Today, StopBadware announces a new feature that brings us a step closer to the kind of open, collaborative intelligence about badware websites that we strive to build. Through our online community site, BadwareBusters.org, individuals can now report suspected badware sites to our Badware Website Clearinghouse.

Community reports will appear in our searchable Clearinghouse (listed separately from our corporate data providers’ reports), allowing researchers, site owners, and other interested parties to get a consolidated view of all badware reported on a given site. Community reports will also be shared with our data providers and made available to other organizations and researchers that we believe will use the data to help make the Internet safer. This means that anyone can submit a URL once and have confidence that it will reach a broad audience.

In the future, we might try scanning submitted URLs with third-party tools and services to verify reported badware. We might also offer a notification service for website owners to learn if their site has been reported. Do you have other ideas for how we might maximize the use of publicly reported URLs? Let us know in the comments!

A few months ago, we announced new data reports showing our aggregate numbers of reported badware sites by Autonomous System Number (ASN). Today, we are pleased to announce similar reports showing data based on IP address.

The Top 50 report shows the 50 IP addresses with the largest number of reported badware sites, updated daily. Individual reports, which can be found by clicking an IP address in the top 50 or by searching our Clearinghouse, provide a graph (and downloadable .csv) of an IP address’s infection numbers over time.

Here’s a sample report:

We hope these new reports will be helpful to the community. Please share any feedback you have in the comments or at contact@stopbadware.org.

Don’t forget to register for Wednesday’s web chat about automatic update mechanisms and their effect on end user security and control. More information about the topic and how to register can be found in the original blog post.

Four years ago today, StopBadware.org was announced as a Berkman Center project, with the ambitious goal of fighting badware by building and sharing knowledge through the collective efforts of the community. As the project has evolved, our activities have changed, but the goal has remained the same. So, too, have the tremendous spirit and support of the dedicated individuals and organizations that make our work possible.

Over the past year, our small team has worked with the Berkman Center leadership, our corporate partners, our advisory board and working group, and other key volunteers to figure out how we could make StopBadware even better and how we could lay a strong foundation to carry the organization forward as we enter our fifth year. During this process, we made the difficult decision to leave the Berkman nest and spread our wings as an independent organization.

After months of planning, fundraising, paperwork, and more planning, the time has come. This morning, we announced that the work of StopBadware.org has migrated to StopBadware, Inc., a new non-profit organization based here in Cambridge, Massachusetts. While we have dropped the .org for vanity’s sake—it becomes cumbersome to say “StopBadware dot org” all the time—the spirit (and finances) of a .org still apply. In fact, even with the generous backing of our corporate partners, Google, PayPal, and Mozilla, it will be more important than ever for individuals to contribute to our success. Some of our most important work is done by people who contribute their time, whether assisting website owners at BadwareBusters.org, coding for LittleVoice, or getting involved in some other way.

In celebration of this new stage of our existence, we’ve updated our logo and colors, as well as some of the content on our website. Over the next few months, watch for more changes, both aesthetic and substantive, as we embark on this new adventure. As always, we welcome your feedback and guidance.

Finally, we want to express our gratitude to our founders and principal investigators at the Berkman Center, Professor Jonathan Zittrain and Professor John Palfrey, to Berkman’s executive director, Urs Gasser, and to the Berkman Center staff for making the past four years—and the future—of StopBadware possible.

The press release can be found here.

This week, we updated the content on several pages of the StopBadware.org website:

• Home page
• About StopBadware
• What we do
• Get involved
• Our Community
• Preventing badware
• Removing badware

The purpose of the updates was threefold: bring our site’s messaging into line with our current strategy, encourage action/engagement by site visitors, and improve the educational value for consumers.

We have plans to update additional pages over time, as well as improve the visual design, but for now, we’d love your feedback on the new content. Does the new content help you understand StopBadware’s mission and work? Do you think it inspires people to get involved? Are the pages about preventing and removing badware clear, and do they focus on the right points?

Please let us know what you think by joining the conversation at BadwareBusters.org or by e-mailing contact@stopbadware.org.

It was reported today that a website of the official newspaper of the Chinese government, The People’s Daily, was flagged for malware by Google. The paper apparently complained that Google was maliciously flagging the site due to the paper’s criticism of Google Library. Google China denied the allegation, pointing out that the site was flagged by automated anti-malware systems, not based on content. As reported, the Google statement makes a small mistake in indicating that StopBadware.org provided the software for this automated system. In fact, Google’s Safe Browsing team developed the system themselves. For more information, see the relevant section of our FAQ.

The important lesson of this incident is that legitimate websites, whether operated by individuals or by large government-sponsored organizations, can fall victim to badware. Indeed, in China, where infection rates have historically been high, we hope this will serve as a wake-up call to website owners, hosting companies, and other parties about the need to secure their sites and platforms.

We are pleased to unveil two new data reports, based on the data provided by Google and Sunbelt Software to our Badware Website Clearinghouse and information that we’ve pulled from Team Cymru’s public IP to ASN mapping service. One report lists the 50 Autonomous Systems (AS) hosting the greatest number of reported badware URLs. Set up like a stock ticker chart, it also displays the percent daily change in the number of URLs reported on each AS and the 52-week highs and lows for each AS. (Though the data starts in July, 2009, so it’s not yet reflecting 52 weeks.) See the Top 50 report here. There is also a link to it from the left-side navigation bar on the StopBadware.org home page.

The second report, available for any individual AS in our Clearinghouse, shows a graph of the number of reported badware URLs hosted by the AS over time. See an example here, search for an AS by number here, or click more info next to any AS in the Top 50 report for detail on that AS.

Both reports are updated daily and offer the ability to download the data in CSV format. We also wrote up a brief explanation of how to interpret the data in the reports.

We hope that both reports will be valuable to researchers, network operators, and others interested in observing web-based malware trends. Please let us know what you think by sending us a note at contact @ stopbadware dot org.

Today marks the start of National Cyber Security Awareness Month here in the U.S. Organized by our friends at the National Cyber Security Alliance, NCSAM is a reminder to all of us, individuals and organizations alike, of our shared responsibility for keeping ourselves and each other safe online.

Here at StopBadware.org, we are evaluating our current work and looking towards our future. Over the coming months, how will the Clearinghouse evolve to best serve our partners and the public? How can BadwareBusters.org become an even better resource for those in need of badware help? What steps can we take to further build a community of people passionate about fighting back against badware?

We’d love your help in answering these questions. Please let us know your thoughts in the comments, on BadwareBusters.org, or via e-mail at contact@stopbadware.org.

Mary Landesman at ScanSafe recently reported a script injection attack, and Ryan Naraine picked up the story over on the Zero Day blog. While the initial report describes 55,000 web pages (not web sites as the Zero Day post states) as distributing the payload, it appears that the real number is significantly lower. For example, Google is only reporting 1,105 infected domains that point to the site described in the story. Why the discrepancy? It appears that the attack was flawed, injecting its script code in many cases into the page title or other locations within the HTML that aren’t parsed for scripts by most browsers. In other words, the malicious script has been injected into a web page, but most visitors to the page aren’t at any risk of the script actually running.

Despite the threat being a bit overblown, the fact that many thousands of sites had this malicious code inserted highlights the vulnerability of these sites. It’s not clear what the infection vector was, though based on a very preliminary sample, it does not appear to be platform-specific, indicating it might be a result of local malware on the computers of the sites’ owners/webmasters.