New badware stats page

Fairly often, a reporter, a partner, or another contact asks us for statistics about badware: how many bad websites exist, how many computers get infected each day, what do users understand about the threat, etc. These are complex questions to answer, and StopBadware does not always have the information or time to answer them. We do, however, frequently come across useful and interesting stats in third party reports. I've been cataloging these for quite a while, and I've even shared some highlights on occasion. Since our new website, unlike the old one, allows us to update content without employing a map, a flashlight, and a team of Sherpas, we figured we'd go ahead and make our catalog of interesting stats a regular feature of the site.

We continue working to collect, publish, and analyze data that we believe will illuminate the problem of badware on the Web. Meanwhile, we hope that our aggregation of third party stats will be a useful resource for the community.

If you come across stats that you think would make a good addition to the page (criteria include relevance, quality of source, and a public link to the citation), please email or tweet them to us.

Grandma Got Infected by a Trojan

(To the tune of "Grandma Got Run Over by a Reindeer")


    Grandma got infected by a Trojan
    Checking out her email Christmas Eve
    Now you may say there's no such thing as badware
    But as for me and Grandpa, we believe.

She'd been clicking on attachments
As we'd begged her not to do
But she had to see the JPEG
That promised views of Brad Pitt in the nude.

When I saw her PC later
I could only shake my head
When I tried to load the browser
I was prompted to buy fake AV instead.


Now I'm so proud of Grandpa
He tried to fix it by himself
Using proper AV tools
And working through the night like Santa's elf.

First he tried a scan in safe mode
Then he used a rescue disc
But eventually he realized
He'd have to reinstall to quell the risk.


On Christmas morning we shared presents
And for Grandma we'd all seen
That the best gift I could give her
Was to teach her how to keep her system clean.

First I told her about patching
Every plugin, app, and tool
Then I begged her and I pleaded
Not to download unknown files like a fool.


See also last year's cautionary holiday tale.

Here's wishing you a happy, safe, and secure holiday season!

Can you pause live malware?

According to an article on TechHive, a security firm has seen evidence of cable company DVRs here in the U.S. being compromised and used to distribute spam and/or badware.

This is interesting, because the security burden for network appliances like DVRs must, by design, be borne by the manufacturers and service providers. I mean, what are you going to do if your DVR becomes infected? Press the pause button? No, you're going to call your cable company and expect them to fix it. I sure hope the customer service representative has a script for that problem!

Prevention, too, falls more heavily on the device manufacturers. After all, you can't install anti-virus software on your TiVo. Computer and smartphone vendors have historically assigned responsibility for badware prevention to the device owner/user. How will vendors respond when users start calling for warranty service because their network-enabled Blu-Ray players have security vulnerabilities?

It's too soon to tell whether DVR malware is a one-off event or the start of a trend. Either way, it raises some very interesting questions for the consumer electronics market.