Web admins and owners are being offered a free service that will scan their sites for malware hijacks, alerting them automatically if malicious code is found.
The QualysGuard Malware Detection, launched as a beta this week, uses a combination of ‘static’ and behavioural analysis to take a closer look at web pages under a given domain, studying them for code irregularities that could spell trouble.
Static analysis is basically a technique for hunting down common forms of suspect code found on compromised web pages, while the behavioural goes a stage further by actually running each page in a virtualised but unpatched Windows PC and browser to see what it actually does. Run daily, if the service discovers a problem, website admins are informed right down to the specific slices of code on specific pages.
"The more exposure we get, the more intelligence we get on malware," said Qualys’s product marketing VP, Terry Ramos, explaining how scanning millions of URLs every day would also feed back into the company’s wider vulnerability scanning services.
Although offered for free, Qualys will offer website owners the option to buy a ‘seal of approval’ in the form of the new Qualys Secure logo, which the company also hopes will become a widely-respected standard for secure sites. This will cost $995 (£667) per domain, regardless of the number of pages, with a recurring fee of $795 (£532).