Online security firms say the threat to businesses from cyber-criminals using sophisticated, advanced 'malware' is increasing. And that means a very real potential problem for web managers.

• News and analysis website V3 quotes a number of recent reports saying criminals are targeting businesses once every three minutes with advanced malware capable of avoiding detection from traditional tools such as firewalls and anti-virus software.

• Security firm FireEye says 'spear phishing' - a technique that looks to dupe its victims into downloading malware by sending messages using common business terms designed to entice them to click on a malicious email file attachment or web link - remains the most common attack strategy for getting malware into an enterprise.

• And security agency Europol reports that the increased success rate of cyber attacks is doubly dangerous, as organised crime groups are using them to fund other darker 'real world' activities.

Some of the malware currently online can even be activated as users move a mouse, a tactic which could dupe current 'sandbox' detection systems (isolated environments where suspicious code is executed out of harm's way) since the malware doesn't generate any activity.

Of course, no web manager would knowingly link to malware, but links do change and issues can arise with links within a site that is not regularly checked. When you embed code to third party websites in your pages (for example, links via advertising banners), you are relying on the third party being responsible for their own security.

Earlier this year Cheltenham Borough Council was hit by a major malware attack that caused large-scale disruption to its services, including online council tax payments. Press reports say it took the Council a week to realise the extent of the infection, when staff decided to undertake a complete scan of systems.

The resulting IT disruption reportedly caused the Council's online council tax system to become unavailable for three days and caused a glitch that delayed counting of ballots cast during the Police and Crime Commissioner elections. Staff were also unable to access email and internal systems for three days.

Not all website owners have the time and resources to moderate user comments to blog articles or in community areas. Should a link to malware or a phishing website creep in, here’s how our Web Manager's Toolkit can alert you to the problem.

For links suspected of being phishing and malware we provide the key information you need - including the line in the code that each link appeared and a link to Snapshot to view the page as it was when we tested it.

As we scan your site, we run each and every off-site link against the Google Safe Browsing database. This list is used by Firefox and Google Chrome to protect millions of users every day from suspected phishing and malware pages. Our own cache is continually updated from Google so that it always contains the very latest known phishing and malware sites.

To detect links to staging servers we compare each off-site link with those on a list of known staging and development servers; this list is also kept up-to-date and personalised.