What do a photography site, a web referral site and diesel fuel site have in common?  They have all been identified as sites that attempt to install malicious software on we user’s computers.  For the record, I am not affiliated with any of these websites nor with any of the companies who have identified these sites as serving malware.  The sites are:

www.supermodels.com

www.referral-secrets.com

www.dfwdiesel.com

As you can see, all three sites have been rated as possible security risks.  The point of this article is not to point out sites that serve malware, but to show webmasters that their sites can be “black-listed” without them ever knowing.  For the sake of our discussion I am going to assume (perhaps mistakenly) that all the sites I mention in this article are intended as legitimate sites and to provide some useful product or service to web users.

Let’s say that you have a website where you write an article about sites that spread malware, and then you provide links to these sites as a warning to your readers.  McAfee’s Site Advisor, along with others, will probably flag your site as a possible risk.  This very thing happened to the SANS Institute (one of the most respected computer security organizations in the industry). 

In August 2008 McAfee’s Site Advisor blacklisted SANS and warned about potentially harmful malware on the site.  Fortunately for SANS, their webmaster had the phone number of point-of-contact at McAfee.  But what do you do if you don’t happen to have this kind of “insider” clout?  How can you get your site “de-listed” from these blacklists?  How long and how difficult is this process?  Well, McAfee’s site promises to reassess sites between 10 and 365 days once they receive a complaint about a bad rating.

Yes, that’s right, it can take up to an entire year for them to change a site rating!  And what happens to potential customers who land on your site only to be greeted with a huge banner exclaiming the potential risks of your site?  Rather than give you example after example of this system gone wrong, I think it better to offer actions that you can take to prevent these things from happening.

1)  The first step is knowing that your site has been blacklisted.  In the SANS example above, it was a security advisor, not McAfee (or even SANS), who first noticed the rating.  Your first chore is to check to see if any of the site rating services has blacklisted your site, not an easy task because there are dozens of these “reputation based filtering” services around (complicated because they all have different methods for rating sites and complicated still further because some don’t review sites with adult content).  But start with some of the most popular services: McAfee Site Advisor1, Norton Safe Web2, Web of Trust3 and hpHosts4.

2)  Check with your web host to see if they employ Shared hosting or Virtual Hosting.  Either of these techniques could subject your site to a rating from another web site sharing the same IP.

3)  Regularly check to see if ANY content on your website has changed.  And by “changed” I mean not by you! Some of the worst malware sites are actually legitimate sites whose owners simply don’t watch the store. Websites cannot be “set it and forget it” any longer!

4)  If your site has been blacklisted, take quick, decisive action.  Document what the rating software found and seek professional (legal and computer security) assistance immediately.  The longer your site goes without being fixed, the longer it will take for the companies to remove it from the blacklist.

5)  Finally, as a last resort, if you simply don’t where to turn, you can drop me an email and I will help as I am able.

No related posts.

Hello fellow Web Craft-ers! I’m glad to finally be here in the “blogosphere” and I apologize for the delay. It turned out that getting a photo I could use in this forum was a much bigger problem than I ever expected. Normally I simply advise the powers-that-be that I am planning to contribute to a web forum aimed at Independent Web Developers. However this time a few “issues” popped up. You see, I work in the shadowy world of “cyber security” and while I am definitely a “White Hat” my work frequently has me traveling pretty far into the “badlands” and dealing with some very evil people. What I will try and do is to relate information in a timely manner (or at least as timely as I am permitted); information that can help protect everyone who owns or maintains an on-line presence.

So, having said all that as an intro, let me start with an old story that keeps getting updated as technology progresses.

The idea of malware infecting and then encrypting a user’s files first came to my attention back in 1994 with a piece of malware called “Half Virus”. The virus would secretly infect a computer running MS DOS or Windows 3.11 and then encrypt on-the-fly portions of the hard drive. Overall this virus was fairly harmless unless it was carelessly removed, unlike the variants circulating today. Half Virus still exists and is still circulating in the wild.

But today’s cyber landscape has changed drastically from “hacker pranks” to “organized crime”. Just about 2 weeks ago a new variant appeared called LoroBot. This piece of malware encrypts users’ MS Word, MS Excel, MP3, JPG, PDF and Data Base files. The malware then demands $100 for the key to unlock the encrypted files. Fortunately several big international anti virus companies have provided the decryption key for free. But what about the next time, when the decryption key is different for every infection? Or worse, if your website has been targeted for extortion and there is no cavalry riding over the horizon to your rescue?

Well the unfortunate answer is that you don’t have many choices: you can either pay or accept the total loss of all files on the compromised computer. And as you can see, neither of these options is very good. What is you pay and the hackers don’t send the decryption key? What if you pay but the hackers have hidden some more malware in the “decryption software”? The following is a true story of a very large state agency where this exact scenario occurred.

A particular state government recently had an entire database of critical data encrypted and then ransomed back to them (approximately 8-1/2 million critical records in all). Like all kidnappings, they were given an amount to pay and a “pay by this date or else” ultimatum. The state informed the Federal Government which tasked several Agencies to work 24-7 to break the encryption before the deadline.

The outcome? The state wired $10M to a bank, which then wired it to an offshore bank, and then another, and another, etc. The Federal Agencies were able to see the transactions for approximately the first 5 hops, but then the money went to a country where the US has no diplomatic contacts and the trace was lost.

The fable of the story: Backup EVERYTHING! With external 1.5 Terrabyte hard drives selling for $109 at membership warehouses, it really is a case of an “ounce of prevention…”.

No related posts.