computing security advice on Microsoft Malware Protection Center
- Visit the Microsoft TechNet Security TechCenter to access their vast library of security resources
- Read the Microsoft Antivirus Defense-in-Depth Guide for concepts in identifying attack threats, implementing multiple security defenses, and understanding industry best practices for resolving and recovering from malware attacks
- Browse Windows Sysinternals, which offers:
  - On-Demand Webcasts on topics such as Advanced malware cleaning
  - A variety of downloadable, no-cost, technical Sysinternals Security Utilities for Windows
  - The active Windows Sysinternals malware forum dedicated to sharing ideas for stopping malware

Troubleshooting tips for remediating malware infections

There are three primary ways your website might be serving malware. Listed below is a description of each one, along with helpful tips on addressing the problem.

Malware might be directly hosted on your webpages. Malware might also be embedded in images, binaries, documents, and the HTML page itself.

How to fix: Inspecting the files located on the web server is a good start. An antivirus scan might reveal malware embedded in binary, document, or image files. Malware embedded in an HTML page might hide itself from antivirus products within obfuscated JavaScript. Such code is identifiable as it often contains long sequences of characters with a custom de-obfuscation routine. Deletion of any bad JavaScipt or corrupted files disinfects your website. If you find such changes to the original webpages saved on your web server, it might indicate that your web server security is vulnerable. Change your passwords, update the server's operating system and your web server applications with the latest security updates, and if applicable, scan your website development computer for malware.
Malware might be pulled into your website by links to untrustworthy third-party content, such as images, user generated content, advertisements, counters, blog templates, web widgets/gadgets, and RSS feeds. If any linked third-party content is malicious, your webpage is also considered malicious, because a user browsing to your webpage from the Bing results webpage might be harmed.

How to fix: Inspect the third-party content of your website and, if necessary, remove it. Only embed content from trusted third parties into your webpages.
Malware might be injected into your webpage as it travels from your web server to the end user. In this case, a direct inspection of the original webpage source code files on your web server would likely reveal no malware infection. However, by revealing and examining the source code within your web browser for the flagged webpages after either browsing directly to your website or by clicking the Cached page link for your webpage on a Bing search results webpage and comparing the results to the original file from the web server, you might detect changes to the webpage code. If you see new or modified webpage controls, modified links, or scripting changes between the original source and the browser source versions of the webpage, your website might be a target of a malicious "man-in-the-middle" attack.

How to fix: Shared hosting providers have been known to be vulnerable to such attacks. If the source code comparison test shows suspicious differences that appear like the malicious modifications mentioned above, inform your web hosting provider that they might be the victims of a "man-in-the-middle" attack. If no action is taken by your provider as a result, consider moving your website to a more trusted provider.

Once the problem is resolved, request re-evaluation of your website by following the procedure below.

Request re-evaluation of your website for content reinclusion in normal search results

Once the malware has been removed from your website, you need to request that Bing rescan your website to confirm the malware has been removed and your content can be reincluded in normal search results.

Open the E-mail Support form.
In the resulting Bing E-mail Support web form, type your full name and email addresses in the text boxes provided.
In the Service: Bing drop-down list, select My Site has a malware warning.
In the new drop-down list that appears below, select the option that best matches your specific situation.
Complete the remainder of the form, adding as much detail as possible in the comments text box to help the support team resolve your request. Once completed, type the characters shown in the security image, and then click Submit.

Bing rescans your website and, if the malware problem has been resolved, removes the malware warning flags from your content in the search results webpages.