SlideShare a Scribd company logo

May 2008 Badware Sites Report Analyzes Over 200K Infected Websites

Attaporn Ninsuwan
Attaporn Ninsuwan

This document summarizes an analysis of over 200,000 websites engaged in badware behavior according to Google's Safe Browsing initiative. The analysis found that over half of infected sites were located in China, with the top three Chinese network blocks accounting for 68% of infections in that country. In contrast, infected sites in the US were more distributed. Compared to the previous year, the total number of infected sites increased, likely due to expanded scanning and increased malware distribution through websites.

Education
1 of 5
Download to read offline
May 2008 Badware Websites Report Page 1 of 5 Abstract Using data from Google’s Safe Browsing initiative, StopBadware.org analyzed over 200,000 websites found to engage in badware behavior. The analysis found that over half of the sites were based on Chinese network blocks, with a small number of blocks accounting for most of the infected sites in that country. The U.S. accounted for 21% of infected sites, and these were spread across a wide range of networks. Compared to last year, the total number of sites was much higher, likely due both to increased scanning efforts by Google and to increased use of websites as a vector of malware infection. Several U.S.-based network blocks that were heavily infected last year, including that of web hosting company iPowerWeb, whose network block topped last year’s list, no longer host large numbers of infected sites. Data source & methodology StopBadware.org maintains in its Badware Website Clearinghouse an updated copy of the list of active badware websites generated by Google’s Safe Browsing initiative. Using the current list of active sites as of late May 2008, which totaled 213,575, StopBadware.org resolved each site’s URL to an IP address and used data from Team Cymru to identify the autonomous system (AS) block name, autonomous system block number (ASN), and the network’s registered country of origin. An AS represents a set of interconnected networks and routers that are operated by a single entity. The entity that operates the network block may, but does not necessarily, own or operate the servers hosting the infected websites. Some URLs (8,556) did not resolve to a valid IP address and are treated as “unknown” in our analysis. A smaller number of sites returned no data for AS block (252) or country code (2,332), and these are also treated as “unknown” in our analysis. Sites that are identified as exhibiting badware behavior may be deliberately participating in the distribution of malware or may be compromised through manual or automated means. This report does not distinguish among sites based on intent, but rather treats all of the sites equally as vectors for malware infection. Known limitations The data from Google limit the analysis in two ways. First, the methods Google uses to identify badware websites are limited to capturing certain common varieties of
Page 2 of 5 badware behavior1 . Therefore, this report is limited to sites that contain these particular badware traits. Second, while Google has an extensive cache representing much of the web, it is unlikely to be completely comprehensive. Furthermore, it is not necessarily the case that Google scans all web content for badware with the same frequency. It is therefore possible that the findings are skewed somewhat towards those networks, websites, or types of content that are scanned most aggressively. We present these findings acknowledging the possibility of skewed and/or incomplete results but believing that they are reasonably representative of the overall web ecosystem. Country findings With 52% of identified badware sites, China hosts far more sites than any other country. The U.S. is second with 21%. No other country hosts more than 4% of the world’s badware sites, though a total of 106 countries host at least one infected site and 38 countries host at least a hundred. Badware Sites by Country May 2008 China U.S. Russia Germany France Rep. of Korea Great Britain Unknown Other StopBadware.org also analyzed, for the seven countries topping the list of infections, the relationship between a country’s Internet-using population and its number of badware sites. It is difficult to find current numbers of Internet users by country, but using the most recent data (ranging from 2005 to 2008) from the CIA Fact Book2, StopBadware.org calculated the badware sites per million Internet users for the world (210 sites per million) and for each of the seven countries, as shown in the table on the following page. 1 For more info, see http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf 2 https://www.cia.gov/library/publications/the-world-factbook/rankorder/2153rank.html Source: Google & Team Cymru Analysis: StopBadware.org
