The anti-malware organization StopBadware was created in 2006 at Harvard University and moved its operations to The University of Tulsa in 2015. Originally established to identify malicious software online, StopBadware quickly became a service for website managers desperate to remove malware from their sites. Tandy Endowed Assistant Professor of Cybersecurity and Information Assurance Tyler Moore is the organization’s director.
When a website is attacked by users with harmful intent, the hackers attach extra code to the site and attempt to automatically download software to the computer without consent. Moore said websites with a vulnerability or weakness are the typical targets attackers exploit.
“At any given time, there are literally 10s of thousands of these sites out there, and they get compromised all of the time,” he said.
Google and other web services check for malware as part of their monitoring process of crawling the Internet. If malware is detected, the site is placed on a blacklist that protects users by displaying a red screen warning the site has been attacked. The warnings provided by Google Chrome and Firefox link to services explain the warning and how to resolve the problem. One of the sites listed is TU’s StopBadware.
“One of the functions of StopBadware is to educate consumers about web-based malware, but it’s primary mission is to assist web masters,” Moore said. “We help them clean up their site and get off that blacklist.”
Google, ThreatTrack Security and NSFOCUS provide StopBadware with real-time feeds of all sites currently blacklisted. Moore and a group of TU undergraduate and graduate students post the information to StopBadware’s site.
“We manage a clearing house where you can search every website to see if it ever had malware on it, now or historically, including the past 10 years,” Moore said.
Large companies with an internal web security staff have the resources to investigate and fix an issue themselves, or they can hire private firms to remove the malware. However, for smaller organizations who don’t have the luxury of handling a problem themselves, web masters can contact StopBadware or Google directly for assistance.
“A web master can submit a request for a review, and we’ll give them resources and suggest common things to check to determine if they’ve been compromised,” Moore said.
Two undergraduate TU computer science students, Steven Diaz and Chloe Liu, are trained malware masters. They answer incoming requests by viewing the questionable sites using a special virtual machine environment that is self-contained to prevent the malware from spreading. The students monitor the network traffic, collect data, take notes and send their findings back to the website’s operator. StopBadware initiates a rescan back to Google to remove the site from the blacklist.
Marie Vasek (PhD ’17) is a past StopBadware intern, and as a new faculty member at the University of New Mexico she continues to help train students and assist Moore with infrastructure management.
StopBadware is active in external collaborations with other researchers around the country to reinforce its service mission and help those who can’t afford to pay an expert to fix their malware problem.
“It allows us to keep our ear to the ground about what’s happening and provides us with a good source of data on cybercriminal activity that helps us develop new capabilities to assist web masters and further our research,” Moore said.
In addition to Moore’s efforts at StopBadware, he leads several other projects within the Tandy School of Computer Science related to cybersecurity and cybercrime. He is the recipient of a 2017 National Science Foundation Faculty Early CAREER Award. The five-year NSF grant is one of the most prestigious awards distributed in support of early-career faculty who are role models in research and education.
As principal investigator of the project Developing Robust Longitudinal Indicators and Early Warnings of Cybercrime, Moore collects data from StopBadware and other sites on a long-term basis to detect any measurable improvements or worsening of security. He has studied cybercrime measurement for a decade.
“We’re trying to come up with better measures of cybersecurity — longitudinal indicators,” Moore said. “Most security research looks at a single snapshot in time, but we want to collect data on a long-term basis and detect any measurable improvements or worsening of security as a result.”
Other grants Moore and his team have received include a $220,000 data sharing grant from the U.S. Department of Homeland Security Science and Technology Directorate to study the incentives for researchers to produce and share cybersecurity datasets. He also is involved in a three-year National Science Foundation grant that investigates the effects of security shocks on cryptocurrency platforms such as Bitcoin. TU students are collecting data on Bitcoin thefts and other denial of service attacks to determine if the occurrence of a security event causes a consistent impact on the performance of online currency exchanges.