Kudos to the attorney general’s office in Washington State for taking on Registry Cleaner XP, which the AG’s office describes as "scareware." From the press release:

The Attorney General’s Office filed its latest case today in King County Superior Court against the marketers of a program called Registry Cleaner XP.

…

According to the state’s complaint, the defendants sent incessant pop-ups resembling system warnings to consumers’ personal computers. The messages read “CRITICAL ERROR MESSAGE! – REGISTRY DAMAGED AND CORRUPTED,” and instructed users to visit a Web site to download Registry Cleaner XP.

…

“Consumers who visited the Web site were offered a free scan to check their computer – but the program found ‘critical’ errors every time,” said Senior Counsel Paula Selis, who leads the Attorney General’s Consumer Protection High-Tech Unit. “Users were then told to pay $39.95 to repair these dubious problems.”

I hope that cases like this have a deterrent effect against software producers who use deceptive methods to sell software.

Hat tip to Sandi at Spyware Sucks.

We’re pleased to announce that Mozilla, the organization that brought you Firefox, Thunderbird, and other free & open source applications, is now a sponsor of StopBadware.org. We worked  with members of the Mozilla team during the development of Firefox 3’s malware warning screen, and we appreciate the work they do to coordinate the massive effort of bringing together contributors to create a viable family of products. We look forward to learning from their ability to harness the power of a community to address a global need as we work together to stop the spread of badware.

See our press release for more details.

In a press release announcing a new privately-funded search engine, MSE360 claims to use data from us to protect its users in its press release:

MSE360 also uses the StopBadware.org API to provide warnings to users when they are about to enter a site which is known to infect the users computers with unwanted programs.

They make a similar claim, without even getting our name right, in their "About MSE360" page:

We really hate junk. But it Virus or Spyware junk! That’s why we use the Badware.org API to provide you with warnings next to spyware sites. If a site will install junk onto your computer then you will see a small bug like image to the left of the search results. This system is still being tested, so don’t forget to also use your anti-virus software as normal!

To be clear, we do not have a public API for access to our data. Google offers the Safe Browsing API for access to their data, which they also make available to us through our Clearinghouse.

A spot check on MSE360 of some sites known to be flagged as bad by Google did not show the promised "small bug like image to the left of the search results," so it’s not apparent that MSE360 is using the Google API, so searcher beware.

[UPDATE: I received an e-mail from Daniel Clarke at MSE360 indicating that the references to StopBadware.org and Badware.org were a mistake by their copy writers, who made the mistaken assumption that their own internal system, which they call "badware" was a short-hand reference to us.]

I recently blogged about two reports related to business practices of web-related companies. One of those companies, Directi, was the direct target of the KnujOn report and was mentioned in Jart Armin’s report, as well. I blogged about Directi’s response to the KnujOn report last week.

This week, Directi, KnujOn, and HostExploit (Jart’s company) released a joint statement:

In light of recent developments, Jart Armin of HostExploit.com, Bhavin Turakhia, CEO of Directi and Garth Bruen of Knujon have had an open dialogue and mutually agreed to release this joint statement as an accurate representation of facts, clearing any previous misconceptions and reaffirming their common goal to combat abuse on the Internet.

You can read the statement for the specifics, but I want to applaud the public commitment by all three parties to working together to fight badware. So far, Jart tells us that they have removed thousands of badware and spam domains. It will be interesting to see how this plays out and, in particular, how Garth, Jart, and other members of the security community evaluate Directi’s follow-through.

Also this week, both Directi and EstDomains (which was mentioned prominently in Jart’s report) contacted us to request that we send any data about domains registered through their respective services to them so they can take appropriate action. We don’t currently analyze registrars, though we hope to sometime soon, and we will, of course, make the data available to the registrars to the extent practicable if/when we have such data.

All of this activity raises an interesting (and long-standing) question about the role of domain registrars in policing content of sites. Should a domain registrar be expected to deactivate a domain that is known to be associated with badware? If so, who is the authority that decides which sites should be taken down? How is the process kept transparent? How are errors corrected? What about legitimate sites that have been infected without the owner’s knowledge (like many of those that are in our Clearinghouse?) What about sites that are potentially "bad" in other ways, like violating local laws, perpetuating defamation, or trafficking in child pornography? Let us know what you think in the comments.

A few days ago, I mentioned a report by KnujOn regarding the Directi Group. Directi e-mailed us today to state their side of the story:

Directi is not linked with any of the activities described in that report and Knujon, in their research have never bothered to get their facts straight from either ICANN or us.

They also forwarded us a message that they sent directly to KnujOn contradicting several specific points of the KnujOn report.