Taking a Byet Out of Badware

A few days ago, the team at Byet Internet Services contacted us. It seems they came across our list of the top 10 infected IP addresses from March and saw one of their addresses listed. It turns out this is an IP address they use for offering free web hosting, so it is not unusual for bad players to set up accounts for hosting malware. Byet says that they have a variety of technologies that they have developed to try to detect and block these malicious sites, so they asked us for the list of the URLs found on that IP address so they can investigate and update their systems to prevent these problems from continuing and recurring.

I know very little about Byet, other than that Craig, who contacted me, seemed very pleasant and had an enviable British accent. But the fact that they saw an indication of a security lapse and took action to gather more data and try to do something about it is a positive sign. They also asked if they can receive updated data next month, to ensure that their new measures are working. It would be great to see all web hosting companies giving this type of attention to preventing drive-by downloads.

I also want to acknowledge the Safe Browsing folks at Google, who allow us to share a bit of their data in situations like this to enable hosting providers to secure their systems, thereby protecting Internet users.

[Update 5/8] About 24 hours after we sent them the requested data, I received a follow-up from Byet indicating that they suspended all of the infected accounts and updated their security measures to make it more difficult for similar attacks to be launched from their system.