Is reporting malware just a waste of everybody’s time?
By working in the “web business” I do get my hands on a fair share of malware kits as attackers continuously try to infect any website available with their automated scripts.
A constant favorite is RFI (Remote File Inclusion) attacks against WordPress and Joomla sites. In short, if a site is vulnerable the attacker can inject a remotely hosted file containing malicious code that compromises the entire website (or in case of some hosting providers, their entire server).
The malware being injected is of course hosted on already compromised (but seemingly unknowing) websites.
As a response, my first course of action has always been to do a “whois” on the domain hosting the malware, to report the issue to the admin contact of said domain. Of course this never yields any results seeing how the mail either bounces or simply gets ignored.
The next step is informing the hosting provider and the domain registrar of the issue by using their “abuse” email addresses. Now by experience I don’t expect much in form of a response at this point and in that regard I’m rarely disappointed. If you don’t work for a large company packing some serious leverage, you’re simply going to get ignored.
Now the following is just my own conspiracy theory: I’ve long concluded that as long as everybody is getting paid and nobody important enough complains, then most companies don’t really care about their customers hosting malware (or other malicious traffic stemming from their customers network).
My final effort (the one I thought made a difference) is reporting the domain and offending url to any “report badware” site on the net. By experience, when a domain gets flagged by Google and friends people seem to be more inclined to solve the problem in a timely fashion.
However, I recently decided to check up on a few of the domains that I had previously reported in the last few months. I did expect them to have been cleaned up by now, but unfortunately a 100% of the sites I reported were still hosting the same malware with a clean slate from “Google safe browsing” and the website scanners provided through VirusTotal.
Interestingly enough, by uploading the malware hosted on the sites in question to VirusTotal, about 50% of the antivirus engines would indeed classify the upload as malware. It just goes to show that companies baiting us with “Is this website safe” services are basically just providing glorified link crawlers.
Anyway, in the words of Eric Cartman: Screw you Internet, I’m going home!