Welcome to our new sponsors!

StopBadware has been proud to count amongst our sponsors some of the leading companies in the technology industry: Google, Lenovo, and Sun Microsystems. Their support has been critical to StopBadware’s success in fighting badware through dissemination of research and management of the Clearinghouse appeals process.

We are now excited to welcome two additional sponsors: VeriSign and PayPal. Like our other partners, these two companies are committed to addressing security issues so that the web can be a safer place for all of us. With their help, StopBadware will continue to be an objective source of information about badware and those who spread it.

Announcing Review Request History

StopBadware is proud to announce the availability of Review Request History on our Stopbadware.org website. In an effort to be as transparent as possible with our data and status of the review request process, details of a specific review request can be found on our Stopbadware.org website.

On the Report Search page, all sites reported to our clearing house will display a new column called History. When a site owner clicks the black icon, a page displays a blue box at the top with the date the site was initially submitted into the clearinghouse.

Sites with a red icon contain additional appeals information. When a Review Request is initiated, another blue box appears displaying the date the appeal was created, the last time the appeal was updated, and the current status of the appeal.

The grey boxes represent correspondence from a site owner to us. The text of this correspondence is displayed only if the user specifically requests that this data be made public by checking a checkbox on our Review Request form.

Correspondence from us to a site owner will either be encapsulated in an orange box or a green box depending upon the status of badware found on the site.

We are very excited about this new functionality as it will allow site owners to see the status of their request as well as all correspondence back and forth. We have additional enhancements planned for this functionality as well, so stay tuned!

Hosting Providers Taking Action Against Badware

A week ago, StopBadware reported on five web hosting providers hosting large numbers of the sites listed in our Badware Website Clearinghouse. Today, we have new information to share about how some of those web hosts are working to keep their hosted sites clean and secure. Our data last week featured five hosting providers of sites that are listed in our Clearinghouse. Sites in the Clearinghouse have been reported to us by trusted partners as hosting or distributing badware, often as the result of hacking attacks by malicious third parties. Our data reflects sites that are part of our Clearinghouse, and does not necessarily reflect the internet as a whole.

The top site in our listings was iPowerWeb, at 10,843 sites. We’re happy to report that we are now in contact with iPowerWeb, and that it has demonstrated a commitment to working proactively to combat badware. iPowerWeb has informed us that it has located and removed badware-distributing code from thousands of its sites that are listed in our Clearinghouse. These sites will now be reviewed according to our usual process. All sites that are confirmed to be clean will then be removed from the Badware Website Clearinghouse.

StopBadware has also been contacted by two other hosting providers we identified, Internap Network Services and Layered Technologies. We’re looking forward to working with these and other hosting providers to help combat badware at the hosting level. Check back soon for more updates.

Analysis of Top Hosts in Badware Website Clearinghouse

StopBadware has analyzed 49,296 websites - sites submitted by trusted third parties to the StopBadware.org Badware Website Clearinghouse - and identified the five web hosting companies with the largest number of infected sites residing on their servers. These five companies combined host a large number of websites that have been identified as distributing malicious software to Internet users.

Many of the sites listed in the Clearinghouse are otherwise innocent sites that have been hacked into by third parties. If a provider hosts a large number of sites that distribute badware, it's possible that the provider has unaddressed security vulnerabilities that increase the likelihood of the sites the provider hosts being hacked.

The company hosting the largest number of sites in the Clearinghouse is iPowerWeb, Inc., with 10,834 sites in the Clearinghouse. iPowerWeb is followed by Layered Technologies, ThePlanet.com Internet Services, Inc., Internap Network Services, and CHINANET Guangdong province network.

To read more, see our press release, check out our blog post, or comment at our discussion group.

Malicious Hacking: One Site's Story

The number of websites distributing badware is rising - and in many cases, the websites are otherwise innocent victims of malicious hacking. Ethan Zuckerman shares a detailed and insightful account of one such attack in a recent post to his blog. A website owned by a friend of Zuckerman's was hacked, and subject to a Google search warning and listing in the Badware Website Clearinghouse. Zuckerman initially assumed that his friend's site must be listed by mistake, but quickly learned that the site had been compromised. As Zuckerman tracked down what had happened to his friend's site, he uncovered the source of the attack - an organized crime outfit known as the RBusiness Network, currently based in Panama.

StopBadware is not the only group noticing increases in this kind of website hack. Symantec's recent Internet Security Threat Report, for example, noted an increase in malware designed to steal financial data from victims.

