Our friends at StopBadware.org have taken their fight against badware in a new direction, this time by calling out some of the web services providers that are hosting large numbers of sites in StopBadware.org's Website Clearing House.
It used to be that spyware, malware, and other nasty programs that killed you computer came in the form of downloaded programs (even I downloaded Kazaa once), or email attachments. Now all you have to do is innocently visit a web page, and as the Clearinghouse shows, just about any page out there is a potential target.
Spyware distributors, lately, have gotten pretty clever in finding ways to wreak havoc on the less technical folks in the public. Since most people have wised up on downloading sketchy programs and opening random attachments via email, they're now hacking into web servers and inserting bad code into unsuspecting sites.
From the press release:
"Badware used to be something that you downloaded onto your computer,” said John Palfrey, co-director of StopBadware.org and Executive Director of the Berkman Center for Internet & Society at Harvard Law School. “Today, badware can infect your computer when you just visit a website. This list of web hosting companies, pulled from our database of sites that are infected with badware, shows some companies that host a large number of sites that may suffer from unaddressed security issues. These security flaws mean that webmasters who use these hosting services may be more at risk of their sites being hacked."
"The big trend that we see is away from sites distributing badware knowingly and maliciously to a world in which many of the sites hosting badware have no idea,” said Palfrey. “Often, amateur webmasters find out that their sites have been hacked, and that their sites can infect their customers' computers without anyone's knowledge - except the unscrupulous hacker who is trying to make a buck off the transaction or is just out to cause harm."
StopBadware.org analyzed 49,296 sites - sites submitted by trusted third parties to the StopBadware.org Badware Website Clearinghouse - and identified the following web hosting companies with the largest number of infected sites residing on their servers:
• iPowerWeb, Inc., (10,834)
• Layered Technologies, (2,513)
• ThePlanet.com Internet Services, Inc, (2,056)
• Internap Network Services, (1,437)
• CHINANET Guangdong province network, (786)
Hosting providers have a powerful platform to educate their customers about best security practices; for instance, they can encourage customers to use complex passwords to guard access to the administration of a website. StopBadware.org cautions Internet users to take extra care when conducting business online and when researching hosting providers and to take note of hosting providers that host a high number of infected sites.