StopBadware.org, the place to appeal a Google malware warning

Weekend snafu shines light on StopBadware.org, which offers Web site owners help when their sites are flagged as harmful by Google.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Feb. 2, 2009 5:10 p.m. PT

3 min read

This is the warning that pops up when a Web surfer tries to click on a link for a site that Google has tagged for hosting malware. Google

If your Web site is one of the more than 170,000 sites on the Internet that Google has tagged as hosting malware, you have a place to turn--StopBadware.org.

On Saturday, an error at Google changed the display of search results so that every site on the Internet was listed as having malware for about an hour. After that happened, StopBadware.org's site was hit with so much traffic--67,000 or 13 times the normal daily number--that it led to a denial of service that had the site offline for nearly an hour and a half.

After initially saying StopBadware.org had contributed to the problem, Google retracted that and said it was solely the fault of the search engine. Meanwhile, StopBadware.org got 150 malware review requests over the weekend from people whose sites were tagged as harmful during the glitch.

"It was an unfortunate event, but it helps raise awareness of this real problem" of sites hosting malware, Maxim Weinstein, manager of the nonprofit StopBadware.org, said in an interview on Monday with CNET News.

An appeals body
From a five-person office on the Harvard campus in Cambridge, Mass., the organization serves as a sort of appeals body for people who argue that their sites shouldn't be flagged as dangerous. In the high stakes game of e-commerce, getting tagged as dangerous can cost a Web site visitors and money.

The organization gets anywhere from 1,000 to 3,000 requests per month from Web site owners who think Google has unfairly tagged them as harmful to the Web surfing public, according to Weinstein.

For sites that host spyware, adware, or other software that interferes with peoples' ability to control their computer, Google includes a warning along with the results that says: "This site may harm your computer." If the searcher clicks on the result, a window pops up with a second warning that suggests trying a different search and offers direct links to StopBadware.org and related Google sites. To get to the flagged Web site a searcher has to type in the URL in the Web address bar.

Google displays a warning with results that it believes are hosting malware. Google

Google offers an automated process for review requests, while StopBadware.org does the review manually.

Outside of the anomaly that occurred over the weekend, Google rarely has false positives, according to Weinstein. Many of the sites are indeed malicious, such as phishing sites hoping to steal sensitive data an unsuspecting visitor may type in thinking that the site is a legitimate bank site, for instance.

But most of the people who ask StopBadware.org for help are legitimate sites whose servers have been compromised, often because they are running Web server software with a vulnerability that has not been patched, he said.

Sometimes the malware is contained in the comments on a blog, and in other cases some people just aren't using strong enough passwords to protect their Web hosting accounts.

A lot of bloggers use WordPress, which has a fair share of security weaknesses, and people don't know they need to update the software, Weinstein said.

"Attackers run software scanning for WordPress blogs that are running vulnerable versions of the server software and then they run an attack that gets access to the site," he said.

In the dog-eat-dog world of Web search, StopBadware.org shares a special status. The organization, launched in 2006 as a "neighborhood watch for the Internet," was coordinated by Harvard Law School's Berkman Center for Internet & Society. It gets data from Google, AOL, PayPal, Trend Micro, Lenovo and VeriSign, and Consumer Reports WebWatch is a special advisor.

"We're independent but with friends in high places," Weinstein said. "We get access to data from Google and other companies and...this allows for data analysis and research that no one else is able to do."

In addition to offering a second opinion to aggrieved Web sites, StopBadware.org works on developing new approaches to addressing malware and offers the BadwareBusters.org forum where Web site owners can exchange information.

The organization has been focusing on identifying what it calls "borderline applications," badware that isn't obviously malicious but which exhibits behavior that malware does, such as installing extra software on the PC without informing the user and software that doesn't uninstall when the user tries to get rid of it.

Representatives from Google, StopBadware.org's closest partner, declined an opportunity to be interviewed about the organization following the weekend search snafu.

"We have a good ongoing relationship with StopBadware.org," a Google spokesman said in an e-mail.