In 2013, StopBadware received requests for independent reviews of just under 40,000 blacklisted URLs. For those unfamiliar with our process, here’s some background on how it works. Because of the way our review request system interfaces with Google (one of three data providers whose blacklist data we track), it’s not necessary for us to manually test every URL submitted to us for review. Many reviews are closed automatically when Google’s systems re-scan the sites in question and do not find badware.
One of our key metrics is the number of reviews we have to perform manually, as opposed to the number of reviews that are closed automatically because their requestors have been successful in cleaning up infections. Despite the 69% increase in review requests for 2013, we manually tested 35% fewer URLs this year than last year.
Caveats to this data: These figures generally do not include bulk review requests, which come from hosting providers, bulk subdomain providers, and network operators who contact us in good faith and request review of a large number of URLs. Bulk review requests can range from a few dozen to several thousand sites at a time, and we receive them regularly*. We also did not manually test any URLs blacklisted by ThreatTrack security for several months in 2013 due to a technical issue with their de-listing process.
In addition to the encouraging number of reviews that closed automatically in 2013, we noted this year that our clickthrough traffic from Firefox warnings fell by over 50%. This, contrary to common intuition, is a good thing. Firefox users get to StopBadware by choosing to ignore a “Reported attack site” warning and then clicking a button labeled “This isn’t an attack site” on a toolbar Mozilla shows on infected sites. So Internet users who find their way to StopBadware’s Firefox landing page have not only ignored a malware warning; they’ve indicated they put little stock in the intel behind the warning.
We’ve communicated to Web users and webmasters for years that it’s an unfortunate but commonplace occurrence for legitimate websites to be infected with malware without the knowledge of their owners. It’s a tough message to impart successfully, and it’s tough to measure how well it’s sunk in for the general Internet populace. The drastic drop in warning clickthroughs is a very good sign, especially when combined with the review numbers for 2013.
We’re used to seeing dramatic headlines about malware and lack of security, but despite the news, we still see indications of incremental progress. Not all is lost; in fact, change both positive and negative seems to come much the same as it always has. Progress is slow and won by hard work, but it's work we intend to keep doing with help from our partners and friends. Thanks for your support this year!