Posted by Maxim Weinstein
Thu, 31 Jan 2008 15:00:00 GMT
StopBadware has released an alert identifying RealPlayer as badware. See our press release here and the complete alert here.
Interestingly, RealPlayer 10.5 and RealPlayer 11, both of which are distributed widely, both violate our badware guidelines, but in different ways.
RealPlayer 10.5 is badware because it doesn’t tell the user that its “Message Center” feature will pop up ads from the system tray if the user doesn’t register the application.
RealPlayer 11 is badware because it installs the Rhapsody Player Engine without notifying the user. When the user uninstalls RealPlayer, Rhapsody Player Engine is left behind, unless the user also knows to uninstall it separately.
RealNetworks, Inc., the publisher of RealPlayer, has been upfront about these behaviors in our conversations with them. They point out that version 11 does not install the ad-serving Message Center by default, and they acknowledge that it was a mistake on their part to not offer to uninstall Rhapsody Player Engine when uninstalling RealPlayer 11. We expect that the next version of RealPlayer will correct the issue and provide better disclosure, and we encourage RealNetworks to work with their downstream partners to ensure that older versions are replaced by the new version.
Posted in homepage, all | Tags badware, realplayer, stopbadware
Posted by Erica George
Tue, 18 Dec 2007 15:59:00 GMT
StopBadware’s most important mission is helping to educate internet users about badware threats and how to protect themselves. One of the biggest ways users tend to find us is through our partnership with Google, and the warning pages Google places in its search results for websites that it has flagged as dangerous. Today, we’re rolling out a new and improved information page for users landing on our site after viewing a Google warning.
The new landing pages are an easy one-stop-shop for all the key links related to the warnings, organized in two easy boxes, one especially for website owners and the other for ordinary users. The pages also include a summary of any review history for the site, if the site has ever requested a review from StopBadware, and a link to the complete review history page.
The new pages use colored icons to help make a site’s warning and testing status clear. A site that is being reported as bad by a StopBadware partner gets a yellow icon, and a site that’s been confirmed as bad through our own testing at StopBadware gets a red icon. For sites no partner is currently reporting as bad, a colorless icon means simply that we haven’t been told anything current about a site, not that the site is necessarily safe.
We hope search users and webmasters alike will find these new landing pages helpful and informative. If you have suggestions or feedback, please let us know!
Posted in homepage, all | Tags stopbadware
Posted by Erica George
Tue, 02 Oct 2007 13:56:00 GMT
StopBadware is proud to release our 2007 update on the state of badware on the web – “Trends in Badware 2007: What internet users need to know.” The short report is a plain-English explanation of badware threats to user privacy and security, based on our research over the past year. It explains online security issues such as compromised websites, social networking scams, and other badware trends that pose significant risk to the average internet user.
For many visitors to StopBadware.org, threats such as legitimate websites that have been hacked to distribute badware may not be news. We’re hoping our security-conscious visitors will help us spread the word to those who aren’t yet aware of the dangers. “Trends in Badware” is written with nontechnical internet users in mind – folks who love using the internet, but who may not yet have learned about newer badware threats.
As StopBadware’s co-director John Palfrey says in our press release, “Now, users can get infected by simply browsing a reputable website or clicking on links posted to their favorite blogs or social networks. We want to make sure that consumers have up-to-date information on emerging trends so they know what to look for when online.”
StopBadware’s mission is to help educate consumers and average internet users about badware, and to help the community fight back. We hope that “Trends in Badware 2007” can help clear the fog around online dangers and empower ordinary internet users to take charge of their computers’ security.
You can download “Trends in Badware 2007” here.
Posted in homepage, all | Tags badware, consumer, education, stopbadware
Posted by Erica George
Tue, 21 Aug 2007 20:48:00 GMT
The webmaster of a site that was hacked to distribute badware has teamed up with a volunteer on the StopBadware discussion forum to trace the hack through her site, and share her story with others. Rebecca the webmaster and Jart the volunteer hope their case study of the cleaning and securing of Rebecca’s site can help educate other webmasters about dealing with attacks and the bad code and backdoors hackers can leave behind.
Rebecca first learned that something had happened to her site when a badware warning appeared in search results for the site on Google. Following Google’s pointers to StopBadware’s Security Tips, Rebecca checked her site and found hidden iframes she knew she hadn’t inserted. She removed the iframes, but was surprised to learn that the issues on her site went even deeper.
