VeriSign adds website malware scanning to services

VeriSign has added website malware scanning to its SSL-certificated customers to allow them to scan their sites on a daily basis.

Tim Callan, vice president of marketing at VeriSign, told SC Magazine that the service is being introduced for free to existing customers as part of the management console.

The service will allow administrators to scan their websites on a daily basis to ensure that they are free from malicious injections and scripts creating drive-by-downloads. Callan claimed that the existing VeriSign seal offers a high degree of trust for consumers and seeing that makes them feel safe, and they are now adding to the service ‘to start to prevent online crime'.

He said: “We believe that there is room for a solution that will keep drive-by-downloads off the host website before they get blacklisted. This is a solution that will protect consumers extremely well, as any site with an SSL certificate allows us to read the HTML code and look for instances of malware distribution.

“It is easy to find malware, so as a consequence should we find anything there, firstly we send an email to the owner, then we remove the VeriSign seal so it is not displayed and then in the certificate management console we have added a tab that will show you where on the page the malware is and under what specific line of text the malware distribution is on that you need to deal with.

“When you have done that you click a button that says ‘I've removed the malware', we scan the site and if you are clean the seal comes back, and if you are not we tell you where the malware is.”

Asked whether technology from Symantec was being used after the recent acquisition of VeriSign's identity and authentication business, Callan said it was not as it chose scanning technology from Armorize after evaluating the market for the best solution. “We also have flexibility in the future, our commitment is to ensure that we are using the best product,” he said.

The certification program is also being extended to the search engine market with the ‘Seal in Search' detail replacing VeriSign seals next to verified sites on a search. This is currently powered by AVG's LinkScanner security tool and is currently available on search engines Google and Bing.

Callan said: “Google searches every 20 days, we search every day so at the most it will be there for 23 hours. It is better for the site and consumer and the seal can be more meaningful.”

Sign up to our newsletters