Page 3 of 5 Country Badware sites per million Internet users China 689 Russia 307 United States 212 Germany 135 France 128 Republic of Korea 115 Great Britain 60 These numbers reinforce the dominance of China as a malware host, with an infection rate over three times that of the world average. Russia also stands out with a disproportionately high rate (possibly skewed by rapid growth in Internet use not reflected in the CIA’s 2006 numbers), while the United States is just about average. Relative to their populations, the western European countries and the Republic of Korea are far less likely to host badware sites than other nations. Network block findings The top ten network (AS) blocks hosting badware websites were: Network block name & description Country Number of infected sites CHINANET-BACKBONE No.31,Jin-rong Street China 48,834 CHINA169-BACKBONE CNCGROUP China169 Backbone China 17,713 CHINANET-SH-AP China Telecom (Group) China 9,445 CNCNET-CN China Netcom Corp. China 6,058 GOOGLE - Google Inc. U.S. 4,261 DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd. China 3,604 SOFTLAYER - SoftLayer Technologies Inc. U.S. 3,507 THEPLANET-AS - ThePlanet.com Internet Services, Inc. U.S. 3,166 INETWORK-AS IEUROP AS France 2,878 CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation China 2,357
Page 4 of 5 The network blocks and their owners play different roles in the Internet ecosystem. Google and iEurop, for example, use their networks to provide hosted blogs and websites, respectively, indicating that the companies have direct control over the infected servers. Google reportedly disables infected blog sites as its systems detect badware behavior3, and iEurop has expressed a willingness to take action as badware sites are brought to its attention. SoftLayer and ThePlanet.com offer data center services and/or dedicated, self-managed hosting, indicating that they do not control the content of many systems operating on their networks. Both companies, however, have acceptable use policies for their customers and have expressed an interest in investigating potential violations of these policies. The Chinese companies in the top 10 list operate as Internet service providers (ISPs) or backbone providers, offering bandwidth to customers who may use the bandwidth for a variety of purposes. Some may also offer direct hosting services. StopBadware.org has not had success in contacting these companies. In China, 68% of the country’s infected sites are hosted on just three AS blocks, while in the U.S., the top three blocks account for only 25% of infected sites. This is likely reflective of a more centrally-controlled Internet infrastructure in China, in contrast to the highly distributed infrastructure in the U.S. Discussion & conclusions Web-based malware is a global problem, and nowhere is the problem more pronounced than in China. This analysis does not identify the reason for China’s disproportionate share of infected sites. Additional research by StopBadware.org4, however, has postulated that part of the reason for this could be the lack of economic incentives for Chinese hosting providers and site owners to inform their users of infected sites and/or to take action to clean or remove these sites. In the U.S. and Europe, cooperation and data sharing among multiple links in the Internet chain have proven to be effective strategies in addressing the issue. For example, after StopBadware.org released a similar list of top infected AS blocks last 3 Google, a sponsor of StopBadware.org, tells StopBadware.org that when a Blogger site is identified as badware by their Safe Browsing initiative, the site is immediately reported to Google’s Blogger group and the site is disabled. However, the URL for the site remains listed as badware until the Safe Browsing systems rescan the site, which means that there is a lag from the time the site is rendered harmless to the time at which it no longer appears in the data used by StopBadware.org for analysis. 4 http://weis2008.econinfosec.org/papers/Greenstadt.pdf
Page 5 of 5 year5 , the owner of the most infected block, iPowerWeb, used Google’s data and cooperated with StopBadware.org to clean and protect thousands of infected sites. Similar success was seen more recently on a smaller scale with U.K. hosting provider Byet Internet Services6. Neither hosting provider had enough infected websites on its network block at the time of our analysis to rank in the top 250 infected networks. It is clear that further research is needed to identify the parties that are most likely to be willing and able to take action against badware sites, especially in China, and to engage in conversation with these parties. To this end, StopBadware.org intends to deepen its analysis to include Whois network data, which is more specific than AS block data, and to continue its outreach efforts to all of the network block owners identified in this report. 5 http://blogs.stopbadware.org/articles/2007/05/04/stopbadware-identifies-hosting-providers-of-larged- numbers-of-sites-in-badware-website-clearinghouse 6 For more info, see http://blogs.stopbadware.org/articles/2008/05/07/taking-a-byet-out-of-badware

Recommended

Detecting Malicious Facebook Applications
Detecting Malicious Facebook ApplicationsDetecting Malicious Facebook Applications
Detecting Malicious Facebook Applications1crore projects
 
