StopTheHacker automatically removes malicious code from web pages
Security startup's latest features may be good for small businesses who want hands-off web page security management
By Jeremy Kirk | Published: 11:51, 09 March 2012
StopTheHacker has added a feature to the security startup's subscription service that automatically removes malicious code placed on web pages by hackers.
Peter Jensen, CEO of StopTheHacker, which officially opened for business in San Francisco last month, said that many businesses, such as law firms, have small IT staffs and few resources with which to run their websites.
That makes it difficult for them to know if their site has been hacked and quickly fix it before more of their users are victimised. The problem of hacked websites has grown worse over the last few years: Google estimates it blocks 6,000 new websites a day that have been rigged to deliver malicious code to users.
Related Articles on Techworld
If a website has, for example, a database vulnerability, hackers can gain access to the site, and plant code that attacks visiting computers. The style of attack is known as a drive-by download and usually occurs unnoticed by the victim.
Wordpress hack
Earlier this week, 30,000 Wordpress blogs - some of which were running outdated versions of Wordpress' software - were hacked to redirect visitors to sites hosting fake antivirus scans.
Several companies scan the internet to detect such hacked pages. Google scans for malicious pages as part of its Safe Browsing service and warns users before they navigate to an infected web page. Google said last year it served up three million warnings of unsafe websites to 400 million users per day.
Google will also warn website owners if their site had been hacked, similar to StopTheHacker. But StopTheHacker has now updated the 3.1 version of its software to automatically remove the malicious code from a hacked website.
If a law firm's website is hacked in the middle of the night and StopTheHacker detects the change, malicious code - whether it be a line of JavaScript or a PHP script - can be removed, Jensen said.
StopTheHacker detects malicious code by using an artificial intelligence engine that performs static and dynamic analysis of code such as JavaScript, decompiles web page objects and then scores the probability of malicious behaviour, said Anirban Banerjee, co-founder of StopTheHacker, who developed the technology while at the University of California in Riverside.
Website owners can choose whether they want to enable the automatic removal feature. Jensen said some administrators may prefer to just be notified by email so they can go in and manually make the change.
FTP credentials
Jensaid said that the automated removal feature may be good for smaller businesses with fewer IT resources and time. In order for the feature to work, StopTheHacker must have the client's FTP credentials to get access to the website's code.
Acorn Technology Corporation in Riverside, California, has been using StopTheHacker for about 100 domains it manages for customers, said Ryan Hoskin, vice president of operations.
Acorn offers it as an added-value feature for its customers, wrapped into the overall pricing for its hosting and management services, Hoskin said.
"We've had a few customers where StopTheHacker found issues with customers' websites," Hoskin said. "We've been able to notify the customer and get it resolved."
StopTheHacker has also built a Facebook application that scans profiles for malicious activity around games, content posted to a person's wall, advertisements and links. Facebook, however, doesn't allow StopTheHacker to remove content from a person's profile, so that has to be done manually, Jensen said.
StopTheHacker's pricing is based on different features sets, ranging from a basic up to an enterprise offering ranging from $10-100 per month.
Comments