PRAGUE, Czech Republic, January 31, 2011 – Everyone knows that too much crime in the neighborhood is not good for business. So, it should be a surprise that companies running online shops don’t pay more attention to keeping their sites infection-free. While it may not directly affect their business, it might keep would-be customers from getting in the front door. To illustrate this point, nearly one million users of avast! antivirus software were prevented from visiting legitimate but infected on-line store – and that was after AVAST Software informed the company about the infection.
“With Francoise Saget, we have a perfect illustration as to why it’s much more effective – from the public safety perspective – to tell thousands of users about an infected site instead of the individual administrator,” said Ondrej Vlcek, CTO of AVAST Software. “With CommunityIQ members on the internet nonstop, there is a constant two-way flow of information about infected sites between avast! and our users. Getting a hold of a site admin is another issue.”
The avast! Virus Lab noticed an infection at francoisesaget.com at 12:20:40 (Central European Time) on November 21, 2010. The infection was HTML:Illiframe-R [Trj], a Trojan redirecting unsuspecting visitors to a malware distribution site in China. Within two days, the infected page had been visited 65,968 times by avast! CommunityIQ members.
Ahead of the holiday shopping season, AVAST decided to directly contact the shop about the infection and emailed them a message – in English and in French – on November 23. There was no response. As of January 26, two months after the avast! Virus Lab found the Trojan malware, the site was still infected. During this time, avast! had blocked 946,376 attempts by its users to visit the infected page.
“The lack of response is exactly what we have encountered other times we’ve tried to tell websites about infections, even those based near our company headquarters,” said Mr. Vlcek. “Here are a few lessons we’ve learned during our attempts to directly contact administrators about their infected sites.”