Security start-up Dasient has launched a cloud-based service designed to detect malware on websites and quarantine it away from visitors prior to it being removed.
Dasient's three co-founders include two former Google employees, Neil Daswani, previously Google's security product manager, and software engineer Shariq Rizvi, along with Ameet Ranadive, whose background includes stints at consultancy McKinsey & Co and HP.
The Web Anti-Malware service that Dasient is announcing today makes use of web crawlers and heuristics to automatically detect code that cyber-criminals have loaded onto legitimate websites in order to download malware or push visitors to fraudulent sites. As a consequence, victimised sites infected by malware often end up on "blacklists" of suspected dangerous sites compiled by Google as well as security firms, including McAfee, Symantec and WebSense, that have ways to watch for compromised sites.
It's "a challenging engineering problem," said Daswani of performing diagnostics on malware-infected sites and quarantining code without disrupting site use. The Dasient Web Anti-Malware service, which starts from $50 per month, is still in an "alpha" stage in some respects, especially the malware-quarantining capability, Dasient's co-founders acknowledge. The malware quarantining feature requires a Dasient software module to be installed on a web server for protection.
The goal, the co-founders say, is to assist website managers in finding out where the malware problems are before they're on blacklists or to help them get off the blacklists, which disrupt business and drive customers away. The Dasient service can also be used by web hosting providers to assist their customers.
There are millions of websites compromised each year. Family Communications, a children's media non-profit founded by Fred Rogers, found out how devastating it can be to end up on a blacklist because of infected web pages.
"Four or five months ago we were alerted to the fact that Google results was saying your website may have malicious code," said Kevin Morrison, COO at Family Communications, who said Google did send out an email notice but didn't seem to be in a position to do much more than that.
The phone started ringing off the hook with callers asking what was going on, and Morrison said his web site hosting provider couldn't really tell. Around the same time, Dasient contacted Family Communications to say it knew the site had been flagged by Google, they could help, and they did, showing exactly where bad code was embedded in web pages, said Morrison.
"It had been hacked obviously," Morrison said. "We got the malicious code out of the way and suddenly we're OK on Google again," added Morrison, who adds his company has continued to be an early user of Dasient's Web Anti-Malware, though no more incidents have cropped up since.
Dasient retains close ties with Google - which itself faces many web attacks daily, said Daswani - but the co-founders declined to provide more detail.