Friday, December 5, 2008

KoobFace Loves Its Hosting Service

Okay, so you've heard about KoobFace, the new piece of malware that is infecting Facebook users this week.

The thing that burns me up about KoobFace and things like it is that they would barely matter if hosting companies were better regulated and occasionally policed.

Here's what we know. KoobFace, like most pieces of malware, tries to redirect users away from their intended destination to a site loaded down with more malware, or designed to fool you into downloading a fake antivirus product, etc etc.

KoobFace, in what many would consider an ironic act, is reportedly re-pointing users towards Geocities.com sites.

It is no secret that the malware manufacturers rely on hosting companies either implicitly (please abide by your SLA and ensure you don't remove our server from the net for at least 48 hours even if requested to do so) or explicitly (we know what you're doing and we like your money).

Let's call it as it is: Without a destination to redirect users to, many crimeware writers don't have a business.

Robert Sandilands recently blogged about the dramatic effect of closing down one bad hosting company in California. Spam dropped globally by a remarkable percentage - just from closing that one company.

Recommendation: Hosting companies should immediately be forced by the DHS to adopt a KYC, or "Know Your Customer" policy similar to the one that banks use when they sign up a new customer.

I personally think that would help greatly. At a minimum, there should be more similar policing actions like the one taken in California.

I guarantee you that if hosting companies were suddenly made responsible for the malware sitting on their servers - or at the very least, for checking that the folks renting them are not criminals - things would get easier for IT guys to control, and we could start building a safer online world based on certified and proven safe destinations - and responsible hosting companies.