A group at the Berkman Center—led by StopBadware's co-founder and Board member emeritus, John Palfrey—just released a great report about the impact of distributed denial of service (DDoS) attacks on the websites of independent media and human rights organizations.
From a badware standpoint, there were several interesting bits. For example:
[A sysadmin for a human rights site] reported that attackers hacked into his site to insert malicious code with the intent of triggering anti-virus warnings for the site and thereby scaring users from accessing the site and slowing their Internet connections by causing them to download large packages of Trojan horse software.
This is the first we've heard of Google's or others' badware detection and warning systems being used deliberately for a de facto denial of service attack. Of course, because such attacks may often go unreported, it's likely there have been others. It's worth noting that this doesn't invalidate the use of such warning systems—the targeted site's visitors really were at risk once the site had been compromised. The core problem is the set of conditions that allow the site to become compromised in the first place. This is often due in part to a lack of technical/security expertise at the organization:
A main theme that we have heard from respondents [to a survey of organizations likely to be targeted] was the need to bridge the divide between technology organizations capable of protecting against attacks and the independent media who need protection.
The report also touches on a number of other themes of interest to the StopBadware community, such as the importance of disrupting botnets, the threat of targeted malware attacks, and the challenges of identifying the perpetrators of attacks. If you are interested in understanding more about DDoS attacks—how they work, how organizations can help protect themselves against them, or what the security community can do to help the targeted organizations—I urge you to read the whole report. (PDF)