Posted by Erica George
Thu, 29 Nov 2007 21:33:00 GMT
In the last few days, there has apparently been a surge of badware-distributing web sites that trick search engines into thinking they’re legitimate. Researchers at Sunbelt Software first reported the gaming of Google results a few days ago, with articles following from the BBC, ComputerWorld, and others. Google* has reportedly removed the offending sites from its results, saying violations of its quality guidelines can lead to removal from its index. The gaming attacks have also affected other major search engines, though reports indicate the exploits on the malicious websites were coded to target only Google searchers.
The attacks were carried out on massive numbers of newly registered domains, apparently primarily hosted in the US but registered in China. Be suspicious of highly ranked search results that appear to be from a US-based site, but that link to a .cn (Chinese) or other national domain in the website’s address, and of websites whose addresses are entirely strings of random characters without any words or names. As always, an important part of protecting yourself online is keeping your software – including browsers, anti-virus and anti-spyware applications – up to date. If you suspect your computer may have been infected, check out our tips for badware removal.
* Note: Google is a StopBadware sponsor and partner.
Posted in all | Tags badware, Google, hacking, search
Posted by Maxim Weinstein
Thu, 29 Nov 2007 15:28:00 GMT
Wired has an article about the U.S. government’s lack of a transparent, responsive process for individuals who are on the terrorist watch list to request removal if they are innocent. According to the article, even the process they do have, which only addresses a subset of the people affected, has resolved only half of its cases since February. Others are left confused, with little information about the process or the individual’s current status.
BBC columnist Bill Thompson recently raised questions about the responsiveness of StopBadware’s own review process that helps site owners flagged by Google get their sites removed from Google’s list. He even suggested that perhaps the authorities should be the ones keeping a URL blacklist and managing the appeals process.
Apart from the jurisdictional issues, which Mr. Thompson acknowledges as being a show-stopper, the example set by the U.S. government isn’t exactly an encouraging sign for the future of a government-run blacklist.
At StopBadware, we believe that transparency and responsiveness are key to the success of our efforts. This is why we explain our review process in our FAQ. It’s why anyone who submits a request for review of their site can return to our site at any time while the review is in progress to see its status. And it’s why the average time for a review to be completed is under three days (typically shorter for sites that are, in fact, clean when they are submitted for review and a bit longer for those that are not).
There’s still more to be done, of course. We encourage all security vendors and blacklist providers to offer a transparent and responsive process. We continue to improve our own process and communications to provide the most information as clearly and quickly as possible. And, over the next several months, we’ll be doing even more to involve the community in our efforts.
Meanwhile, millions of users are being protected from badware every day, all without the bureaucracy that often comes with government security efforts.
Posted in all | Tags bbc, government, stopbadware
Posted by Maxim Weinstein
Wed, 28 Nov 2007 21:41:00 GMT
Traffic to StopBadware.org recently reached the one million unique visitors per month mark, a major milestone in our two-year history. The majority of our visitors come to us through Google’s warning pages, while many others find us through blog posts, articles, reports, and other references from around the web.
We are thrilled that the message is getting out that the internet community can work together to stop the spread of badware while protecting providers who are doing their part to keep their sites and applications safe.
We are especially grateful to those who, after their initial visit, have continued their involvement by joining our mailing list, reading our blog, telling their stories, and participating in our online discussion group. You are part of StopBadware and its success, and we will be offering new ways for you to contribute over the next several months.
Thank you all, and here’s to continued growth and, more importantly, continued success in stopping badware!
Posted in all | Tags milestone, stopbadware
Posted by Erica George
Wed, 21 Nov 2007 19:18:00 GMT
As our readers in the United States will know, this Thursday is the Thanksgiving holiday. StopBadware, along with the rest of Harvard University, will be closed Thursday and Friday this week in observance of the holiday. We will reopen on Monday, November 26.
For website owners concerned about their review requests, we recommend also logging in to Google’s Webmaster Tools console and filing an additional review request there. Also, don’t forget that the StopBadware discussion group can be a great resource if you’re having trouble discovering problems on your website.
For all of our readers who celebrate it, have a Happy Thanksgiving, and we’ll see you on Monday!
