1
Deploying Best Practices at <Company Name>
Responding to Badware Reports
2
About StopBadware
• Nonprofit dedicated to protecting Internet users from malware
• Partners with Google, Mozilla, PayPal, Nominum, and Verizon
• Provides resources for site owners and end users
• Sets expectations for industry and policymakers
3
Identifying the situation
• Badware continues to spread via drive-by downloads
• Security researchers report badware to hosting providers
• Web hosting providers can stop badware from spreading by acting quickly
4
Best practices as a solution
• Assembled a working group of security researchers, advocates, and representatives from major hosting companies
• With working group advice, StopBadware drafted best practices for badware report handling
5
What the practices do
• Model receiving and processing of badware reports
• Get reports to those they concern• Minimize damage done by badware to
customers and site visitors• Promote engagement with customers and
security community
6
Why implement them?
7
Best Practices In Depth
8
Best Practices In Depth
9
Best Practices In Depth
10
11
Best Practices: Where are we?
Best Practice Criteria <Provider Name>
Acknowledge • Send acknowledgment when report is received
• Provide a granular way for reporter to follow up
• Respond 1 business day from receipt
Evaluate Match report URLs to IP addresses/servers in zone of control
Know responsible providers in zone of control
Respond 2 business days from receipt
12
Best Practices: Where are we?
Best Practice Criteria <Provider Name>
Report • Pass on report immediately after evaluation
• Distinguish between customers and resellers
• Include any available mitigation/resolution options
Mitigate • Identify mitigation capabilities
• Narrowly disable serving of affected content
• Report changes made• Respond to customer
concerns
13
Best Practices: Where are we?
Best Practice Criteria <Provider Name>
Resolve • Know resolution abilities• Remove malware code• Fix vulnerability allowing
code injection• Report changes made• Respond to customer
concerns
Notify • Inform reporters of progress and/or resolution
14
Best Practices: Where are we?
Best Practice Criteria <Provider Name>
Track • Record disposition of reports
• Request follow-up information from downstream providers
Review • Periodically review reports to identify trends
• Use review information to improve evaluation