How to submit malicious code to Yandex experts for analysis

The Yandex Safe Search service not only warns users of infected pages, but also helps webmasters find malicious code on infected sites, remove it, and share their experience with other webmasters.

The more examples (samples) of malicious code operating on the web server side we have, the more information we have for helping webmasters.

If you found malicious or just suspicious code on your website, send it to us at virus-samples@yandex-team.ru. If possible, your email should include:

  • The CMS version installed on the site.

  • The name of the script or database table where the code was found.

Malicious code is most often located in:

  • Infected scripts or CMS templates, or in advertising networks blocks.

  • Database tables.

  • The .htaccess utility file on the web server.

  • A separate file (a script or a binary file) that changes the contents of CMS scripts when it is run on the server.

For more information on how to remove malicious code on the server side, see this page.

Besides server malware, we are also interested in malware that ends up on a user's computer.

To prevent antivirus filters on mail servers from deleting samples of malicious code from emails, package them as a password-protected archive before sending. You can include the password for us in the same email.