Posted in all | Tags stopbadware
Posted by Maxim Weinstein
Wed, 21 Nov 2007 19:04:00 GMT
The U.S. Federal Trade Commission and the National Cyber Security Alliance have released a set of “ 10 Tips for Safe Holiday Shopping Online.” Click the link for the full version, but here’s a summary of the tips:
Check out the seller.
Read return policies.
Know what you’re getting.
Don’t fall for a false e-mail or pop-up.
Look for signs a site is safe.
Secure your computer.
Consider how you’ll pay.
Know the full price and check out incentives.
Keep a paper trail.
Turn your computer off when you’re finished shopping.
On a related note, PC World is reporting that website hacks, phishing, and other online scams are expected to rise with the kickoff of the holiday shopping season, so stay alert.
Posted in all | Tags shopping, stopbadware
Posted by Erica George
Wed, 21 Nov 2007 18:29:00 GMT
The Anti-Spyware Coalition, of which StopBadware is a member, will hold its next public workshop on January 31 in Washington, DC. The theme for the day will be “Spyware: What’s Worked, What’s Left, and What’s Coming.”
The ASC’s last conference was held here at Harvard, and proved to be an excellent opportunity for a meeting of minds in the anti-spyware space. You can read StopBadware staffers’ notes from that event here.
For more info about the January event, including planned panels and registration, head to the ASC website at antispywarecoalition.org.
Posted in all | Tags AntiSpywareCoalition, ASC, events
Posted by Maxim Weinstein
Thu, 15 Nov 2007 20:18:00 GMT
On CNet yesterday, Chris Soghoian blogged an interview with Mike Shaver at Mozilla. In it, StopBadware’s role is mischaracterized. It turns out it was nothing more than a misunderstanding, and we’re happy to be working with Mozilla to set the record straight.
Mozilla, Google, and StopBadware are all expected to play a role in ensuring that the needs of both users and web site owners will be addressed in Firefox 3. Mozilla is working with Google to provide a list of potentially harmful URLs that will be used by Firefox to warn users before they browse to a site that may contain malware. This data comes from Google’s own scanning and research, not from StopBadware, as reported. (Our Clearinghouse allows users to search for a site to see if it is currently on Google’s warning list.)
StopBadware’s role will be (as it is now) to ensure that users and web site owners receive as much information as possible about the warning and to provide a transparent review process to assist site owners in understanding why a site was flagged and/or notifying Google that it has been cleaned.
By working together, we help protect users from potentially dangerous web sites while ensuring that owners of legitimate sites have a way to understand the warnings, clean up their sites, and remove the warnings.
Posted in all | Tags cnet, firefox, Google, mozilla, stopbadware
Posted by Erica George
Tue, 13 Nov 2007 18:42:00 GMT
BBC columnist Bill Thompson has posted a thoughtful critique of Google’s safer searching warnings, and StopBadware’s involvement in the reviews process for websites. Thompson raises some common concerns we often hear from owners of websites which have been flagged by Google, so we hope a public response here can help address those concerns not only for Mr. Thompson, but for other site owners with similar questions.
When website owners discover that their sites have been flagged, it’s often because they or their web services provider received email from Google, or because someone simply noticed the “This site may harm your computer” warning in the results of a Google search. Google provides help pages for both web searchers and webmasters, and instructions for submitting a review request through Google’s Webmaster Tools.
Google’s warning also provides a link to the StopBadware site. Right now, the landing page on the StopBadware site includes some basic information about badware and Google’s warnings, as well as links to other parts of the StopBadware site, such as our FAQ which addresses the Google warnings process in more depth. In response to feedback from website owners and internet users at our discussion group, we’re also working on a new and improved landing page, which will provide more information, easier-to-find links to important resources, and a history of StopBadware’s interaction with the site. We’re hoping to roll out the new landing pages soon.
If site owners choose, they can also request a review from us instead of or in addition to a review through Google’s Webmaster Tools. Our request for review page includes links to our two most important pages of information for owners of flagged websites – our Security Tips page and our FAQ. The Security Tips page helps explain common ways in which websites are compromised, and how to locate those issues in a site’s source code. The FAQ provides more detailed information on the warnings and a step-by-step overview of the reviews process and what a site owner can expect. Both pages link to another very important StopBadware resource, our discussion group, where many site owners have found help from our generous technically proficient volunteers.
