Best practices for reporting malicious URLs

StopBadware Best Practices for Reporting Badware URLs

One of the topics I frequently get asked about by customers when they visit SophosLabs, is what do we do about the hoards of legitimate web sites that we see getting hit with malware? How do we go about alerting them to the problem? How can we help to get things cleaned up quickly thereby reducing risk for users?

Sophos customers can take advantage of our WebAlert service, but this is not relevant to non-customers.

Web security is a topic that affects us all. The web has become the predominant way in which malware is delivered nowadays. Thanks to techniques such as blackhat search engine optimisation (SEO) or drive-by download attacks, failings in the security of a single site or hosting provider can expose many innocent users to malware. Improving the process by which the bad stuff gets reported and cleaned up is in all of our interests.

I am pleased to have been involved in a great initiative over the last few months, coordinated by the folks at StopBadware. They put together a working group in order to thrash out a process for reporting malicious URLs. I am happy to say that a few days ago the final version of Best Practices for Reporting Badware URLs was published.

Hopefully the initiative will facilitate communication between the parties that discover the bad stuff, and those in a position to do something about it, mitigating the effects of malicious URLs.

More information about the initiative can be found on the StopBadware blog, in their press release, or you can dive straight into the report here.