(WEB HOST INDUSTRY REVIEW) -- With the launch of its Web Anti-Malware service this week, security startup Dasient (www.dasient.com) addressed what several of the company’s founders describe as a growing problem in the proliferation of harmful software. And it is seeking the partnership of hosting providers in distributing its solution.

In an interview with the WHIR, Neil Daswani and Ameet Ranadive, two of the company’s three co-founders, describe a fundamental change in the way malware is spread – and precisely the situation the company was created to combat. While malicious software used to rely mostly on email for its distribution, the last two years has seen a 600 percent increase in the automated infection of websites – often legitimate ones – which can then download malware to unsuspecting users who simply visit these sites.

This kind of attack has been referred to as the “drive-by download,” and it offers the purveyors of that malware – botnet operators and the like – a more effective, and less effectively policed, venue for distribution.

Several circumstances have contributed to the explosion in web-based malware attacks, says Ranadive, including the general advances in the complexity of technologies being used to build web applications, the growing number of non-experts building web-facing applications without security backgrounds and the increasing automation of attackers.

“It’s a very difficult engineering problem,” he says, “that requires an entirely new solution to address the fact that the web has become the new frontier for malware.”

Currently, the front-line response to the proliferation of “drive-by download” attacks has taken place among the search engine operators and web browser developers, who have been creating blacklists of infected sites that trigger automatic warnings – in, for instance, Google’s search results, or in warning page displayed by Firefox – discouraging web users from sites because of their potential to install harmful software.

Microsoft, developer of the market-leading Internet Explorer browser, has reported seeing upwards of 10 million sites infected per year.

For website operators, appearing on one of these blacklists has the obvious immediate impact of lost traffic, and potentially sales, from the traffic turned away, a likely-irreparable blow to customer trust and a dangerous hit to their brand reputation. What’s more, says Dasient, a company might not discover its site is on the blacklist until hearing about it from the customer.

According to Daswani – who, along with the company’s third co-founder Shariq Rizvi, is an former engineer at Google, one of the companies already working to combat the threat – Dasient’s WAM solution, a product in several parts, is a previously unseen approach to addressing website malware infection.

On Tuesday, the company announced two public betas: its free blacklist monitoring, which regularly monitors blacklists from search engines, browsers and desktop anti-virus companies, and instantly alerts customers if they’ve been flagged; and its subscription service, premium monitoring and diagnosis, which continuously monitors customer sites for malicious code, and issues notifications with detailed diagnostic information, identifying infected URLs and pinpointing the malicious code.

The blacklist monitoring program can be accessed directly from the homepage of the company’s website.

In a private beta, the company launched its quarantine service, which, in conjunction with the premium monitoring service, automatically quarantines the malicious code as soon as it is identified, enabling the website to continue serving normally, and avoid being blacklisted at all.

For web hosting providers, the appeal of the product may go beyond just a value-add, says Ranadive, since webmasters whose sites are infected or blacklisted will often turn first to their hosting providers for help, making infection in general a growing customer support challenge.

“The other thing that’s happening with web hosting providers is, very often, it might not be the hosting provider’s fault,” says Daswani. “The site may be using third party applications, and one of those applications has a vulnerability. So to an extent, where the responsibility is [located] is often a gray area, and neither the webmaster or the web hosting providers is in the best position.”

The quarantine solution, which operates through a module installed on the web server, would alleviate some of that confusion by reducing the potential impact of the infection. It would also solve the problem of the rather labor-intensive cleanup process, says Ranadive.

“Most folks manually work to clean up the problem,” he says, “but that’s not the most scalable, or easy process. And it’s also not a process that’s automated or works at web speed or web scale.”

The company’s partner program would see hosts installing the web server module at no cost, and then selling the monitoring and quarantine service to customers for a share in the revenue of the monthly subscription.

The service is currently priced at $50 per month for what the company calls the “low end,” and that price scales up with the size and complexity of the customer site. But that doesn’t preclude hosts that serve customers at a scale that would be priced out at that range.

“In those cases we could work with them to structure appropriate pricing and packaging that would kind of fit their customer base and their customers’ needs,” says Daswani.

Information on applying to take part in the private beta of the quarantining solution is available in the partner section of the company’s website.

At the moment says Dasient, its WAM is the only product of its kind positioned to combat the new model of malware distribution that is only going to grow in the years to come – a threat hosting providers may want to look at addressing now.

Comment by Anonymous on Tuesday, July 07, 2009

Comment anonymously or log into your WHIR account

• News: Q&A: Karl Pichler, Finance Director of EMEA, Rackspace
• News: Microsoft Hosting Exec John Zanni Joins Parallels as Vice President of Alliances
• News: Lincoln Property Acquires Data Center Brokerage Firm Rackhouse
• News: Open-Xchange Improves Usability, Social Networking Features
• Blogs: See you at the Tier 1 Research Hosting & Cloud Transformation Summit 2010