There are multiple different ways to detect invisible malware on a website:
You can scrutinize the HTML code of web pages.
Use external scanners like SiteCheck or UnmaskParasites.
Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools).
Try to open web pages with different User-Agents and check for changes.
Sometimes it is even helpful to open a page using a script blocker (the disabled scripts may hide spammy links injected into web pages).
It’s not a definitive list and sometimes we see some interesting ways that malware reveals itself. This time I’ll show how a fake WordPress plugin that was injecting invisible links to a porn site unmasked itself in via RSS feeds.
more here.........http://blog.sucuri.net/2014/11/rss-reveals-malware-injections.html
You can scrutinize the HTML code of web pages.
Use external scanners like SiteCheck or UnmaskParasites.
Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools).
Try to open web pages with different User-Agents and check for changes.
Sometimes it is even helpful to open a page using a script blocker (the disabled scripts may hide spammy links injected into web pages).
It’s not a definitive list and sometimes we see some interesting ways that malware reveals itself. This time I’ll show how a fake WordPress plugin that was injecting invisible links to a porn site unmasked itself in via RSS feeds.
more here.........http://blog.sucuri.net/2014/11/rss-reveals-malware-injections.html