Over the last several weeks, several companies have reached out to SUURV Marketing after their websites were blocked by their antivirus software. So, we investigated. We were granted access their web servers and their website dashboards. We used our tools to run scans for malware, changes to core files, phishing violations, DNS vulnerabilities and more. In each case, the website were clean. Puzzling!
Furthermore, we asked each antivirus provider to run an independent scan to verify malware or phishing violations. In each case, the website passed their examination. The blacklists were removed, and the websites were back online.
We had more questions… like how did this happen in the first place? Is it possible for your competition or a disgruntled employee to submit a report that your business website has been exploited by malware or phishing campaigns. Could these reports be taken at face value? As a business owner, you would hope that the answer to these questions would be a resounding, “No!” However, these are the facts.
False Reports to Antivirus Software Providers
Indeed, there are many ways for someone to falsely report you which may result in antivirus software blocking your website. Here’s a guide we found on the dark web.
- National Cybersecurity Agencies: In many countries, there are national cybersecurity agencies or computer emergency response teams (CERTs) that handle reports of cyber threats. The information is readily available on the web.
- Anti-Phishing Organizations: Organizations dedicated to combating phishing may be interested in your report. For example, the Anti-Phishing Working Group (APWG) is an industry association that focuses on eliminating the fraud and identity theft that result from phishing, malware, and email spoofing. You can submit your report to them.
- Web Browser Developers: Major web browsers have mechanisms for reporting suspicious websites directly through their interface. For example, Google Chrome has a Safe Browsing page where you can report phishing or malware. Other browsers like Mozilla Firefox and Microsoft Edge also have similar reporting mechanisms.
- Website Hosting Provider: Identify the hosting provider of the website and report the issue to them. They may have procedures in place to investigate and take appropriate action, such as suspending the malicious website.
- Certification Authorities (CAs): If the website is using HTTPS and has an SSL certificate, you can contact the certificate authority that issued the certificate. They may be interested in learning about misuse of their certificates.
- Internet Crime Complaint Center (IC3): In the United States, you can report cybercrime to the IC3, which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C).
- Email Service Providers: If the phishing attempt involves email, you can report it to the email service provider from which the phishing emails originated. Many providers have mechanisms for reporting phishing emails.
- Antivirus Software: Visit the official website of the antivirus software you use. Look for a section related to threat intelligence, reporting, or customer support. Some antivirus companies provide online forms or email addresses specifically for reporting malicious websites or phishing attempts.
So that’s the how-to guide for anyone who may have malicious intent to take out your website. What we discovered next was quite disturbing.
Information Sharing Between Cybersecurity Companies
Nonetheless, there seems to be a cascading effect. If one antivirus company blacklists your business website, will they share that information with the 90-plus antivirus companies that offer similar services? Cybersecurity organizations often collaborate and share information about various cyber threats, including malware and phishing websites. This collaboration is deemed to be essential for creating a more robust defense against evolving cyber threats. Here’s how they typically share information:
- Information Sharing Platforms: There are platforms and networks where cybersecurity professionals and organizations share threat intelligence. These platforms facilitate the exchange of information about new threats, malware samples, and phishing websites. Examples of such platforms include the Cyber Threat Alliance (CTA), Information Sharing and Analysis Centers (ISACs), and other industry-specific sharing forums.
- Threat Intelligence Feeds: Antivirus companies subscribe to threat intelligence feeds that provide real-time information about emerging threats, including phishing sites. These feeds may come from various sources, such as government agencies, private cybersecurity firms, or community-driven initiatives.
- Collaboration Initiatives: Some cybersecurity companies actively engage in collaborative initiatives to share threat intelligence. This collaboration can occur through joint research projects, workshops, and other forums where experts come together to share their knowledge.
- Open Standards and Formats: There are open standards and formats for sharing threat intelligence, such as STIX (Structured Threat Information eXpression) and TAXI (Trusted Automated eXchange of Indicator Information). These standards help ensure that information is shared in a consistent and interoperable way.
- Publicly Available Databases: Some cybersecurity organizations maintain publicly accessible databases of known threats, including phishing websites. These databases are often updated regularly and can be accessed by various security tools.
These antivirus software companies believe the goal of information sharing is to enhance the overall cybersecurity posture by enabling organizations to better understand and defend against threats. It is their hope that by sharing this information about phishing websites, they can improve the accuracy and effectiveness of their detection mechanisms. Thus, provide better protection for their users.