Detecting malicious facebook applicationsi
Detecting malicious facebook applicationsiDetecting malicious facebook applicationsi
Detecting malicious facebook applicationsinexgentechnology
 
DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...
DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...
DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...Nexgen Technology
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Fr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsFr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsCloudTechnologies
 
Fr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsFr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsPvrtechnologies Nellore
 
Significant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection SpamSignificant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection Spamijtsrd
 
FRAppE Detecting Malicious Facebook Applications
FRAppE Detecting Malicious Facebook ApplicationsFRAppE Detecting Malicious Facebook Applications
FRAppE Detecting Malicious Facebook ApplicationsNagamalleswararao Tadikonda
 

Recommended

Detecting Malicious Facebook Applications
Detecting Malicious Facebook ApplicationsDetecting Malicious Facebook Applications
Detecting Malicious Facebook Applications1crore projects
 
Detecting malicious facebook applicationsi
Detecting malicious facebook applicationsiDetecting malicious facebook applicationsi
Detecting malicious facebook applicationsinexgentechnology
 
DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...
DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...
DETECTING MALICIOUS FACEBOOK APPLICATIONS - IEEE PROJECTS IN PONDICHERRY,BUL...Nexgen Technology
 
Social Media Security
Social Media SecuritySocial Media Security
Social Media Securityscstatelibrary
 
Fr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsFr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsCloudTechnologies
 
Fr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsFr app e detecting malicious facebook applications
Fr app e detecting malicious facebook applicationsPvrtechnologies Nellore
 
Significant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection SpamSignificant factors for Detecting Redirection Spam
Significant factors for Detecting Redirection Spamijtsrd
 
FRAppE Detecting Malicious Facebook Applications
FRAppE Detecting Malicious Facebook ApplicationsFRAppE Detecting Malicious Facebook Applications
FRAppE Detecting Malicious Facebook ApplicationsNagamalleswararao Tadikonda
 
Android security
Android security Android security
Android security Hassan Abutair
 
IJET-V3I2P6
IJET-V3I2P6IJET-V3I2P6
IJET-V3I2P6IJET - International Journal of Engineering and Techniques
 
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYA SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYIJNSA Journal
 
Users and Behaviors- Social Internet
Users and Behaviors- Social InternetUsers and Behaviors- Social Internet
Users and Behaviors- Social InternetKenie Moses
 
Users and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityUsers and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityDr. V Vorvoreanu
 
Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...UltraUploader
 
WedBush Newsletter 6/20/11
WedBush Newsletter 6/20/11WedBush Newsletter 6/20/11
WedBush Newsletter 6/20/11Vitrue
 
Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
The Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyThe Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyOsterman Research, Inc.
 
Facebook
FacebookFacebook
FacebookSteph Cliche
 
Lrt top 10
Lrt top 10Lrt top 10
Lrt top 10Guru99
 
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Hamza Harkous
 
Masango2017
Masango2017Masango2017
Masango2017Prakash1944121
 
Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Symantec Security Response
 
Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec
 
Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec
 
Understanding the web browser threat
Understanding the web browser threatUnderstanding the web browser threat
Understanding the web browser threatTola Odugbesan
 
State of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsState of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsIOSRjournaljce
 
Remedying Web Hijacking: Notification
Remedying Web Hijacking: NotificationRemedying Web Hijacking: Notification
Remedying Web Hijacking: NotificationAndrey Apuhtin
 
Webmasterbreach
WebmasterbreachWebmasterbreach
WebmasterbreachÉdgar Medina
 

More Related Content

What's hot

A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYA SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYIJNSA Journal
 
Users and Behaviors- Social Internet
Users and Behaviors- Social InternetUsers and Behaviors- Social Internet
Users and Behaviors- Social InternetKenie Moses
 
Users and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityUsers and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityDr. V Vorvoreanu
 
Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...UltraUploader
 
WedBush Newsletter 6/20/11
WedBush Newsletter 6/20/11WedBush Newsletter 6/20/11
WedBush Newsletter 6/20/11Vitrue
 
Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerAnonDownload
 
The Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyThe Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyOsterman Research, Inc.
 
