Rating Mail.Ru launched a site scan for viruses



    The content of the post is very short and almost coincides with the headline: yes, indeed, recently Mail.Ru Rating checks the sites that installed the counter for viruses and, in case of suspicion, warns with a letter from the webmaster. We did not write our own antivirus, but used the technology of our partners. But besides this brief announcement, there are two more interesting questions that I would like to cover in more detail. These are the questions “why?” And How?".

    Let's start with the “why.” It may sound ridiculous and paradoxical, but in 2015 viruses on the sites still exist. Yes, indeed, on large projects of Mail.Ru or Amazon scale, antivirus operation most likely means false positive for some particularly tricky advertising or analytical code. The last of the worm cases that occurred to me on a large project dates back to 2007 (as it was yesterday ...). It is unlikely that he is really the last one, but compared to what happens almost once a month, loud password leaks - the difference is huge.

    With small sites, a completely different picture. In terms of protection against the spread of viruses, they froze in the distant past. The components and the password “123456” to the admin panel installed from unverified sources are still unacceptably common, and the webmasters who installed them still believe that everything is in order. We learned the specific numbers after the launch of the test, but they did not become a big surprise: out of about a million websites of our clients, more than 11 thousand were infected. And they, of course, need to be warned about this. No sooner said than done, and then we smoothly move on to the question of “how.”

    You could either do everything yourself or find a company that has the solution we need. Understanding that the diagnosis of sites is a rather specific task and not profile for us, we leaned to the second option: we decided to find a suitable company. As it turned out, the relatively young Russian service Virusday ( virusdie.ru ) turned out to be the best option for us in terms of the characteristics . It is a cloud-based antivirus and firewall that, among other things, detects viruses on sites and prevents re-infections. On the test samples, their results were no worse than well-known competitors, while there were no technical performance limitations (and we had to work with millions of sites) and, importantly, it was easy to agree with them.

    Creating a new service


    For us, and for Virusdai, this kind of cooperation was the first, so I had to program on both sides. Previously, their code has always been implemented on the client side. Now they have raised a separate API for external site checking, and we add and remove URLs from it. The antivirus bot bypasses its base once a day. Based on the check, it generates a report that contains:

    • list of detected infections;
    • list of suspicious activities and files;
    • information about whether the checked site is in any black lists (within the SafeBrowsing programs).

    Also, once a day we send out alerts to new “sick people”. In addition, an immediate check occurs when a new site is added to the Rating.


    Innovative architecture of our interaction.

    Result


    So, now we have a new section called “Site Security” in the Mail.Ru rating, which shows the result of a site check by the Virusdai service with a detailed description of the verdicts and recommendations made. In addition, we additionally inform our users of emerging threats on their sites by sending them emails.



    All sites are checked once a day, and each of our users now receives up-to-date information about the security status of their site. According to our statistics, the most common are malicious redirects and unauthorized ad units (totaling about 40% of cases). Top 10 is as follows:


    No company specializing in anti-virus protection can guarantee 100% or even 99% reliability of the proposed service. Nevertheless, complaints about false detection of viruses at the moment are single. We are not ready to evaluate the number of missed threats, but whatever it is, there are fewer viruses on the RuNet - at least 1000 sites have already been cleared thanks to the introduction of this service.

    And instead of concluding - a few words about our partner, the Virusday company, they themselves say:
    The concept of the Virusdai service is quite simple: it allows you to eliminate malicious code (viruses, shells, etc.) on sites in automatic mode and at the same time not disrupt the functionality of the web resource. We also provide a firewall to protect the site, which is installed automatically and does not require any configuration. You can connect an unlimited number of sites to the service and manage all tools directly through your personal account. Virusdai is very easy to use and is intended not only for webmasters, but also for site owners who do not have special knowledge or skills.

    Also popular now: