Joint StopBadware-Commtouch report explores site compromise from the owner's perspective

Posted on February 22, 2012 - 09:49 by ccondon

Late last year, we talked with security firm Commtouch about gaps in the collective security community's knowledge of badware websites. Specifically, we wondered about legitimate websites that are compromised and abused by malicious actors. For instance: Are certain kinds of website software targeted more than others? How are legitimate sites compromised (e.g., outdated software, infected PC, etc.), and how do site owners find out about the compromise? How do those owners regain control of their sites, and what role do their web hosting providers play?

Our conversation with Commtouch resulted in our designing a joint survey aimed at site owners; from November 2011 to the end of January 2012, we offered the survey, through a variety of outlets, to webmasters whose sites had been compromised. At the end of the survey period, we had collected responses from more than 600 webmasters who provided us with stories about their experiences.

Today, StopBadware and Commtouch published a new report based on this survey data: Compromised Websites: An Owner's Perspective highlights webmasters' struggles with hacked sites and presents statistics and opinions from site owners. A few highlights from the survey:

  • About half of the site owners surveyed discovered the hack when they attempted to visit their own site(s) and saw a browser or search engine warning.
  • 26% of the respondents had not figured out how to resolve the problem at the time they completed the survey.
  • 40% of site owners changed their opinion of their web hosting provider following a compromise.

To read more, download the report here. Press is also available here.   Compromised Websites: An Owner’s Perspective – Infographic

Google offers webmasters more malware details

Google's Webmaster Tools has, for quite some time, provided verified website owners with a partial list of pages from their site in which Google found badware during their scanning. Unfortunately, it was often frustrating to site owners to know that Google detected something on a page without knowing what the problem actually was. This frustration should be largely eliminated now that Webmaster Tools has added an experimental Labs feature called "Malware Details," which at least in some cases provides more information to the site owner, as shown in this screenshot from the blog post announcing the feature:

This is a big step forward and should make life much easier for the website owners whose sites have fallen victim to malware. Now, if we can just get Google to share this data with us, so we can better help users who have submitted review requests...
[Update: I just saw that the same blog post mentions another feature, Fetch as Googlebot, which will display a particular page as seen by Google's web crawler. This also, as noted in the post, can be helpful in diagnosing malware, as it allows the site owner to see how Google's view of the page differs from the user's own view. One cause of such a difference is malware that responds differently to different agent or referrer strings in the http request.]

Google's new resource for owners of compromised sites

Posted on May 21, 2008 - 15:07 by egeorge

Google has rolled out a new resource for owners of compromised websites that it flags as potentially dangerous in its search results.

"Google Diagnostics":http://googleonlinesecurity.blogspot.com/2008/05/safe-browsing-diagnosti... shows information about malware and malware-distributing behaviors that Google has observed on the site within the past 90 days.

We're already hearing from website owners and the volunteers in our "discussion group":http://groups.google.com/group/stopbadware that the new diagnostics pages are helpful in discovering problems with a site. We'd like to applaud Google for taking this step in greater transparency. This new resource should help website owners in cleaning and securing their sites faster, which will help protect even more internet users.

You can see an example diagnostics page "here":http://www.google.com/safebrowsing/diagnostic?site=http://malware.testin....