Ask HN: Dealing with website distributing malware disguised as open source?

2 points by Joona 7 years ago | 4 comments
Our open source project has recently exploded in popularity, and someone registered a very similar domain to ours, using it to distribute malware. We've tried contacting their domain registrar (Namecheap) and host to no avail, and now they've taken ads on Google to appear above the official website.

Does anyone have experience or tips on how to deal with this situation?

Thanks!

  • techjuice 7 years ago
    The first and fastest thing you can do is report the site using your browser so it can be blocked (Chrome or Firefox is the best since it goes to the same list and Microsoft will also pick it up). After you have done this, report it to US-CERT - https://www.us-cert.gov/report and the FBI - https://www.fbi.gov/tips. For the registrar, did you also report it using their abuse email account and the IP/Datacenter operator abuse address? If those don't work you can also contact ICANN and the actual domain registry who can pull the domain.

    You can then talk with a lawyer to file a trademark dispute if you have a registered trademark along with a DMCA complaint if they have copied your information.

    • Joona 7 years ago
      Thanks for the US-CERT/FBI links, we'll report to them. We've reported the site through Google's safe browsing form and the registrar and host abuse addresses. Both registrar and host replied saying they found no malware on the site, despite us submitting analysis on it.

      I don't think ICANN deals with malware, but we'll contact the registry. We've also considered DMCA, but we think it would be a very temporary solution.

      • techjuice 7 years ago
        You would need to take screenshots and links to the malware, you may also have to send the links to VirusTotal - https://www.virustotal.com/#/home/upload URL submission.

        If it is targeted then you will have a bigger problem getting this resolved and law enforcement agencies would have to take over the investigation as it would be out of the scope of most to properly review this.

        • Joona 7 years ago
          We've done that with all the reports so far. Most of us aren't in the US, but hopefully the ones that are can reach out.