Lrt top 10
Lrt top 10Lrt top 10
Lrt top 10Guru99
 
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Hamza Harkous
 
Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Symantec Security Response
 
Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec
 
Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec
 

What's hot (18)

Android security
Android security Android security
Android security
 
IJET-V3I2P6
IJET-V3I2P6IJET-V3I2P6
IJET-V3I2P6
 
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMYA SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
A SURVEY ON WEB SPAM DETECTION METHODS: TAXONOMY
 
Users and Behaviors- Social Internet
Users and Behaviors- Social InternetUsers and Behaviors- Social Internet
Users and Behaviors- Social Internet
 
Users and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & SecurityUsers and behaviors social internet: Safety & Security
Users and behaviors social internet: Safety & Security
 
Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...
 
WedBush Newsletter 6/20/11
WedBush Newsletter 6/20/11WedBush Newsletter 6/20/11
WedBush Newsletter 6/20/11
 
Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014Symantec Intelligence Report - June 2014
Symantec Intelligence Report - June 2014
 
Developer’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messengerDeveloper’s silence raises concern about surespot encrypted messenger
Developer’s silence raises concern about surespot encrypted messenger
 
The Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your CompanyThe Critical Need to Secure the Web in Your Company
The Critical Need to Secure the Web in Your Company
 
Facebook
FacebookFacebook
Facebook
 
Lrt top 10
Lrt top 10Lrt top 10
Lrt top 10
 
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
Dissecting and Mitigating the Privacy Risk of Personal Cloud Apps (at PETS 2016)
 
Masango2017
Masango2017Masango2017
Masango2017
 
Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014Symantec Intelligence Report December 2014
Symantec Intelligence Report December 2014
 
Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...Email threats 2017: Users encounter threats through email twice as often as o...
Email threats 2017: Users encounter threats through email twice as often as o...
 
Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014Symantec Intelligence Report September 2014
Symantec Intelligence Report September 2014
 
Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014Symantec Intelligence Report - July 2014
Symantec Intelligence Report - July 2014
 

Similar to May 2008 Badware Sites Report Analyzes Over 200K Infected Websites

Understanding the web browser threat
Understanding the web browser threatUnderstanding the web browser threat
Understanding the web browser threatTola Odugbesan
 
State of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsState of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsIOSRjournaljce
 
Remedying Web Hijacking: Notification
Remedying Web Hijacking: NotificationRemedying Web Hijacking: Notification
Remedying Web Hijacking: NotificationAndrey Apuhtin
 
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATIONMAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATIONIJNSA Journal
 
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATIONMAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATIONIJNSA Journal
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET Journal
 
Usc annenberg lab_adreport_jan2013
Usc annenberg lab_adreport_jan2013Usc annenberg lab_adreport_jan2013
Usc annenberg lab_adreport_jan2013Ad6 Media
 
identifying malevolent facebook requests
identifying malevolent facebook requestsidentifying malevolent facebook requests
identifying malevolent facebook requestsINFOGAIN PUBLICATION
 
State of Internet 1H 2008
State of Internet 1H 2008State of Internet 1H 2008
State of Internet 1H 2008Kim Jensen
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...IJECEIAES
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat ReportKim Jensen
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008Kim Jensen
 
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLaticiaGrissomzz
 
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...IRJET Journal
 

Similar to May 2008 Badware Sites Report Analyzes Over 200K Infected Websites (20)

Understanding the web browser threat
Understanding the web browser threatUnderstanding the web browser threat
Understanding the web browser threat
 
State of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLsState of the Art Analysis Approach for Identification of the Malignant URLs
State of the Art Analysis Approach for Identification of the Malignant URLs
 
Remedying Web Hijacking: Notification
Remedying Web Hijacking: NotificationRemedying Web Hijacking: Notification
Remedying Web Hijacking: Notification
 
Webmasterbreach
WebmasterbreachWebmasterbreach
Webmasterbreach
 
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATIONMAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
 
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATIONMAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
MAPREDUCE IMPLEMENTATION FOR MALICIOUS WEBSITES CLASSIFICATION
 
