The butterfly effect: “Small variations of the initial condition of a dynamical system may produce large variations in the long term behavior of the system.”

In the realm of Internet security, webmasters (hosting service providers) are pivotal in reducing the impact of compromised/malware-laden websites.  Once a compromised site becomes known to a webmaster (or hosting service provider) it should immediately be disconnected from the Internet.

As a webmaster (hosting services provider) you play an integral role in guarding the integrity of site code and maintaining upgrade compliance. One neglectful action on your part – such as failure to acknowledge a website vulnerability can seriously effect all site visitors.  An iframe exploit may seem small and insignificant at first, until a payload is dumped and eventually herds hundreds, or even thousands of innocent victims into the bowels of a stealthy botnet.

As a webmaster (hosting service provider) when using social networking sites such as Twitter and Facebook, you are also responsible for the health of your profile URL that links back to your website. If a social networking site filters your profile link, you should take the warning seriously.

Recently, I was astonished and alarmed by a website owner on Twitter.  She disguised her profile link with another domain that redirected visitors back to the initial infected domain.  She was able to trick Twitter filtering, but at what cost to website visitors?  Her reasoning for switching the URL was “yeah i thought maybe i could trick it but i guess not. i’ll have to remove the links for now.”  The new link was never removed from her profile, though her site was eventually cleaned up. How many people became infected during the interim trick?  Irresponsible actions, as noted above, are all too prevalent when it comes to taking social responsibility for compromised websites.

Are you smart enough to run a website?

Taking responsibility for Internet security is something that we all should be taking seriously. From home user levels to corporate user levels – there is no room for feigning technological stupidity.  If you are a small business owner and operating a company website, you need to become educated on how to properly secure and maintain your website.  If you are unable to take Internet security seriously, you will need to hire a professional.

Cyber-crooks are relentless in their pursuit of your money and “It’s all about the money,” according to Graham Cluley, senior technical consultant at Internet security firm Sophos. In the worst case scenario, your identity and your financial security can be severely compromised. –Source: Bill Mullins

Running a website is a huge responsibility and should not be taken lightly. Today, cybercrime rules the Internet highways. If you don’t know how to drive, park the car and get out now!

Being involved in computer security, I am amazed and frankly frustrated, at the lack of personal responsibly [SIC] exhibited by most typical computer users, and most importantly, the lack of commitment to acquiring the knowledge necessary to ensure personal safety on the Internet. In a word, becoming “educated”. –Source: Bill Mullins

The butterfly effect is here to stay.  Even the smallest of actions can severely impact all of us.  One malware link to a .cn domain could compromise one computer.  One computer then joins a botnet.  Next on the agenda — ten housand computers join a botnet.  Why?  Because the computers already house severe vulnerabilities.  As webmasters (hosting service providers) do not downplay your Internet security role as insignificant.

Steps that you can take to secure your website:

Kevin Roderick suggests Seven essential resources to help protect your website from technical attack:

1. Google’s Webmaster Tools
2. Google’s Safe Browsing Diagnostic Tool
3. Google’s Online Security Blog
4. Stop Badware’s Link Clearinghouse
5. Webmaster World
6. Matt Cutts’ Blog
7. Search Engine Land

Until next time — stay safe online!

Comcast

Comcast Corp, a U.S. high-speed Internet service provider recently released a ‘pop-up, in-browser automated alert service’ known as “Constant Guard.“   The trial system (currently available in Denver, Colorado) warns customers of potential virus infection, if their computer behaves as though it has been compromised by malware.  Aside from the automated alert, the customer will also receive email verification of the alert at their primary Comcast email account.

The alerts are triggered “when we see computers on our network that are doing things that are known bot activities–say, a computer is spewing out thousands of spam e-mails,” said Jay Opperman, senior director of security and privacy at Comcast. — cnet news

“As the nation’s largest residential Internet service provider, our goal is to provide a safe and secure Internet experience for our customers,” said Mitch Bowling, senior vice president and general manager of online services at Comcast. “The Constant Guard Security Program is the result of many years of working to assemble the right people, technologies and resources to help ensure our customers are protected from hackers and bots in real time.” –PR-Inside.com

Comcast customers currently have free access to McAfee Internet security software.  Overall, Comcast Corp is a major ISP leader and shining example of how an Internet Service Provider (ISP) can be supportive of Internet security initiatives, embrace social responsibility at the gateway, and stay proactive in the continuous fight against cybercrime.

Comcast has been ranked as one of the TOP 5 ISPs in Shadowserver.orgs Hall Of Fame “for going the extra mile in helping us rid the world of malware.”

ISPs in General

During a keynote presentation at the Virus Bulletin conference 2009, Head of Google’s anti-malvertising team,  Eric Davis, wanted ISPs to become more proactive in their approach in dealing with malware-infested computers on their networks.

“The ISPs are in the best position to detected [SIC] infected machines. They’re in the best place to do something about malware.  They already have monitoring systems that could be used to identify signs of malware and botnet activity…However, because ISPs have no monetary incentive to notify and help disinfect machines, the botnets live and thrive within ISP networks.”

Eric also recommended ISPs use the Australia Internet Security Initiative (AISI) as a model to fight malware.  The AISI group mandates minimum customer security levels and isolate infected machines into “walled gardens” until the malicious software is removed. Clap, clap, bravo Eric!

Finjan’s Malicious Code Research Center (MCRC) research reveals that malware is installed on computers when visiting compromised websites serving malicious code. Cough. Hey Twitter. Let’s not suspend the account of a prominent  researcher who helps thwart botnets and malware, why not just suspend the account of @softwaregenius who pushes malware urls to MALWAREREMOVALBOT?

“The sophistication of the malware and the staggering amount of infected computers proves that cybergangs are raising the bar,” said Yuval Ben-Itzhak, CTO of Finjan. “As big money drives today’s cybercrime activities, organizations and corporations need to protect their valuable data to prevent theft by these kind of sophisticated cyberattacks.” –PR Hub

Pekka Andelin, a Malware Analyst at Lavasoft asked this question earlier this year: “Should Internet Service Providers (ISPs) supply their customers with an Internet connection over a network feed that is clean from illegal Web content and malware – programs that could cause network lag, compromise system security and threaten user privacy? — ISP Level Malware Filtering, An Extended Clean Feed?

Pekka used the analogy of how a water company has to make sure that the water they provide via pipes is “uncontaminated and flows securely all the way to their customers’ water taps.”

Conclusion

Comcast, walled gardens, and water pipes, oh my!  What do they all have in common?  They are all a part of  the anti-botnet cornerstone that is pivotal in securing the foundation of our financial systems .  The Internet can no longer be stymied within the context of wild, wild west discourses.  Globally, there is too much at stake.  The old Internet is no more.

We now sit on the verge of a SUPER Internet that has the potential to bring down our financial systems worldwide.  Every time we get one step ahead of the bad guys, they reinvent, they morph, and they grow bigger. We have to learn to grow bigger too.  We must learn to embrace  social responsibility. In order to keep the new Internet safe, we have to let go of me, Me ME and work toward the good of the whole.

Until next time — Stay safe online!