Read more on the StopBadware blog, or check out Ethan Zuckerman's blog post for more on his story.

Badware Website Clearinghouse launches

The Badware Website Clearinghouse is up and running! The newest addition in our expanding focus on the websites that spread badware, the Clearinghouse aggregates information from trusted third parties about sites that host or distribute badware. For sites that have been added the most recently, the Clearinghouse listing includes examples of URLs within the website that lead to badware. We'll be adding more information for older listings in the Clearinghouse in the coming weeks.

For webmasters of sites flagged in the Clearinghouse, there is now a more streamlined way to ask StopBadware to review their sites, using our new Request for Review web form. The form provides information and helpful links, as well as outlining the steps needed for the fastest possible processing of a review. We strongly encourage webmasters to evaluate their sites for badware, and clean and secure their sites, before submitting a review request. If a site is already clean and secure by the time it is re-tested, the process of lifting the badware warning for that site will be much simpler and faster.

StopBadware.org files complaint with FTC

StopBadware.org and the Center for Democracy and Technology (CDT) have teamed up to file a formal complaint with the Federal Trade Commission (FTC) against FastMP3Search.com.ar for distributing badware to unsupecting Internet users.

FastMP3Search.com.ar is a site that offers MP3s for download -- however, it requires users to download a plugin in order to download these songs. Unfortunately, this plugin comes bundled with a ton of adware, Trojan horses, and other forms of badware -- none of which is disclosed to the user. We've written up an in-depth report on the FastMP3Search Plugin that explains all of the bad behaviors that users are subjected to when they download this application. For a summary of those behaviors, check out our blog post. Prof. John Palfrey has also posted his thoughts on the subject on his own blog.

FTC Shuts Down Team Taylor Made

The FTC has just informed us that they've successfully shut down Team Taylor Made and the sites it was affiliated with (check out the FTC's press release here). You may remember Team Taylor Made from our report on the Jessica Simpson Screensaver, one of the worst pieces of badware we'd ever seen.

Now, the U.S. District Court in Nevada has issued a temporary restraining order against Team Taylor Made and ERG Ventures, and the FTC is seeking a permanent injunction against them. Our report on the Jessica Simpson Screensaver was included as an attachment in the FTC's application for a temporary restraining order. Here's what Professor John Palfrey, co-director of StopBadware.org and executive director of the Berkman Center has to say:

"The action by the U.S. District Court against ERG Ventures is proof that consumers have an effective voice in the fight against badware. StopBadware.org's report on Team Taylor Made (an ERG affiliate), released in May, and the subsequent news coverage that followed, should have put them on notice. However, ERG continued to operate deceptively despite our efforts to get them to change their ways."

"StopBadware.org applauds the FTC for their efforts, as well as today's decision by the Court, to put a stop to ERG's ability to knowingly distribute malicious software to consumers."

Quick Website Reports -- Now Live and Searchable!

We've just unveiled our website report database, complete with search capabilities. If you look to the right of this or any other StopBadware.org page, you'll notice a box that says "Quick Reports." Beneath it, we list how many reports we've done to date, and include both a link to a comprehensive list of our reports and a search box. We've also streamlined our Reports page, so check it out and let us know what you think.

If you know of badware-distributing websites or unpleasant applications that you'd like to see on this list, let us know here.

New Website, Same Old Scam

In this week's in-depth report, we highlight an old badware application with a shiny new site: Popcorn.net. This "Internet-based multi-channel entertainment browser" is actually a repackaging of Movieland's MediaPipe application, which we reviewed back in March (see our Mediapipe report here ). Popcorn.net deceives users into downloading the application, installs a Trojan horse and adware, and cannot be uninstalled. See our full report for details.

Safer Searching (Updated on January 22, 2007)

We're entering a new phase here at StopBadware.org. Google -- which is one of our partners -- is now presenting people with a warning before they visit websites that Google's testing indicates cause users to be infected with badware. Google also reports these sites have been reported to StopBadware.org as sites that distribute badware. These warnings currently link to a general page on StopBadware.org, but in cases where we subsequently research a site as we finish researching sites, we'll replace the general page with one of our individual website reports (see an example here ). Hopefully this next step will bring us that much closer to fulfilling our mission of providing people with reliable, objective information about downloadable applications in order to help them make better choices.

If there are sites and applications you'd like us to check out before you use them, let us know here.

For an update on the Safer Searching project and Google's warning pages, click here or visit our FAQ.

The "Badware" problem.

Learn more: About Badware | About Us | Academic Background