Upcoming StopBadware events: HostingCon, Online Trust Forum 2011

Posted on July 11, 2011 - 15:45 by ccondon

Happy middle-of-July, everyone: we hope the season is treating you kindly. The next few months are going to be pretty eventful for us—literally. We have several events coming up in various cities (all stateside for now), and we’d love to see some of you there. StopBadware will be at HostingCon in San Diego, CA, August 8-10; we’ll be exhibiting at the conference and promoting our Best Practices for Web Hosting Providers, so if you’re a rock star in the web hosting industry, be sure to stop by, say hello, and learn how you can demonstrate your commitment to protecting the online ecosystem!

After our summer conference debut, join us at the Online Trust Forum 2011 in Washington DC, October 17-19.  Hosted by the Online Trust Alliance, the Forum will address marketing, technical and regulatory challenges impacting trust and confidence in online services and communications. Now in its 7th year, the Forum brings together an international audience of business, industry, marketing, security, and government leaders to learn and collaborate on best practices to protect consumers and develop trust.

If you need another reason to come witness the all-star lineup at the 2011 Online Trust Forum, we’ll give you one: our intrepid leader, Executive Director Maxim Weinstein, will be participating in a panel called Evolving Cybercrime - How to keep from being a statistic along with leaders from the APWG, InfraGard, and Internet Identity. 

Early bird registration (register by August 12): https://otalliance.org/dc.html. You can save $100 by using the code PTRORG.

In addition, the Forum will include the 2011 Online Trust Leadership Awards. If your company promotes online trust and protects online safety and identity, let everyone know by nominating yourself for an Online Trust Leadership award. (And of course, if you’re so inclined, feel free to nominate StopBadware for the NGO award!) More>

To learn about other events around the world geared toward protecting the Internet and stopping badware, check out StopBadware’s Badware Events Calendar. If you know of a great badware-busting event that should be included on our calendar, let us know at calendar<at>stopbadware<dot>org.

Public release of StopBadware’s Best Practices for Web Hosting Providers: Responding to Malware Reports

Posted on March 15, 2011 - 08:49 by ccondon

After several eventful months of writing, ruminating, revising, and listening to feedback from the security industry and our web hosting working group, we are proud to announce the public release of StopBadware’s Best Practices for Web Hosting Providers: Responding to Malware Reports. We had some pretty lofty goals in starting this project: we wanted to address the hosting industry’s lack of consensus about how to respond to malware reports; we wanted to enable transparent, productive discussion among hosting providers, security researchers, and policymakers; and we wanted to come out of it all with a realistic, complete set of best practices that could be implemented effectively, whether by a small reseller or a large operator. Through a lot of hard work, and with invaluable insight from our working group and the community, we’re confident that our final best practices document achieves every one of those goals.

It’s unfortunately commonplace for malicious actors to create websites that seem legitimate, but that actually contain or link to malware. Oftentimes, the goal of these malicious actors is to spread malware by compromising other websites and infecting those sites’ visitors. Security researchers or concerned users routinely report these malicious sites to web hosting providers, but there can be a slew of questions and concerns surrounding response to malware reports, even when hosting providers have every intention of protecting their customers. Is the malicious URL in the report definitively within the provider’s zone of control? Does acknowledging a report carry legal implications for a hosting provider? What if the security researcher obtains new information and needs to follow up on the original report? StopBadware’s best practices provide a high-level framework for hosting providers who are committed to protecting their customers and acting as good Internet citizens; the Practices set universal guidelines for what steps hosting providers can—and should—take upon receiving a malware report.

We received a lot of enthusiastic participation while we were developing the Practices; likewise, we’ve received a great deal of support leading up to this public release, including and especially from some of the hosting providers who participated in our working group. We’re optimistic about the Practices’ potential to highlight the positive impact hosting providers can have when they commit to protecting users responsibly. And we’re extremely excited about the focus this project has brought to the fight against badware. We’d like to extend our most sincere gratitude to both our sensational working group and the community for the time, thought, and openness they dedicated to this project.

In addition to the best practices, we’ve created some extra materials to help web hosting companies understand and more effectively implement the Practices--all of which are freely available for your perusal.  We also have physical best practices packages for purchase; to support StopBadware’s Practices, check out a technician’s kit or  a larger team kit! StopBadware’s Best Practices for Web Hosting Providers: Responding to Malware Reports is available in full at http://stopbadware.org/home/webhost. You can read the full press release here.

We have several other significant projects in the works right now; you can expect to see much more from us in the coming months. Thanks for your continuing support!



**Update: We were remiss in not thanking Tucows for their support throughout this process and their help with publicity. Our apologies to Tucows--of course, you have our gratitude for everything you've provided during this project!

Update: Internap Network Services

Posted on May 14, 2007 - 17:26 by egeorge

On Friday we noted that StopBadware has been in touch with some of the companies that we featured in our recent press release on hosting providers and badware. We now have more information to share about Internap Network Services, which we listed as hosting 1,437 of the sites in our Badware Website Clearinghouse. Internap has informed us that, while it does own the IP address blocks associated with the sites we highlighted, those blocks are in fact leased to another tier of companies that provide the actual hosting for the sites.

Internap tells us it has informed the relevant hosting providers about the badware problems in the IP block, and that it is committed to ensuring that the providers it works with secure and clean their hosting servers.

Stay tuned for more updates!