The problem is one of affect. Back in 1999, when I started working at a security company, most of the threats posed by viruses were directed at the computer infected. In other words, if your server was attacked by malware, the goal of that virus was to take down your server - crash it, make it run more slowly, or deface your site. But that type of attack is much less common these days. Instead, the attacker often wants their intrusion to be undetected by the computer/server owner. Why? Because they're using your system to make money or attack someone else or just prove they can be as annoying as possible. I don't really know why... I'm not a hacker :-)
According to ComputerWorld and security research firm, WebSense "The majority of Web sites serving up attack code are legitimate domains that have been hacked by criminals", over 50% in fact. Now, even if you don't care that your site is being used for something other than what you intended, you should care if your site is labeled "malicious". And that's what will happen if your site starts serving attack code with or without your knowledge.
So, when you learn about a serious threat to a server system that is configured like yours is, you should spend some time verifying that you're not infected, not assuming that you're not simply because you don't notice anything wrong.
Wow – and I always thought having chosen a good hosting company was enough to stay safe. So how do you find out if your site is hacked and dishing out viruses, or if your bandwith is used to power some other purpose?
I must echo Marita’s question:
“So how do you find out if your site is hacked and dishing out viruses, or if your bandwith is used to power some other purpose?” Virus protection on my personal PC is a major hassel and investment. Is any available for websites/servers — and what is the cost?
Wouldn’t you see foreign code in your site documents somewhere if this happens to you? Are these hacked sites being exploited through simple html pages, or is it ASP and PHP and database coding that is being tweaked when the webmaster is not looking?
Mike: Not necessarily. If the hacker was going to use your site as a mail zombie, then the longer they can keep you from realizing that you’ve been hacked, the better for them.
Mail zombies are systems that are set up to send thousands or millions of spam email messages out. The spammer makes money because even if only one spam message out of 10,000 gets a response, if they aren’t paying anything for the mail being sent (you are, through bandwidth and space used), then any response is purely profit.
Web servers are also used as DOS zombies, where they are set up to hit other Web servers until they crash. Again, the hacker benefits from you not knowing they are there at all.