With the help of StopBadware volunteer Jart, Rebecca uncovered subtler hacks, including SQL injections and administrator accounts that gave unknown parties full access to her site. Rebecca outlines the various steps Jart helped her through to determine the extent of the damage to her site, and to regain control by securing the site against future attacks. Now Rebecca is learning from Jart so that she too can help others clean and secure their sites.
The quick case study is well worth the read for any webmaster, whether or not their site has been hacked. Thanks, Rebecca and Jart, for sharing it with us!
Posted in homepage, all | Tags community, hacking, securitytips
Posted by Ben Weeks
Wed, 08 Aug 2007 21:15:00 GMT
Here at StopBadware.org we’re constantly finding examples of common badware attacks. One well used avenue for attack is the bundling of badware into codecs. Through a bit of social engineering these programs will pose as some end-all be-all solution to your problems; from saving you marriage to entertaining you, they’ll do it all! The opposite is usually the case, of course, but we usually get a kick out of the kind of ridiculousness that they will presume to solve. Today while looking at a codec offered at hotelcodec.com, we discovered that they held no such pretensions; as their EULA clearly stated:
While we appreciate hotelcodec.com’s concise EULA, we don’t suggest that users install their codec on their machines.
Posted in homepage | Tags codec, EULA, funny
Posted by Erica George
Tue, 26 Jun 2007 20:51:00 GMT
StopBadware is proud to play host to the annual Public Workshop of the Anti-Spyware Coalition tomorrow, on the campus of Harvard Law School. The Anti-Spyware Coalition is a group composed of anti-spyware software companies, academics, and consumer groups – including StopBadware.org – dedicated to building a consensus about definitions and best practices in the debate surrounding spyware and other potentially unwanted technologies.
Keynoting speakers will include Steve Gibson of Gibson Research Corporation, a pioneer in spyware research; Edward Flynn, the Springfield, MA Commissioner of Police; and a domestic violence survivor who was a victim of stalking using spyware. Some day-of registrations may be available.
Posted in homepage, all | Tags AntiSpywareCoalition, ASC, events, spyware
Posted by Erica George
Fri, 11 May 2007 20:53:00 GMT
A week ago, StopBadware reported on five web hosting providers hosting large numbers of the sites listed in our Badware Website Clearinghouse. Today, we have new information to share about how some of those web hosts are working to keep their hosted sites clean and secure. Our data last week featured five hosting providers of sites that are listed in our Clearinghouse. Sites in the Clearinghouse have been reported to us by trusted partners as hosting or distributing badware, often as the result of hacking attacks by malicious third parties. Our data reflects sites that are part of our Clearinghouse, and does not necessarily reflect the internet as a whole.
The top site in our listings was iPowerWeb, at 10,843 sites. We’re happy to report that we are now in contact with iPowerWeb, and that it has demonstrated a commitment to working proactively to combat badware. iPowerWeb has informed us that it has located and removed badware-distributing code from thousands of its sites that are listed in our Clearinghouse. These sites will now be reviewed according to our usual process. All sites that are confirmed to be clean will then be removed from the Badware Website Clearinghouse.
StopBadware has also been contacted by two other hosting providers we identified, Internap Network Services and Layered Technologies. We’re looking forward to working with these and other hosting providers to help combat badware at the hosting level. Check back soon for more updates.
Posted in homepage, all | Tags Internap, iPower, iPowerWeb, LayeredTechnologies, webhosts
Posted by Erica George
Fri, 04 May 2007 17:08:00 GMT
StopBadware recently analyzed 49,296 sites which were submitted by trusted third parties to our Badware Website Clearinghouse. We identified five web hosting companies with the largest number of infected sites residing on their servers:
• iPowerWeb, Inc., (10,834)
• Layered Technologies, (2,513)*
• ThePlanet.com Internet Services, Inc, (2,056)
• Internap Network Services, (1,437)
• CHINANET Guangdong province network, (786)
Many of the sites listed in the Clearinghouse as distributors of badware are otherwise innocent sites that have been hacked into by third parties. If a provider hosts a large number of sites that distribute badware, it’s possible that the provider has unaddressed security vulnerabilities that increase the likelihood of the sites the provider hosts being hacked.
iPowerWeb, one of the world’s largest hosting providers, hosts a startlingly high number of sites in the Clearinghouse. iPowerWeb’s homepage claims that the provider hosts over 700,000 sites; at 10,834, more than 1.5 percent of those can infect internet users with badware.