Aburajab ndss-13
Aburajab ndss-13Aburajab ndss-13
Aburajab ndss-13
 
Learning to detect phishing ur ls
Learning to detect phishing ur lsLearning to detect phishing ur ls
Learning to detect phishing ur ls
 
IRJET- Phishing Website Detection System
IRJET- Phishing Website Detection SystemIRJET- Phishing Website Detection System
IRJET- Phishing Website Detection System
 
Usc annenberg lab_adreport_jan2013
Usc annenberg lab_adreport_jan2013Usc annenberg lab_adreport_jan2013
Usc annenberg lab_adreport_jan2013
 
The Dangers of Lapto
The Dangers of LaptoThe Dangers of Lapto
The Dangers of Lapto
 
identifying malevolent facebook requests
identifying malevolent facebook requestsidentifying malevolent facebook requests
identifying malevolent facebook requests
 
2013 Threat Report
2013 Threat Report2013 Threat Report
2013 Threat Report
 
State of Internet 1H 2008
State of Internet 1H 2008State of Internet 1H 2008
State of Internet 1H 2008
 
Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...Detecting malicious URLs using binary classification through ada boost algori...
Detecting malicious URLs using binary classification through ada boost algori...
 
Websense 2013 Threat Report
Websense 2013 Threat ReportWebsense 2013 Threat Report
Websense 2013 Threat Report
 
State of Internet 2H 2008
State of Internet 2H 2008State of Internet 2H 2008
State of Internet 2H 2008
 
G05913234
G05913234G05913234
G05913234
 
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docxLab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
Lab-3 Cyber Threat Analysis In Lab-3, you will do some c.docx
 
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
IRJET - Detection and Prevention of Phishing Websites using Machine Learning ...
 

More from Attaporn Ninsuwan

Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsAttaporn Ninsuwan
 
Techniques for data hiding p
Techniques for data hiding pTechniques for data hiding p
Techniques for data hiding pAttaporn Ninsuwan
 
Steganography past-present-future 552
Steganography past-present-future 552Steganography past-present-future 552
Steganography past-present-future 552Attaporn Ninsuwan
 
Chapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier TransformChapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier TransformAttaporn Ninsuwan
 
Chapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier TransformChapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier TransformAttaporn Ninsuwan
 
Chapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic SignalsChapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic SignalsAttaporn Ninsuwan
 
Chapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant SystemChapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant SystemAttaporn Ninsuwan
 

More from Attaporn Ninsuwan (20)

J query fundamentals
J query fundamentalsJ query fundamentals
J query fundamentals
 
Jquery enlightenment
Jquery enlightenmentJquery enlightenment
Jquery enlightenment
 
Jquery-Begining
Jquery-BeginingJquery-Begining
Jquery-Begining
 
Br ainfocom94
Br ainfocom94Br ainfocom94
Br ainfocom94
 
Chapter 12 - Computer Forensics
Chapter 12 - Computer ForensicsChapter 12 - Computer Forensics
Chapter 12 - Computer Forensics
 
Techniques for data hiding p
Techniques for data hiding pTechniques for data hiding p
Techniques for data hiding p
 
Steganography past-present-future 552
Steganography past-present-future 552Steganography past-present-future 552
Steganography past-present-future 552
 
Ch03-Computer Security
Ch03-Computer SecurityCh03-Computer Security
Ch03-Computer Security
 
Ch02-Computer Security
Ch02-Computer SecurityCh02-Computer Security
Ch02-Computer Security
 
Ch01-Computer Security
Ch01-Computer SecurityCh01-Computer Security
Ch01-Computer Security
 
Ch8-Computer Security
Ch8-Computer SecurityCh8-Computer Security
Ch8-Computer Security
 
Ch7-Computer Security
Ch7-Computer SecurityCh7-Computer Security
Ch7-Computer Security
 
Ch6-Computer Security
Ch6-Computer SecurityCh6-Computer Security
Ch6-Computer Security
 
Ch06b-Computer Security
Ch06b-Computer SecurityCh06b-Computer Security
Ch06b-Computer Security
 
Ch5-Computer Security
Ch5-Computer SecurityCh5-Computer Security
Ch5-Computer Security
 
Ch04-Computer Security
Ch04-Computer SecurityCh04-Computer Security
Ch04-Computer Security
 
Chapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier TransformChapter5 - The Discrete-Time Fourier Transform
Chapter5 - The Discrete-Time Fourier Transform
 
Chapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier TransformChapter4 - The Continuous-Time Fourier Transform
Chapter4 - The Continuous-Time Fourier Transform
 
Chapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic SignalsChapter3 - Fourier Series Representation of Periodic Signals
Chapter3 - Fourier Series Representation of Periodic Signals
 
Chapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant SystemChapter2 - Linear Time-Invariant System
Chapter2 - Linear Time-Invariant System
 

Recently uploaded

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 

Recently uploaded (20)

Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 

May 2008 Badware Sites Report Analyzes Over 200K Infected Websites

  • 1. May 2008 Badware Websites Report Page 1 of 5 Abstract Using data from Google’s Safe Browsing initiative, StopBadware.org analyzed over 200,000 websites found to engage in badware behavior. The analysis found that over half of the sites were based on Chinese network blocks, with a small number of blocks accounting for most of the infected sites in that country. The U.S. accounted for 21% of infected sites, and these were spread across a wide range of networks. Compared to last year, the total number of sites was much higher, likely due both to increased scanning efforts by Google and to increased use of websites as a vector of malware infection. Several U.S.-based network blocks that were heavily infected last year, including that of web hosting company iPowerWeb, whose network block topped last year’s list, no longer host large numbers of infected sites. Data source & methodology StopBadware.org maintains in its Badware Website Clearinghouse an updated copy of the list of active badware websites generated by Google’s Safe Browsing initiative. Using the current list of active sites as of late May 2008, which totaled 213,575, StopBadware.org resolved each site’s URL to an IP address and used data from Team Cymru to identify the autonomous system (AS) block name, autonomous system block number (ASN), and the network’s registered country of origin. An AS represents a set of interconnected networks and routers that are operated by a single entity. The entity that operates the network block may, but does not necessarily, own or operate the servers hosting the infected websites. Some URLs (8,556) did not resolve to a valid IP address and are treated as “unknown” in our analysis. A smaller number of sites returned no data for AS block (252) or country code (2,332), and these are also treated as “unknown” in our analysis. Sites that are identified as exhibiting badware behavior may be deliberately participating in the distribution of malware or may be compromised through manual or automated means. This report does not distinguish among sites based on intent, but rather treats all of the sites equally as vectors for malware infection. Known limitations The data from Google limit the analysis in two ways. First, the methods Google uses to identify badware websites are limited to capturing certain common varieties of
  • 2. Page 2 of 5 badware behavior1 . Therefore, this report is limited to sites that contain these particular badware traits. Second, while Google has an extensive cache representing much of the web, it is unlikely to be completely comprehensive. Furthermore, it is not necessarily the case that Google scans all web content for badware with the same frequency. It is therefore possible that the findings are skewed somewhat towards those networks, websites, or types of content that are scanned most aggressively. We present these findings acknowledging the possibility of skewed and/or incomplete results but believing that they are reasonably representative of the overall web ecosystem. Country findings With 52% of identified badware sites, China hosts far more sites than any other country. The U.S. is second with 21%. No other country hosts more than 4% of the world’s badware sites, though a total of 106 countries host at least one infected site and 38 countries host at least a hundred. Badware Sites by Country May 2008 China U.S. Russia Germany France Rep. of Korea Great Britain Unknown Other StopBadware.org also analyzed, for the seven countries topping the list of infections, the relationship between a country’s Internet-using population and its number of badware sites. It is difficult to find current numbers of Internet users by country, but using the most recent data (ranging from 2005 to 2008) from the CIA Fact Book2, StopBadware.org calculated the badware sites per million Internet users for the world (210 sites per million) and for each of the seven countries, as shown in the table on the following page. 1 For more info, see http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf 2 https://www.cia.gov/library/publications/the-world-factbook/rankorder/2153rank.html Source: Google & Team Cymru Analysis: StopBadware.org