The threat that no one is talking about, however, is how their detection algorithms and reporting platforms can be exploited by bad actors with malicious intent. If your business is a Fortune 500 company, it is unlikely that an antivirus software company will block your website. But if you are a small or medium-sized business with a website, good luck! The decision to blacklist you appears to be administered by system automation. In other words, no humans are involved in the decision-making process.
What to Do If Antivirus Software Is Blocking Your Website
SUURV Marketing recommends these steps to get your website back online:
- Scan and Clean Your Website:
- Perform a thorough security scan of your website to identify and remove any actual malware or security vulnerabilities.
- Update all software, plugins, and content management systems to their latest versions.
- Remove any suspicious files or code injections that may have triggered the false positive.
- Request a Review from the Antivirus Companies:
- Most antivirus companies have a process for website owners to request a review if they believe their site has been falsely flagged.
- Visit the official website of each antivirus company that has blacklisted your site and look for a process or form to request a review.
- Provide detailed information about the steps you’ve taken to secure your website.
- Use Google Search Console:
- If your site is flagged by Google Safe Browsing, you can use Google Search Console to request a review.
- Go to your Google Search Console account, select the property for your website, and navigate to the Security Issues section. Follow the instructions to request a review.
- Check and Resolve Security Issues:
- Use online tools like Google’s Safe Browsing Transparency Report to check if your site is listed as unsafe by Google. If it is, follow the guidelines provided to resolve the security issues.
- Perform a thorough review of your website’s content, ensuring there are no phishing pages or malicious content.
- Contact Web Hosting Provider:
- If your website is still being flagged after addressing the issues, contact your web hosting provider. They may assist in resolving security concerns or provide information on the steps you can take.
- Implement Security Best Practices:
- Enhance the security of your website by implementing best practices such as using secure passwords, enabling SSL encryption, and regularly monitoring for security vulnerabilities.
- Monitor and Report Recurrence:
- Keep an eye on the status of your website using tools provided by antivirus companies or online security services.
- If the issue recurs, promptly address any security issues and request a review again.
When Antivirus Software is Blocking Your Website, Where Do You Appeal?
Here’s a list with links to 20 of the major providers of antivirus software:
- Symantec (Norton):
- Report False Positive: Symantec False Positive Submission
- Contact Support: McAfee Support
- False Positive File Submission: Avast False Positive Submission
- False Positive File Submission: AVG False Positive Submission
- False Positive Report: Bitdefender False Positive Submission
- Online Help Center: Kaspersky Support
- Trend Micro:
- False Positive Submission: Trend Micro False Positive Submission
- Submit a Sample: ESET Submit a Sample
- Sophos False Positive Report: Sophos False Positive Submission
- Microsoft Defender (Windows Defender):
- Microsoft SmartScreen False Positive Report: Microsoft SmartScreen Report
- False Positive Report: Malwarebytes False Positive Submission
- Panda Security:
- False Positive Submission: Panda Security False Positive Submission
- False Positive Report: Avira False Positive Submission
- Submit a Sample: F-Secure Submit a Sample
- G Data:
- False Positive Submission: G Data False Positive Submission
- Submit a Support Ticket: Webroot Support
- False Positive Submission: ZoneAlarm False Positive Submission
- Submit a Ticket: BullGuard Support
- False Positive Submission: VIPRE False Positive Submission
- Submit a False Positive Report: ClamAV False Positive Submission
It’s important to be proactive and persistent in resolving false positives. By following these steps and working with the relevant entities, you increase the chances of having your website removed from blacklists and restoring its reputation. Take action if antivirus software is blocking your website.
If your business needs help getting your website back online, SUURV Marketing and our partner, SUURV Technologies, can speed up the process for you. Call (210) 390-4500, or click here to email us. We respond quickly!
Get Help Now!
We bring a laser focus to discover your greatest opportunities.
1. Market Research
SUURV can support your business with a virtual Chief Marketing Officer (vCMO). Get a talented marketing professional to help your business reach more customers.
2. Branding Book
Turn up the volume on your brand with a signature look, everything from sales presentations to logo design and messaging.
3. Engagement Strategies
We can build or upgrade your website, set up an eCommerce solution, and connect everything to your CRM.