Despite appearances, the U.S. is still the most popular place for the bad guys to place their malware code.
StopBadware.org has listed those Internet Service Providers that wittingly or unwittingly host “badware” — an umbrella term for any kind of software that insidiously installs itself on your computer. What’s interesting is that while there is one China company on the list, by far the biggest culprit is one iPowerWeb Inc, based in Phoenix, Arizona, which has more than 10,000 infected sites on their servers. (By comparison, then next biggest culprit has a quarter that.)
Badware is usually installed on a site without the owner’s knowledge, either by exploiting holes in the software that delivers content to the site or hacking into the site by guessing the owner’s password or making use of a hole in the server software. Victims would unwittingly download the badware by either visiting the website in question or be directed there from other websites which had been infected. Here’s a case of a fake MySpace page which lures victims to an iPowerWeb-hosted site where users give up their MySpace password. Interesting detail on how these work is here.
iPowerWeb appear to have a long history of attracting accusations that it doesn’t take this kind of thing seriously. Examples are here, here and here (from two years ago). So far there’s no press statement from iPowerWeb on its website; I’ve requested comment.
The sad thing here is that when Google and organisations like StopBadware find these hacked sites the sites are flagged and removed from Google searches, or else prefaced by a warning page. While this makes sense, it causes mayhem for the owners of these sites who are either not technically savvy enough to resolve the problem, or find themselves in limbo while their site is removed from the list after they’ve cleaned it up. A recent discussion of the problem on the stopbadware Google Group is here. (StopBadware says it will respond to appeals within 10 days and says the time is closer to two.)
One can only imagine the scale of the mess caused by all this. Hosting companies need to be smarter about monitoring this problem they’ll face declining custom or lawsuits.
installs additional software without telling the user, it forces the user to take certain actions, it adds various components to Internet Explorer and the taskbar without disclosure, it may automatically update without the user’s consent, and it fails to uninstall completely.
Pretty damning stuff. We know this kind of thing happens but this seems to be somewhat excessive. Most damning are the bundled programs installed without permission, or even informing the user: RealPlayer (surprise, surprise), QuickTime, AOL You’ve Got Pictures Screensaver, Pure Networks Port Magic, and Viewpoint Media Player. “During the installation process,” StopBadware says, “the user is never clearly notified that AOL will be installing these programs.”
StopBadware quotes AOL as saying that they are reviewing the report.
Companies have got to stop this kind of thing. This report is damning in that it’s clearly not just one oversight: The software has been designed to be as invasive as possible, to basically take over the user’s computer and steer them to all things AOL. That Apple and Real Networks allow themselves to be involved does not reflect on either well. And after some difficulty uninstalling it I’m beginning to have my suspicions about Network Magic (Pure Networks Port Magic is an AOL version of the software) too.
From the Just When You Thought You’d Found A Corner Of The Net That Was Touchy Feely Dept comes a story of egos, politics and money. Paul Festa of CNET News.com writes a great piece about an increasingly acrimonius dispute about blogging, or more accurately Really Simple Syndication (RSS), a technology widely used to syndicate blogs and other Web content.
The dispute, Paul writes, “pits Harvard Law School fellow Dave Winer, the blogging pioneer who is the key gatekeeper of RSS, against advocates of a different format. The most notable of these advocates are Blogger owner Google and Sam Ruby, an influential IBM developer who is now shepherding an RSS alternative through its early stages of development.
“The dispute offers a glimpse into the byzantine and highly politicized world of industry standards, where individuals without legal authority over a protocol may nonetheless exercise control over it and where, consequently, personal attacks can become the norm. Despite the apparent pettiness of developers’ sniping, their arguments over digital minutia may carry enormous consequences, and corporate interests remain poised to capitalize on the conflicts if they are not resolved. ” Yikes. Get it sorted out, guys, I kinda like RSS.