StopBadware.org Identifies Companies Hosting Large Numbers of Websites That Can Infect Internet Users With Badware

StopBadware.org Identifies Companies Hosting Large Numbers of Websites That Can Infect Internet Users With Badware

Cambridge, MA – 5/3/2007 — StopBadware.org, the consumer protection initiative developed to combat badware, today released comprehensive data detailing the five companies that host the largest number of websites listed in its Badware Website Clearinghouse. These five companies combined host a large number of websites that have been identified as distributing malicious software to Internet users.

This announcement is the latest in a series of reports and analyses released by Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute as a part of an ongoing effort to battle “badware”  — malicious applications such as malware, spyware, or deceptive adware that fundamentally disregard the choices Internet users make about their own computers.

“Badware used to be something that you downloaded onto your computer,” said John Palfrey, co-director of StopBadware.org and Executive Director of the Berkman Center for Internet & Society at Harvard Law School. “Today, badware can infect your computer when you just visit a website. This list of web hosting companies, pulled from our database of sites that are infected with badware, shows some companies that host a large number of sites that may suffer from unaddressed security issues. These security flaws mean that webmasters who use these hosting services may be more at risk of their sites being hacked.”

“The big trend that we see is away from sites distributing badware knowingly and maliciously to a world in which many of the sites hosting badware have no idea,” said Palfrey. “Often, amateur webmasters find out that their sites have been hacked, and that their sites can infect their customers’ computers without anyone’s knowledge – except the unscrupulous hacker who is trying to make a buck off the transaction or is just out to cause harm.”

StopBadware.org analyzed 49,296 sites – sites submitted by trusted third parties to the StopBadware.org Badware Website Clearinghouse – and identified the following web hosting companies with the largest number of infected sites residing on their servers:

  • iPowerWeb, Inc., (10,834)
  • Layered Technologies, (2,513)
  • ThePlanet.com Internet Services, Inc, (2,056)
  • Internap Network Services, (1,437)
  • CHINANET Guangdong province network, (786)

“Hacking can turn a legitimate and otherwise trusted website into a badware distributor that can escape the notice of some of the savviest Internet users,” said Jonathan Zittrain, co-director of StopBadware.org and Chair in Internet Governance and Regulation at Oxford University. “Web hosting providers are well positioned to combat the spread of badware, minimizing the risks posed to the greater Internet community. It is our hope they will work proactively, both on their own and with website owners, to implement security measures to stem the flow of badware across the Internet.”

Examples of attacks that can render a seemingly harmless website into a badware distributor include:

  • Exploiting a known vulnerability in an older version of cpanel software to gain administrative access to sites hosted on servers managed with cpanel.
  • Exploiting a known vulnerability in an unpatched content management system to inject lines of code via sql queries that load exploits in otherwise legitimate websites.
  • Guessing weak passwords to inject lines of code that load exploits in otherwise legitimate websites.

Hosting providers have a powerful platform to educate their customers about best security practices; for instance, they can encourage customers to use complex passwords to guard access to the administration of a website. StopBadware.org cautions Internet users to take extra care when conducting business online and when researching hosting providers and to take note of hosting providers that host a high number of infected sites.

“Web hackers and badware distributors are constantly finding new ways to work around the safeguards that are put in place to protect consumers,” said Palfrey. “Web hosting providers must do their part to stay ahead of the curve and help keep the websites they host safe from malicious attacks.”

StopBadware.org is a nonprofit consumer protection initiative working to combat badware and is led by Harvard Law School’s Berkman Center for Internet & Society and Oxford University’s Oxford Internet Institute. Consumer Reports WebWatch serves as an unpaid special advisor. The initiative is supported by several high-tech companies, including Google, Lenovo and Sun Microsystems.

For more information, go to http://www.stopbadware.org.

Categories: