VeriSign offers free web site malware scanning

VeriSign will certify that a site is free from attack code

VeriSign is expanding its SSL certification programme into malware scanning, allowing administrators to display a certification confirming that the site is free of malware attack code.

The service will perform daily scans on a site's HTML code, checking for malicious injections such as iFrames and scripts that redirect to attack sites known as 'drive-by downloads'.

If an attack is spotted, the certification is removed from the site and the administrator is notified of the breach. After removing the attack code, the administrator can contact VeriSign and have the certification image displayed again.

Tim Callan, vice president of marketing at VeriSign, told V3.co.uk that the malware scans are a natural evolution from the company's SSL certification programme launched in 2004.

"In the last few years we've seen the emergence of malware as an attack vector, and the really insidious driver of this is the drive-by download," he said. "The threat landscape has changed and we think there's an opportunity to make a difference."

VeriSign will also extend the certification programme into the web search market with Seal in Search, which will place VeriSign seals next to verified sites in search results.

Callan claimed that the service will be particularly useful to comparison shopping services that comb retail sites. Early tests have shown that search results carrying the seal are 18 per cent more likely to be clicked on by surfers.

Seal in Search is currently available on retail search engines TheFind and PriceGrabber, as well as AVG's Linkscanner security tool.

VeriSign is making the malware scanning and Seal in Search features available at no extra cost to all SSL subscribers in the US.

The company will extend the services throughout Europe within the next three months, and around the globe by the end of the year.