They say that imitation is the sincerest form of flattery. Consider us flattered, then, that a rogue anti-malware distributor set up shop at stopbadware2008.com. Microsoft should be flattered, too, as the home page is designed to imitate an Internet Explorer malware warning screen:

It should go without saying, but I’ll say it anyway, that this site is in no way affiliated with StopBadware.org, and we do not recommend installing their deceptively advertised product.

Thanks to Donna for her post at Dozleng.com that brought this to our attention.

StopBadware’s manager, Maxim Weinstein, has a guest editorial today in ZDNet’s Zero Day security blog. The editorial urges more transparency in malware filtering by anti-virus companies, search engines, and web browsers.

• A low false-positive rate
• Clear, publicly-available criteria for determining which sites are listed
• Information about why a particular site is listed
• A transparent, responsive process for requesting removal of incorrect or outdated listings
• Support and education for owners of compromised sites

Helping to foster these kinds of fair and open systems for user protection is, of course, one of StopBadware’s missions. Have thoughts on ways to make malware filtering better? Share them in the comments to Maxim’s post.

Last month, Google found badware on www.webchat.pm.gov.uk. Yes, that would be an official web chat server provided by the UK Prime Minister’s office for use by government officials to hold chats with citizens. (Kudos to the Brits, by the way, for engaging in this way with their constituents.)

While I’m sure there are some conspiracy theorists who would disagree, I’m fairly certain that the UK government didn’t set out to infect its citizens. Rather, this was a classic case of a legitimate website being compromised via a SQL injection due to some old, insecure code in the server application. Iain Ballard, application support manager for Twofour Digital, the company that provides the web chat site for the PM’s office, explains:

This department has grown from one developer two years ago, to several teams totalling nearly 30 full-time development staff. Part of this growth has been due to the absorption of two other companies: Makeni and HMC.

As tends to be the way, the older software is implemented in a range of old technologies and not in best practice.

...

With over 100 old products to be managed and limited resources, turn around times can be long. Some of the products to be maintained are large and complex systems used by clients such as the BBC, UK Parliament recording, Europarl TV, several local government agencies, Volkswagen, Audi and a host of content and media suppliers.

To the credit of Mr. Ballard and his team, they not only removed the infection, but they fixed the vulnerability that allowed the SQL injection in the first place. (Specifically, a parameter was being passed directly from the web page into a SQL query with no validation, a big no-no in secure development.)

It’s easy to think that only small websites run by individuals are vulnerable, but as this example shows, even top sites managed by professionals need ongoing, careful attention paid to security.

The German state of Bavaria has approved laws that allow the police to plant spyware on the computers of suspected terrorists. While German federal laws restrict the government to infecting computers with email, Bavarian laws allow police to enter a suspect’s home to physically infect the machine. According to The Register, Bavarian interior minister Joachim Herrmann “gave short shrift to [privacy] objections, stating that Bavaria is leading the field in ‘internal security’ in becoming the first German state to approve the plan.”

This step taken by the Bavarian government counters a ruling earlier this year by Judge Hans-Juergen Papier in North Rhine-Westphalia. He opined that under regular circumstances spying on individuals was unconstitutional, and that permission of a judge would be required prior to implementing this type of surveillance during extreme situations.

In 2007, the internet was talking, though not over VOIP, about the Bavarian government looking to monitor and record Skype phone calls. Documents leaked through Wikileaks showed the thrifty Bavarian government haggling to get a better price on the products needed to invade their citizen’s computers.

Friday the 13th (of June) was an unlucky day for the folks at AVG, an anti-virus vendor known for its free Windows scanner. On that day, tech site The Register reported that a component of the paid version of AVG’s security suite was generating large amounts of “fake traffic” to websites in its effort to proactively protect users:

Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or so it seemed.

As it turns out, much of this traffic was driven by the new malware scanner from AVG Technologies.

Six months ago, AVG acquired Exploit Prevention Labs and its LinkScanner, a tool that automatically scans search engine results before you click on them. If you search Google, for instance, and ten results turn up, it visits all ten links to ensure they’re malware free.

After protests from webmasters, perhaps fanned in part by Nathan McFeters’s blog post last Friday, The Register reports that AVG is modifying its product to no longer pre-scan pages that a user hasn’t clicked on yet.

Note that Nathan went as far as to call AVG’s LinkScanner “badware” in Friday’s blog post on ZDNet. Here at StopBadware.org, we did not evaluate the product against our Badware Guidelines, nor do we intend to now that the product is being modified.