Insights from StopBadware research
StopBadware’s data sharing program has been up and running since the end of September 2013. Last month, the program passed 1 million event reports. One of our goals for the program is to be able to facilitate high-quality academic research on malware. Marie Vasek, a doctoral student at SMU and StopBadware’s own operations technologist, started analyzing DSP data shortly before the new year. Below are some big-picture insights from our data sharing program data, as well as data from seven public malware lists (see acknowledgments). We’ll be sharing more in-depth analysis with the DSP contributing companies and our partners throughout the year.
Most abused TLDs
Phishing comparison data comes from the Anti-Phishing Working Group.
Types of webservers
We used W3Techs market share data for comparison.
CMS distribution
Since StopBadware’s historical focus was websites, we were quite interested to see which content management systems (CMS) were running on infected websites. Again, we used W3Techs market share data as a general comparison baseline.
Acknowledgments
All data sharing program (DSP) data comes from ESET, Fortinet, Internet Identity, and Sophos. We used data from the following public malware lists in addition to data from StopBadware’s DSP: CleanMx, Malc0de, Malware Domain List, Malware Domains, Malware Blacklist, Malware Patrol, and ZeusTracker.