How to lose a million customers with malware

According to the Czech-based IT security vendor, because the sites were infected, its software protected users by flagging up the fact that the pages were infected.

"With Francoise Saget, we have a perfect illustration as to why it's much more effective – from the public safety perspective – to tell thousands of users about an infected site instead of the individual administrator", said Ondrej Vlcek, Avast's chief technology officer.

"With CommunityIQ members on the internet nonstop, there is a constant two-way flow of information about infected sites between Avast and our users. Getting a hold of a site admin is another issue", he explained.

Vlcek says that his research team noted there was an infection at at 12:20 CET on November 21, 2010.

The infection, he says, was HTML:Illiframe-R, a trojan redirecting unsuspecting visitors to a malware distribution site in China.

Ahead of the holiday shopping season, Vlcek said that his firm decided to directly contact the shop about the infection and emailed them a message – in English and in French – on November 23.

"There was no response. As of January 26, two months after the Avast virus lab found the Trojan malware, the site was still infected. During this time, Avast had blocked 946,376 attempts by its users to visit the infected page", he said.

"The lack of response is exactly what we have encountered other times we've tried to tell websites about infections, even those based near our company headquarters," he added.

The situation, he went on to say, is not untypical, as breaking the news about an infection is a difficult process.

Even after the responsible person has been identified, it is often difficult to convince them that their site has a problem that they should correct.

Another issue, says Vlcek, is that infections are not always activated, whilst the malware is being 'upgraded.'

At the end of the day, Avast says that the safety of the internet is a users' personal responsibility. To remain safe, the company adds, all computer users need a certified and updated anti-virus application on their computers at all times.

What’s Hot on Infosecurity Magazine?