Subscribe to receive notifications of new posts:

Breaking the Cycle of Malware

2011-07-20

2 min read
google_malware_warning.png.scaled500-1

Google did something terrific yesterday. They began notifying users with a certain kind of malware running on their PCs that they had a problem and linked them to tools to help clean it up. While it is currently limited, we think this is an important step by Google. Notifying web visitors when they are running an infected machine, and giving them the tools to help clean up the infection, has been part of CloudFlare's core mission from the day we began protecting websites. We believe steps like this by more websites is a critical step needed to break the "cycle of malware."

The Malware Cycle

It is hardly an exaggeration to say that virtually every problem online can be tracked back to infected PCs. A PC that has been infected with a virus or other malware can then be used by online criminals to cause harm in a wide variety of ways. Think of it like the cliché scene in any movie or TV show with law enforcement tracking a hacker online. You can picture what I'm talking about: the investigators are huddled around a computer monitor trying to track the hacker when they discover that he is "bouncing his connection between 16 servers."

Reality isn't too far from the fictionalized drama. Cyber criminals use infected PCs as proxies. This allows them to both hide their true identity and location and amplify their damage. One spammer, for example, can command a virtual army of infected computers, known as a "botnet," to send millions of email messages that look like they are coming from around the world. Often these messages contain code to infect even more PCs, creating a cycle of malware.

The challenge is the owners of these infected computers often have no idea that the infection has taken place. While the true owners sleep, their computers run amuck online, facilitating virtually all of the big Internet problems we see today: spam, denial of service attacks (DDoS), fraud, and hacking. To solve these problems, you need to break the cycle of malware and clean up these infected PCs. Unfortunately, until recently, few mechanisms exist to responsibly notify the owners of these machines that they have a problem and what they can do to clean it up. That's where CloudFlare, and now Google, have started to help.

Breaking the Cycle

We built CloudFlare to help break the cycle of malware in two criticalways.

First, we help websites protect themselves from being compromised. One of the key ways that more PCs become infected is from websites that have been compromised to spread infectious code to their visitors. By protecting these websites, CloudFlare is taking away one of the key distribution channels for malware.

Second, CloudFlare empowers websites with the ability to inform their infected users they have a problem and give them the tools to clean it up. Just like Google, CloudFlare allows websites to set their security settings to whatever level of security they want. For the best balance of performance and security, the default setting is Medium.

To "challenge" a visitor running an infected machine with a CAPTCHA before allowing them onto the site, the website owner can set the security setting to High. If your priority is web performance, and you aren't as concerned about security or cleaning up infected users, then you can turn the security settings down to Low or Essentially Off, which acts only against the most grievous offenders.

If, however, you want to help get word to anyone running on an infected machine, like Google has begun doing, CloudFlare gives any website an easy way to help break the cycle of malware. At the same time, we are working with some of the best anti-malware providers in order to give these users the tools needed to clean up their infection.

We're proud of the hundreds of thousands of infected computers CloudFlare websites have helped clean up, and are glad to see other websites like Google stepping up in similar ways to tackle this important problem.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
MalwareGoogleAttacks

Follow on X

Matthew Prince|@eastdakota
Cloudflare|@cloudflare

Related posts

November 20, 2024 10:00 PM

Bigger and badder: how DDoS attack sizes have evolved over the last decade

If we plot the metrics associated with large DDoS attacks observed in the last 10 years, does it show a straight, steady increase in an exponential curve that keeps becoming steeper, or is it closer to a linear growth? Our analysis found the growth is not linear but rather is exponential, with the slope varying depending on the metric (rps, pps or bps). ...

October 02, 2024 1:00 PM

How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack

Over the past couple of weeks, Cloudflare's DDoS protection systems have automatically and successfully mitigated multiple hyper-volumetric L3/4 DDoS attacks exceeding 3 billion packets per second (Bpps). Our systems also automatically mitigated multiple attacks exceeding 3 terabits per second (Tbps), with the largest ones exceeding 3.65 Tbps. The scale of these attacks is unprecedented....

September 27, 2024 1:00 PM

Network trends and natural language: Cloudflare Radar’s new Data Explorer & AI Assistant

The Cloudflare Radar Data Explorer provides a simple Web-based interface to build more complex API queries, including comparisons and filters, and visualize the results. The accompanying AI Assistant translates a user’s natural language statements or questions into the appropriate Radar API calls....