Spyware Brigade

StopBadware.org, a consumer protection initiative developed to combat malware recently released a comprehensive report detailing five major companies hosting the largest number of websites known to be distributing malware to Internet users.

StopBadware.org analyzed over 49,000 sites, submitted to them by third parties. The following web hosting companies had the largest number of infected sites residing on their servers:

• iPowerWeb, Inc., (10,834)
• Layered Technologies, (2,513)
• ThePlanet.com Internet Services, Inc., (2,056)
• Internap Network Services, (1,437)
• CHINANET Guangdong province network, (786)

Hackers using legitimate websites can turn trusted sites into malware distributors, evading even the most advanced Internet users. As antivirus companies and consumers become increasingly aware of traditional virus and Spyware infection methods, hackers have sought out alternative options. The popularity of social networking sites and the perceived legitimacy of “safe” websites make website targeting a gold mine for Internet criminals.

Some of the different ways hackers can use websites to deliver Spyware and viruses are listed below:

• Utilizing older versions of software to gain administrative access to sites hosted on the servers managed with them.
• Exploiting vulnerabilities in unpatched content to inject lines of code from SQL queries that load exploits onto otherwise legitimate sites.
• Attacking sites that use weak passwords to inject malicious code.

Below are some tips to assist webmasters in identifying malware on their websites:

• Evaluate all software available for download from your website, including any third party applications bundled with the software. Also check the code of the bundled software for changes. One method for doing this is to download the entire software bundle onto a virtual machine and scan it using a comprehensive antivirus/antiSpyware program like StopSign.
• Check all of the links on your site for malware. Pay attention to links to sites that include executable files with extensions like .exe, .bat, .cmd, etc…
• Check any third party ads on your site. • Check for malware links in user generated areas of your site.
• Check your site’s source code on a recurring basis to make sure nothing has been added or changed. Changes to your sites code would indicate an infection attack from a hacker.

To prevent your website from inadvertently posting malware follow these guidelines:

• Check all of the software you have available for download for adware, viruses and Spyware before making it available for download.
• Check all links for malware before posting them on your site.
• Make sure your ad network is reputable and actively screens advertisers for malware. StopBadware.org provides reports to assist with this.
• Closely monitor all user-generated areas of your site.
• Use Strong Passwords at least 8 characters in length, with a random combination of numbers and letters.
• Use SSH and SFTP protocols instead of the plain text protocols of Telnet and FTP.
• Scan your site for vulnerabilities on a regular basis.
• Keep up-to-date on all software available from your site.
• Make sure your hosting company keeps all their software up to date, including any required patches.

REPRINT RIGHTS