Web Hosts Accused of Harboring Infected Sites

StopBadware.org identifies the hosts serving up the highest number of infected sites.

Denise Dubie, NetworkWorld

Wednesday, May 09, 2007 08:00 AM PDT

http://www.stopbadware.org/ 

 

StopBadware.org on Friday identified five Web-hosting companies with myriad infected Web sites residing on their servers, which the industry watchguard says puts unwitting Internet users at risk.

Based on analysis of close to 50,000 sites, the group identified five companies as hosting a majority of those Web sites known to distribute malicious code. The hosting companies -- iPowerWeb, Layered Technologies, ThePlanet.com Internet Services, Internap Network Services and CHINANET Guangdong province network -- have the largest number of infected Web sites residing on their servers. IPowerWeb was identified to have some 10,834 infected sites on its servers.

StopBadware.org, a coalition formed by Hardware University and Oxford University in collaboration with Consumer Reports, works to identify downloaded software that could fall into the category of "badware." The group defines badware as "malicious applications such as malware, spyware or deceptive adware that fundamentally disregard the choices Internet users make about their own computers."

"Badware used to be something you downloaded onto your computer," said John Palfrey, co-director of StopBadware.org and executive director of the Berkman Center for Internet Society at Harvard Law School. "Today, badware can infect your computer when you just visit a Web site."

According to Palfrey, the research shows the Web-hosting companies work with Web sites that may have "unaddressed security issues," which means sites using the hosting services could be more at risk and susceptible to hackers. For instance, by exploiting a known vulnerability in an older version of cpanel software a hacker could gain administrative access to sites hosted on servers managed with cpanel. Or a hacker could exploit a known vulnerability in an unpatched content management system to inject lines of code via SQL queries that load exploits into otherwise legitimate Web sites, StopBadware.org explains.

The group hopes by identifying the Web hosting companies it will help raise awareness among them and others. For instance, to prevent attackers from guessing weak passwords and injecting lines of code into Web sites, Web-hosting companies could advise their customers to use complex passwords and other practices to guard access to administration rights on Web sites, StopBadware.org says.

"Web hackers and badware distributors are constantly finding new ways to work around the safeguards that are put in place to protect consumers," Palfrey said in a press release. "Web hosting providers must do their part to stay ahead of the curve and help keep the Web sites they host safe from malicious attacks."