StopBadware spoke with some owners of websites in our Clearinghouse that are hosted by iPowerWeb. To iPowerWeb’s credit, many of their customers report that iPowerWeb personnel quickly located and removed the badware or badware-distributing code from their sites. Some customers complained, however, was that iPowerWeb support personnel were unable to provide details about how the websites were compromised.
StopBadware encourages all web hosting providers to work proactively to stem the spread of badware on the internet. StopBadware co-director John Palfrey says, “Web hackers and badware distributors are constantly finding new ways to work around the safeguards that are put in place to protect consumers. Web hosting providers must do their part to stay ahead of the curve and help keep the websites they host safe from malicious attacks.”
You can read our full press release here. If you’d like to comment on this information, or share a story about your own experiences with a web hosting provider to address a compromised site, please visit our discussion group.
* NOTE: Layered Technologies has informed us that it provides a style of web hosting known as self-managed hosting, in which its customers have full control over and responsibility for server management.
Posted in homepage, all | Tags Chinanet, Internap, iPower, iPowerWeb, LayeredTechnologies, ThePlanet, webhosts
Posted by Erica George
Mon, 26 Mar 2007 19:55:00 GMT
If you’ve been following StopBadware’s work over the past few months, you know that we have witnessed a sharp increase in the number of websites distributing badware. More and more of these sites are turning out not to be malicious distributors of bad software, but otherwise innocent websites that have been hacked and made to distribute badware without the knowledge of the sites’ owners. In the past weeks, we’ve even seen hacking attacks hit the sites of several friends of the Berkman Center, StopBadware’s parent institution at Harvard.
Berkman fellow Ethan Zuckerman shares a detailed and insightful account of one such attack in a recent post to his blog. A website owned by a friend of Zuckerman’s was hacked, and subject to a Google search warning and listing in the Badware Website Clearinghouse. Zuckerman initially assumed that his friend’s site must be listed by mistake, but quickly learned that the site had been compromised. As Zuckerman tracked down what had happened to his friend’s site, he uncovered the source of the attack – an organized crime outfit known as the RBusiness Network, currently based in Panama.
How risky is an infected site to visitors? Zuckerman examines one of the exploits used by RBusiness, noting that “[b]asically, when you load this iframe, it runs a small script which downloads and runs a Windows executable file. That file downloads a rootkit, a password sniffer and opens a backdoor into the user’s system.” Badware producers then use these invisible downloads to steal financial data for use in fraud or identity theft.
StopBadware is not the only group noticing increases in this kind of website hack. Symantec’s recent Internet Security Threat Report, for example, noted an increase in malware designed to steal financial data from victims.
How can you protect yourself? If you run a website, check out StopBadware’s Security Tips page, and talk to your hosting provider to be sure your site is secure. When browsing the internet, be sure your computer is running up-to-date, fully patched software, with anti-virus and anti-spyware protection. Last, if you do come across badware as you surf the internet, please share your story. The more we know about badware and the criminals who produce it, the better we can help internet users and webmasters keep themselves safe.
Posted in homepage, all | Tags badware, hacking
Posted by Erica George
Wed, 14 Feb 2007 23:05:00 GMT
The Badware Website Clearinghouse is up and running! The newest addition in our expanding focus on the websites that spread badware, the Clearinghouse aggregates information from trusted third parties about sites that host or distribute badware. For sites that have been added the most recently, the Clearinghouse listing includes examples of URLs within the website that lead to badware. We’ll be adding more information for older listings in the Clearinghouse in the coming weeks.
For webmasters of sites flagged in the Clearinghouse, there is now a more streamlined way to ask StopBadware to review their sites, using our new Request for Review web form. The form provides information and helpful links, as well as outlining the steps needed for the fastest possible processing of a review. We strongly encourage webmasters to evaluate their sites for badware, and clean and secure their sites, before submitting a review request. If a site is already clean and secure by the time it is re-tested, the process of lifting the badware warning for that site will be much simpler and faster.
Posted in homepage, all
|
