Best practices for reporting malware

Nonprofit anti-malware organization StopBadware released of its new Best Practices for Reporting Badware URLs, which prescribe specific steps for reporting different types of badware URLs to the entities best able to directly address the threat those URLs pose.

Badware is an undeniable threat to the open Internet, and currently no clear standard exists for who should be notified of a badware URL or what information should be included in that notification.

The organization contends that improving communication between those who detect badware URLs and the parties best equipped to address them is a crucial step in combating the badware threat.

Best practices are divided among what the organization defines as four main stages to reporting: determining report targets, identifying contact information, assembling report contents, and delivering reports.

Best practices are laid out for each stage of the reporting process, along with steps for escalation should an initial report fail to receive a satisfactory response. They call upon reporters to differentiate where possible between URLs that are primarily malicious and ordinarily legitimate URLs that have been compromised by malicious actors.

The Best Practices for Reporting Badware URLs were developed, in part, to complement StopBadware’s Best Practices for Web Hosting Providers. Like the latter, the reporting Practices were developed with the input of a cross-industry working group.

The organization revealed last month that it had begun reporting badware URLs from its community feed in accordance with the first draft of the new Practices. The organization claims a 67% overall takedown/cleanup rate in response to their reporting methods; when the report recipients acknowledged receipt of those reports in accordance with its Best Practices for Web Hosting Providers, the takedown and cleanup rates jumped to 75%.

To find out details about the best practices and view informative sample reports, go here.