Badware Website Clearinghouse Now Live

Posted on February 14, 2007 - 18:05 by egeorge

The Badware Website Clearinghouse is up and running! The newest addition in our expanding focus on the websites that spread badware, the Clearinghouse aggregates information from trusted third parties about sites that host or distribute badware. For sites that have been added the most recently, the Clearinghouse listing includes examples of URLs within the website that lead to badware. We'll be adding more information for older listings in the Clearinghouse in the coming weeks.

For webmasters of sites flagged in the Clearinghouse, there is now a more streamlined way to ask StopBadware to review their sites, using our new Request for Review web form. The form provides information and helpful links, as well as outlining the steps needed for the fastest possible processing of a review. We strongly encourage webmasters to evaluate their sites for badware, and clean and secure their sites, before submitting a review request. If a site is already clean and secure by the time it is re-tested, the process of lifting the badware warning for that site will be much simpler and faster.

Valentine's Day PSA

Posted on February 14, 2007 - 17:06 by colson

Just a word to the wise this Valentine's Day - be sure you know who's sending you that electronic greeting card before you click "Open." We've seen some nasty software bundled with fake greeting cards this year, and we're not the only ones. Channel Register has a nice write-up on how to avoid getting infected this Valentine's Day, and the take-home message is this: be careful when you click on links or open attachments. If it looks suspicious, it probably is.

Badware Hits the Super Bowl

Posted on February 3, 2007 - 17:40 by egeorge

Just days before the Super Bowl football championship, the websites of the hosting team and stadium reportedly were infected with badware. According to WebSense, a web security company, the websites of the Miami Dolphins and the Dolphins' stadium were hacked and infected in late January, as the sites were experiencing peak traffic due to this Sunday's Super Bowl game. While the two sites are now reported as clean, it is unclear how many visitors to the sites were affected before the exploits were removed.

Anyone visiting the sites on a Windows computer without the latest security updates would have been vulnerable to the exploits, which reportedly included a keylogging program that transmits a computer user's typed keystrokes to the hackers, and a "backdoor" that allows hackers to remotely control an infected machine.

Unfortunately, the Dolphins are not alone. In the past several weeks, StopBadware has worked with an increasing number of website owners whose sites have been compromised by malicious hacking. In most cases, hackers use security vulnerabilities to insert code that loads when an internet user visits one of the affected sites. The code then causes badware to download invisibly onto the user's computer.

Badware attacks can hit any website, big or small, if the site is not properly secured. If you are a webmaster, check out our new resource with tips for securing sites against badware, and learn ways to keep your site's visitors safe.