StopBadware releases report on the state of badware
Anti-malware organization reports on systemic causes of and responses to badware threat
Cambridge, Mass., June 8, 2011 — Nonprofit anti-malware organization StopBadware announced today the release of its first State of Badware report. The report offers a macro view of recent trends in the badware landscape, examines factors that contribute to badware’s persistence, and evaluates the Internet ecosystem’s changing responses to the threat.
Badware is a defining challenge for individuals, businesses, and governments throughout the world. Cybercriminals have developed a mature badware economy in which individual computers and legitimate, reputable websites are turned into badware distribution vectors, often without the knowledge of their owners. The badware economy is complex, multi-layered, and versatile: badware increasingly evades detection or classification, transcends national boundaries, and adapts to the security industry’s attempts to excise it. “Security research statistics and media headlines frequently proclaim that badware is on the rise, but understanding badware’s prevalence requires a deeper examination of the interconnected systems it preys upon,” said Maxim Weinstein, StopBadware’s executive director. “The State of Badware examines the limitations of today’s approaches to understanding the badware problem and illustrates how unilateral approaches to security are insufficient to address the challenges faced by the Internet ecosystem.”
The State of Badware is intended as a resource to assist policymakers, businesses, and individuals in understanding the current badware landscape and how it is evolving. The report points out blind spots in the way people think about badware measurement and identifies weaknesses in the landscape. “At a micro level, badware targets flawed software and unsuspecting users,” said Weinstein, “but there are also broader issues of economic incentives and legal frameworks that allow cybercriminals to exploit the Internet ecosystem itself.”
StopBadware’s report identifies key areas for improvement and cites “an opportunity for policymakers and industry players” to create new and more centralized methods of measuring and responding to the badware threat. StopBadware is in the midst of several projects to improve the Web’s collective resistance to badware: the organization recently released a set of best practices for web hosting providers responding to malware reports, and is currently creating a set of best practices for malware reporting. StopBadware plans to develop a centralized tool for reporting and tracking malware URLs later this year.
Weinstein will be presenting key findings from The State of Badware at the 14th Annual New York State Cyber Security Conference today. The full report can be downloaded at http://www.stopbadware.org/files/state-of-badware-june-2011.pdf.
StopBadware provides tools and information that assist industry and policymakers in meeting their responsibility to protect users from badware, and that help users protect themselves. It began as a project of the Berkman Center for Internet & Society at Harvard University before spinning off as a stand-alone nonprofit organization in 2010. Corporate partners include Google, PayPal, Mozilla, Nominum, Verizon, and Qualys. StopBadware is based in Cambridge, Mass. For more information, visit www.stopbadware.org.