  • 3. Page 3 of 5 Country Badware sites per million Internet users China 689 Russia 307 United States 212 Germany 135 France 128 Republic of Korea 115 Great Britain 60 These numbers reinforce the dominance of China as a malware host, with an infection rate over three times that of the world average. Russia also stands out with a disproportionately high rate (possibly skewed by rapid growth in Internet use not reflected in the CIA’s 2006 numbers), while the United States is just about average. Relative to their populations, the western European countries and the Republic of Korea are far less likely to host badware sites than other nations. Network block findings The top ten network (AS) blocks hosting badware websites were: Network block name & description Country Number of infected sites CHINANET-BACKBONE No.31,Jin-rong Street China 48,834 CHINA169-BACKBONE CNCGROUP China169 Backbone China 17,713 CHINANET-SH-AP China Telecom (Group) China 9,445 CNCNET-CN China Netcom Corp. China 6,058 GOOGLE - Google Inc. U.S. 4,261 DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd. China 3,604 SOFTLAYER - SoftLayer Technologies Inc. U.S. 3,507 THEPLANET-AS - ThePlanet.com Internet Services, Inc. U.S. 3,166 INETWORK-AS IEUROP AS France 2,878 CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation China 2,357
  • 4. Page 4 of 5 The network blocks and their owners play different roles in the Internet ecosystem. Google and iEurop, for example, use their networks to provide hosted blogs and websites, respectively, indicating that the companies have direct control over the infected servers. Google reportedly disables infected blog sites as its systems detect badware behavior3, and iEurop has expressed a willingness to take action as badware sites are brought to its attention. SoftLayer and ThePlanet.com offer data center services and/or dedicated, self-managed hosting, indicating that they do not control the content of many systems operating on their networks. Both companies, however, have acceptable use policies for their customers and have expressed an interest in investigating potential violations of these policies. The Chinese companies in the top 10 list operate as Internet service providers (ISPs) or backbone providers, offering bandwidth to customers who may use the bandwidth for a variety of purposes. Some may also offer direct hosting services. StopBadware.org has not had success in contacting these companies. In China, 68% of the country’s infected sites are hosted on just three AS blocks, while in the U.S., the top three blocks account for only 25% of infected sites. This is likely reflective of a more centrally-controlled Internet infrastructure in China, in contrast to the highly distributed infrastructure in the U.S. Discussion & conclusions Web-based malware is a global problem, and nowhere is the problem more pronounced than in China. This analysis does not identify the reason for China’s disproportionate share of infected sites. Additional research by StopBadware.org4, however, has postulated that part of the reason for this could be the lack of economic incentives for Chinese hosting providers and site owners to inform their users of infected sites and/or to take action to clean or remove these sites. In the U.S. and Europe, cooperation and data sharing among multiple links in the Internet chain have proven to be effective strategies in addressing the issue. For example, after StopBadware.org released a similar list of top infected AS blocks last 3 Google, a sponsor of StopBadware.org, tells StopBadware.org that when a Blogger site is identified as badware by their Safe Browsing initiative, the site is immediately reported to Google’s Blogger group and the site is disabled. However, the URL for the site remains listed as badware until the Safe Browsing systems rescan the site, which means that there is a lag from the time the site is rendered harmless to the time at which it no longer appears in the data used by StopBadware.org for analysis. 4 http://weis2008.econinfosec.org/papers/Greenstadt.pdf
  • 5. Page 5 of 5 year5 , the owner of the most infected block, iPowerWeb, used Google’s data and cooperated with StopBadware.org to clean and protect thousands of infected sites. Similar success was seen more recently on a smaller scale with U.K. hosting provider Byet Internet Services6. Neither hosting provider had enough infected websites on its network block at the time of our analysis to rank in the top 250 infected networks. It is clear that further research is needed to identify the parties that are most likely to be willing and able to take action against badware sites, especially in China, and to engage in conversation with these parties. To this end, StopBadware.org intends to deepen its analysis to include Whois network data, which is more specific than AS block data, and to continue its outreach efforts to all of the network block owners identified in this report. 5 http://blogs.stopbadware.org/articles/2007/05/04/stopbadware-identifies-hosting-providers-of-larged- numbers-of-sites-in-badware-website-clearinghouse 6 For more info, see http://blogs.stopbadware.org/articles/2008/05/07/taking-a-byet-out-of-badware