Badware is an undeniable threat to the open Internet, and currently no clear standard exists for who should be notified of a badware URL or what information should be included in that notification. StopBadware contends that improving communication between those who detect badware URLs and the parties best equipped to address them is a crucial step in combating the badware threat. StopBadware’s Best Practices for Reporting Badware URLs are divided among what the organization defines as four main stages to reporting: determining report targets, identifying contact information, assembling report contents, and delivering reports. Best practices are laid out for each stage of the reporting process, along with steps for escalation should an initial report fail to receive a satisfactory response. StopBadware’s best practices call upon reporters to differentiate where possible between URLs that are primarily malicious and ordinarily legitimate URLs that have been compromised by malicious actors.
The Best Practices for Reporting Badware URLs were developed, in part, to complement StopBadware’s Best Practices for Web Hosting Providers. Like the latter, the reporting Practices were developed with the input of a cross-industry working group. “It was clear early on that creating best practices for both reporting badware and responding to badware reports would help streamline industry communication and get the bad stuff cleaned up more effectively,” said StopBadware executive director Maxim Weinstein. “The audiences for the two sets of practices differ, but the goal is the same—to shape the best possible path between those who have identified a problem and those in a position to take decisive action.”
StopBadware revealed last month that it had begun reporting badware URLs from its community feed in accordance with the first draft of the new Practices. The organization claims a 67% overall takedown/cleanup rate in response to their reporting methods; when the report recipients acknowledged receipt of those reports in accordance with StopBadware’s Best Practices for Web Hosting Providers, the takedown and cleanup rates jumped to 75%. “These best practices will help any security organization or individual expert with an interest in working quickly and collaboratively to mitigate the damage from badware URLs,” says Weinstein. “We’re excited to continue following the Practices in our own reporting for one simple reason: they work.”
StopBadware’s Best Practices for Reporting Badware URLs are available for download at http://www.stopbadware.org/best-practices/reporting-badware-urls.
StopBadware provides tools and information that assist industry and policymakers in meeting their responsibility to protect users from badware, and that help users protect themselves. It began as a project of the Berkman Center for Internet & Society at Harvard University before spinning off as a standalone nonprofit organization in 2010. Corporate partners include Google, PayPal, Mozilla, Verizon, and Qualys. StopBadware is based in Cambridge, Mass. For more information, visit www.stopbadware.org.