What is malware?

If your site's been hacked, our detailed step-by-step instructions and videos can help you fix the problem.
 

What is malware?

If your site has been infected, it is generally because some vulnerability has allowed a hacker to take control of your site. The hacker may change the content of the site (for example, to add spam), or add additional pages to the site, usually with the intent of phishing (tricking users into parting with personal and credit card information). Alternatively, they may inject malicious code (malware)—for example, scripts or iFrames that pull content from another website that tries to attack any computer that views the page.

The term "malware" covers all sorts of malicious software designed to harm a computer or network. Kinds of malware include (but are not limited to) viruses, worms, spyware, and Trojan horses. Once a site or computer has been compromised, it can be used to host malicious content such as phishing sites (sites designed to trick users into parting with personal and credit card information). Some hackers may even take administrative control over a hacked site.

Very rarely, it can take up to a day for malware warnings (and links to the malware review request form) to be visible in Webmaster Tools after your search has been flagged in search results. If you don't see a warning in Webmaster Tools, but your site is flagged, please check back later.

How do I know if my site's been infected?

You can find out if your site has been identified as a site that may host or distribute malicious software (one type of "badware") by checking the Webmaster Tools home page. (Note: you need to verify site ownership to see this information.) We also send notices to webmasters of affected sites at the following email addresses for the site:

  • abuse@
  • admin@
  • administrator@
  • contact@
  • info@
  • postmaster@
  • support@
  • webmaster@

This identification is based in part on guidelines set by StopBadware.org. However, Google uses its own criteria, procedures, and tools to identify sites that host or distribute badware. In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. If you feel your site has been mistakenly identified, or if you make changes to your site so that it no longer hosts or distributes malicious software and you secure your site so that it is no longer vulnerable to the insertion of badware, you can request that your site be reviewed (see below).

To protect users and communicate with owners of hacked sites, Google uses automatic scanners to constantly look for these sorts of web pages. If the hacker inserted malware into your site, we'll also identify your site as infected in our search results to protect other users. Any determination that your site is infected is based purely on the content of the infected pages, and not on your reputation as a webmaster.

Next steps

  • If your site is infected: How to clean up a hacked site.
  • Preventing malware infection: Best practices for avoiding infection in the future
  • Requesting a malware review: Once you're sure that all spam and malicious code has been removed, you can ask Google to review it. Google will check your site and, if it's now clean, will remove any warning label that appears in your site's listing on the search results page.