StopBadware Releases Best Practices For Reporting Malicious URLs

New best practices aim to improve reporting process and maximize badware URL cleanup

October 8, 2011

3 Min Read


Cambridge, Mass., October 7, 2011—Nonprofit anti-malware organization StopBadware announced today the public release of its new Best Practices for Reporting Badware URLs. StopBadware’s new best practices prescribe specific steps for reporting different types of badware URLs to the entities best able to directly address the threat those URLs pose.

Badware is an undeniable threat to the open Internet, and currently no clear standard exists for who should be notified of a badware URL or what information should be included in that notification. StopBadware contends that improving communication between those who detect badware URLs and the parties best equipped to address them is a crucial step in combating the badware threat. StopBadware’s Best Practices for Reporting Badware URLs are divided among what the organization defines as four main stages to reporting: determining report targets, identifying contact information, assembling report contents, and delivering reports. Best practices are laid out for each stage of the reporting process, along with steps for escalation should an initial report fail to receive a satisfactory response. StopBadware’s best practices call upon reporters to differentiate where possible between URLs that are primarily malicious and ordinarily legitimate URLs that have been compromised by malicious actors.

The Best Practices for Reporting Badware URLs were developed, in part, to complement StopBadware’s Best Practices for Web Hosting Providers. Like the latter, the reporting Practices were developed with the input of a cross-industry working group. “It was clear early on that creating best practices for both reporting badware and responding to badware reports would help streamline industry communication and get the bad stuff cleaned up more effectively,” said StopBadware executive director Maxim Weinstein. “The audiences for the two sets of practices differ, but the goal is the same—to shape the best possible path between those who have identified a problem and those in a position to take decisive action.”

StopBadware revealed last month that it had begun reporting badware URLs from its community feed in accordance with the first draft of the new Practices. The organization claims a 67% overall takedown/cleanup rate in response to their reporting methods; when the report recipients acknowledged receipt of those reports in accordance with StopBadware’s Best Practices for Web Hosting Providers, the takedown and cleanup rates jumped to 75%. “These best practices will help any security organization or individual expert with an interest in working quickly and collaboratively to mitigate the damage from badware URLs,” says Weinstein. “We’re excited to continue following the Practices in our own reporting for one simple reason: they work.”

StopBadware’s Best Practices for Reporting Badware URLs are available for download at

About StopBadware

StopBadware provides tools and information that assist industry and policymakers in meeting their responsibility to protect users from badware, and that help users protect themselves. It began as a project of the Berkman Center for Internet & Society at Harvard University before spinning off as a standalone nonprofit organization in 2010. Corporate partners include Google, PayPal, Mozilla, Verizon, and Qualys. StopBadware is based in Cambridge, Mass. For more information, visit

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights