Breaking the Cycle of Malware

by Matthew Prince.

Breaking the Cycle of
Malware

Google did something terrific yesterday. They began notifying users with a certain kind of malware running on their PCs that they had a problem and linked them to tools to help clean it up. While it is currently limited, we think this is an important step by Google. Notifying web visitors when they are running an infected machine, and giving them the tools to help clean up the infection, has been part of CloudFlare's core mission from the day we began protecting websites. We believe steps like this by more websites is a critical step needed to break the "cycle of malware."

The Malware Cycle

It is hardly an exaggeration to say that virtually every problem online can be tracked back to infected PCs. A PC that has been infected with a virus or other malware can then be used by online criminals to cause harm in a wide variety of ways. Think of it like the cliché scene in any movie or TV show with law enforcement tracking a hacker online. You can picture what I'm talking about: the investigators are huddled around a computer monitor trying to track the hacker when they discover that he is "bouncing his connection between 16 servers."

Reality isn't too far from the fictionalized drama. Cyber criminals use infected PCs as proxies. This allows them to both hide their true identity and location and amplify their damage. One spammer, for example, can command a virtual army of infected computers, known as a "botnet," to send millions of email messages that look like they are coming from around the world. Often these messages contain code to infect even more PCs, creating a cycle of malware.

The challenge is the owners of these infected computers often have no idea that the infection has taken place. While the true owners sleep, their computers run amuck online, facilitating virtually all of the big Internet problems we see today: spam, denial of service attacks (DDoS), fraud, and hacking. To solve these problems, you need to break the cycle of malware and clean up these infected PCs. Unfortunately, until recently, few mechanisms exist to responsibly notify the owners of these machines that they have a problem and what they can do to clean it up. That's where CloudFlare, and now Google, have started to help.

Breaking the Cycle

We built CloudFlare to help break the cycle of malware in two critical ways.

First, we help websites protect themselves from being compromised. One of the key ways that more PCs become infected is from websites that have been compromised to spread infectious code to their visitors. By protecting these websites, CloudFlare is taking away one of the key distribution channels for malware.

Second, CloudFlare empowers websites with the ability to inform their infected users they have a problem and give them the tools to clean it up. Just like Google, CloudFlare allows websites to set their security settings to whatever level of security they want. For the best balance of performance and security, the default setting is Medium.

To "challenge" a visitor running an infected machine with a CAPTCHA before allowing them onto the site, the website owner can set the security setting to High. If your priority is web performance, and you aren't as concerned about security or cleaning up infected users, then you can turn the security settings down to Low or Essentially Off, which acts only against the most grievous offenders.

If, however, you want to help get word to anyone running on an infected machine, like Google has begun doing, CloudFlare gives any website an easy way to help break the cycle of malware. At the same time, we are working with some of the best anti-malware providers in order to give these users the tools needed to clean up their infection.

We're proud of the hundreds of thousands of infected computers CloudFlare websites have helped clean up, and are glad to see other websites like Google stepping up in similar ways to tackle this important problem.

comments powered by Disqus