Badware hunters tame wild Webmasters, hosts

PayPal and VeriSign throw their support behind the StopBadware project, which has so far netted a list of over 600,000 suspect apps

If hijacked sites and hosting companies that fail to police malware distribution sources represent two of the most serious threats to Internet security, there may be hope for improvement, according to researchers working with Harvard Law School's StopBadware.org.

After publishing a list of rogue Web site hosting companies and launching a campaign to label every malicious site they can find on the Internet, an effort that has filtered out more than 600,000 nefarious applications thus far, the StopBadware team says that people are responding. 

The project currently counts less than 250,000 Web sites that it classifies as distributors of programs that qualify as badware -- any application that either tries to hide itself or any of its intentions, based on the parameters of the effort. StopBadware also announced that Internet mainstays PayPal and VeriSign have joined its influential cast of sponsors, which includes Google.

By inserting warnings into Google's search results that steer end-users away from malware and adware sources, while communicating with those responsible for creating or handing out the suspicious programs, progress is being made, according to StopBadware's lead researchers.

"The interstitials delivered with Google search results are working, and we've been able to communicate with a lot of Webmasters. It's having a neighborhood effect," said Prof. John Palfrey, executive director of Harvard Law School's Berkman Center for the Internet and Society. "We're reaching out to hosting companies and Webmasters and filtering the complaints where it seems useful, and we've seen many people change their behavior."

In addition to all the people who have no idea that their sites are being used to pass out malicious programs and those who misunderstand the nature of the applications they're distributing, StopBadware researchers say that even those who create many of the programs are engaging in the give and take.

For those who can be reached, the debate over whether or not a particular program qualifies as badware typically can be resolved, with very few of those who agree to modify their applications going on to repeat their behavior, said Jason Callina, one of the StopBadware researchers.

"We're seeing a low recurrence of people coming back on the lists once we've gone through the testing and communications process. People are actually helping each other move off the lists," Callina said. "When there's ever any serious disagreement, it's always an argument of our definition of spyware versus theirs."

Most Webmasters complain about the interstitials on Google -- which they are notified of 24 hours in advance and given the opportunity to appeal. But the immediate drop in search-driven traffic that the warnings produce quickly convinces people to either take any questionable applications offline or kill their sites altogether, Callina said.

Meanwhile, StopBadware's list of hosting companies responsible for supporting the largest number of malware sites resulted in at least one leading culprit -- iPower Technologies -- changing its ways, while two others have disappeared completely. Others have also begun to modify their behavior, Palfrey said.

"The best measure of our success is when any of these companies change their business process and we're seeing them adjusting," said Palfrey. "At the same time, we're trying to enable [end-users] to make better choices with their using habits."

So many of the people who end up on StopBadware's list need help understanding what it is that they're doing wrong that the team feels its ability to mete out advice is being overwhelmed, he said.

At the same time, StopBadware admits that sophisticated hackers are still advancing their efforts at an alarming pace and the organization can't keep up with the ever-growing volume of online malware programs.

In addition to tracking down the programs, StopBadware is also charting regional trends, and the researchers contend that a growing number of suspicious applications are originating in China. The level of interaction between malware authors in the region and their Western counterparts is also becoming more prevalent, with a fair share of distribution still emanating from former Soviet-bloc regions as well, the team said.

The key for legitimate businesses to steer clear of the entire problem is to be careful with the companies they partner with, said Palfrey, who served as host of an Anti-Spyware Coalition conference held at Harvard in June. The security consortium is backed by influential industry players, including AOL, Dell, Google, McAfee, Microsoft, and Yahoo.

"The biggest concern for legitimate businesses at this point is related primarily to software bundling," said Palfrey. "There's often a complicated chain between the original purveyor of a program and the consumer, so companies need to be explicit about what they would qualify for badware-type behavior themselves and hold their partners to that."

Join the discussion
Be the first to comment on this article. Our Commenting Policies