Web hosts urged become first responders to malware

Powered by SC Magazine
 

Fast response critical.

Web hosting providers can limit the spread of malware by quickly responding to reports of compromised sites, informing customers and, in some cases, mitigating and resolving the issues, according to a new set of best practices released by StopBadware, a nonprofit aimed at fighting faulty software on the internet.

The document written by security researchers and web hosting companies aimed to set expectations to reduce the scourge of malware.

Cybercriminals set up malicious websites or compromise legitimate sites to host exploits, StopBadware's Executive Director Maxim Weinstein said.

When researchers notice, they often send reports to hosting providers, but that was where communication often broke down, Weinstein said.

Some providers didn't consider it their problem, often waiting weeks to communicate infection reports, he said.

The StopBadware document said web hosts should acknowledge receipt of an abuse reportin a business day and by the next have evaluated if the malicious URL in the report is within their ability to mitigate.

Immediately after analysing the report, they should notify the site owner (or downstream providers) and provide tips for resolving the issue, the recommendations state.

Scott Gerlach, IT security operations manager at Go Daddy, the world's top web hosting provider, said it provided free malware investigation and remediation.  But many hosting providers didn't have the resources to investigate and remove malware from customer sites, he said.

"Go Daddy has a staff of 25 security people working on this all the time," Gerlach said. "Not a whole lot of firms have a staff that large."

Website owners share the responsibility for keeping their sites clean but, in some cases, hosting firms should correct the problem by blocking affected content, removing malware and fixing any underlying vulnerabilities, according to StopBadware.

“If the malware occurs because the web hosting provider didn't adequately patch the server, they should probably help with addressing it,” Weinstein said.

“If it happened because a customer left a vulnerability in an app they installed and the customer is in a good position to simply delete the malware file, patch the software and move on, it might not be as critical that the hosting provider help out.”

Regardless, communication is paramount, according to the document. Providers should also ensure they follow up with the individual who reported the infection.

“The more [security researchers and hosting providers] are talking and working together and acknowledging each other's presence and ensuring the lines of communication are open, the more quickly and effectively the whole ecosystem can respond to malware,” Weinstein said.

And, finally, hosting firms should periodically review abuse reports to identify trends and patterns. If a number of customer websites are infected in a similar way around the same time, it may signal a deeper trend, Weinstein said.

“Attackers are using web hosters to spread malware, so it is the responsibility of web hosts to try to mitigate that activity,” Gerlach said.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


 
 
 
Top Stories
Change is the only constant at iiNet
iiNet's Matthew Toohey is trialling IBM's Watson - between preparing for an acquisition and making sure Netflix doesn't swamp the network.
 
Why straight-through processing is the holy grail for banks
Big benefits from stripping away human intervention and digitising processes.
 
CBA sued over frozen millions in IT bribery scandal
Eric Pulier's not-for profit lodges lawsuit in US.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Should Optus make a bid for iiNet?

   |   View results
Yes
  44%
 
No
  56%
TOTAL VOTES: 670

Vote