use the Diagnositics -> Malware section for information on malware issues (e.g. examples of URL were malware was found, and samples of the found malicious content)
Once you fix the problem, click on the “request a review” link — your site will be reviewed during the next few hours.
Fetch as Googlebot. – useful tool to diagnose security problems when hackers hide malicious content from normal human visitors and only show it for search engine spiders (cloaking) — this is quite a prevalent type of website hacks (part of massive Black Hat SEO campaigns).
.htaccess — is a popular target of website hacks. For example, hackers can add conditional rules to redirect all search engine traffic to a third-party website.
SQL-injections — another trick where hackers can exploit bugs in web applications that fail to properly sanitize user input — as a result, malicious content can be injected into site’s database.
Finding malware may be tricky.
Don’t only check the source code of your web pages. Check what browsers receive from your web server (both the page code and the HTTP headers).
You might want to play with different scenarios. Warning: please use specialized tools and do it only in a controlled sandboxed environment, otherwise malware may infect your computer.
visit from a search engine
visit with clean cookies (first time visit)
visit using different browsers (IE, Firefox, Chrome)
visit from from different IPs and countries
Keep your system up to date.
Unmask Parasites :) - Matt called this site a “really useful place to talk about all the different attacks that are currently going on”.