Majority of malware sites hosted by five ISPs
StopBadware.org on Friday identified five Web-hosting companies with myriad infected Web sites residing on their servers, which the industry watchguard says puts unwitting Internet users at risk. Based on analysis of close to 50,000 sites, the group identified five companies as hosting a majority of those Web sites known to distribute malicious code. The hosting companies -- iPowerWeb, Layered Technologies, ThePlanet.com Internet Services, Internap Network Services and CHINANET Guangdong province network -- have the largest number of infected websites residing on their servers. For instance, some 10,834 infected sites were identified on iPowerWeb's servers. StopBadware.org, a coalition formed by Harvard University and Oxford University in collaboration with Consumer Reports, works to identify downloaded software that could fall into the category of "badware." The group defines badware as "malicious applications such as malware, spyware or deceptive adware that fundamentally disregard the choices Internet users make about their own computers." "Badware used to be something you downloaded onto your computer," said John Palfrey, co-director of StopBadware.org and executive director of the Berkman Center for Internet Society at Harvard Law School. "Today, badware can infect your computer when you just visit a website." According to Palfrey, the research shows the web-hosting companies work with websites that may have "unaddressed security issues," which means sites using the hosting services could be more at risk and susceptible to hackers. For instance, by exploiting a known vulnerability in an older version of cpanel software a hacker could gain administrative access to sites hosted on servers managed with cpanel. Or a hacker could exploit a known vulnerability in an unpatched content management system to inject lines of code via SQL queries that load exploits into otherwise legitimate Web sites, StopBadware.org explains. The group hopes by identifying the web hosting companies it will help raise awareness among them and others. For instance, to prevent attackers from guessing weak passwords and injecting lines of code into websites,wWeb-hosting companies could advise their customers to use complex passwords and other practices to guard access to administration rights on websites, StopBadware.org says. "Web hackers and badware distributors are constantly finding new ways to work around the safeguards that are put in place to protect consumers," Palfrey said in a press release. "Web hosting providers must do their part to stay ahead of the curve and help keep the websites they host safe from malicious attacks."
Return to hosting news headlines
View Hosting News Archive