When requesting a review through StopBadware, it’s best first to figure out what caused Google to flag the site, and clean and secure the site, before filing a review request. Here’s why: The first step in our review process is actually a quick re-scan by Google. When Google confirms that a site is clean, it takes down the warning and the review process is already complete. If Google tells us that it’s still seeing badware distributed by the site, StopBadware then must manually test the site before reporting to the site owner, a process that not surprisingly can take somewhat longer.
In the case of Mr. Thompson’s site, Google’s re-scan results showed badware still being distributed by the site. The site then went into StopBadware’s queue for further testing. From his article, it looks like Mr. Thompson then signed up for Webmaster Tools and used the information Google provided there to clean the site. Google then let us know, so we closed our own review. While this process can no doubt be frustrating, it actually shows the system working the way it’s meant to. The warning was not removed until the site was safe, and in two weeks from start to finish, even a site that was not already clean when it entered our reviews system had completed the process.
As an educationally-focused nonprofit, StopBadware’s review option focuses on helping connect website owners to the tools and support they may need to help make their sites safe again, as well as less vulnerable to future attacks. Unlike many other online “black lists,” both StopBadware and Google work hard to provide a relatively quick means of removal for site owners who have cleaned their sites. Our average turnaround time for sites that are already clean when a review request is submitted is under two days. The review process has also on a handful of occasions helped us to identify websites that fall within one of the exceptions to our Guidelines, such as sites designed with purely educational purposes and proper disclaimers.
We’re quite proud to be one small part of a system that both helps protect average internet users – many of whom are operating vulnerable browsers and are not aware of the dangers of compromised websites – and that offers website owners an open and publicly accountable opportunity to request removal of the warning for their sites. We’re even more proud of the educational resources we’ve developed for site owners, and are working hard on creating even more.
We’re grateful to Mr. Thompson for his support for our project, and we strongly encourage anyone with feedback on our work to share it with us. Let us know your ideas by emailing contact [at] stopbadware [dot] org, or join the ongoing conversation at our discussion group.
Posted in all | Tags bbc, Google, reviews
Posted by Erica George
Fri, 09 Nov 2007 22:41:00 GMT
MySpace users, look out for a new brand of website hacking technique that’s emerged over the past week. The hack inserts code that loads a background image linking back to a badware site, and has so far had several prominent victims, most notably pop star Alicia Keyes.
A user who clicks anywhere on the site that is not a legitimate, pre-existing link will be redirected by the linked background image to the badware site, apparently hosted in China. The user will also be prompted to download a codec to view videos – something one might expect on a MySpace page – which itself delivers malware.
The attacks were first noted last week by researchers at FaceTime Communications, and have gained widespread coverage this week due to the hacking of Keyes’s page.
While MySpace reacted quickly to reports of the hacks, there is also word that Keyes’s page, at least, has been reinfected once. There’s no estimate yet on how many users may have been infected, or how many MySpace pages have been compromised, but one thing seems certain: this is a technique to watch out for in the future, on MySpace, and beyond.
Posted in all | Tags codecs, exploits, hacking, myspace
Posted by Erica George
Fri, 09 Nov 2007 15:54:00 GMT
The internet security community is buzzing with the news that the Russian Business Network (RBN), a notorious group of professional badware distributors and online criminals, has pulled down its websites and abandoned its IP addresses, effectively vanishing from the internet. The RBN has been behind numerous large-scale attacks, and has been traced as an attacking source of several sites that have ended up in the Badware Website Clearinghouse.
Unfortunately, it seems clear that the RBN’s disappearance is simply a technique for moving deeper underground, a move likely precipitated by recent increased attention and publicity around the RBN. The anti-malware company Trend Micro is already reporting observing RBN-like activity in China and other parts of Asia.
It’s unlikely that the RBN will consolidate operations in any new home in the same way it operated for so long in Russia, instead diversifying the locations of both its online and on-the-ground operations, making it harder to track. For security researchers and makers of protective software, the disappearance of the RBN is less a victory than a new challenge.
Posted in all | Tags badware, crime, hacking, RBN, RussianBusinessNetwork
|
