Malware in OA

Update 2, 5/3/18: The third pass is complete. It cleared three more journals, leaving 198 as malware. Most of these–still 136–are from Indonesia. More than half are from six Indonesian universities, with two of those (Universitas Udayana and Universitas Diponegoro) accounting for 71. Nearly all are from universities. As far as I can tell–and I’m not as sure of my facts here–66 of the 198 are new to DOAJ in 2017, and none of the 132 others was flagged as malware last year.

While XM/malware journals account for just a bit less than 2% of the study, which is far too high, they’re mostly small journals even by OA standards. Although I have no article counts for some 23 of the journals (not in last year’s study and no article-level reporting to DOAJ), totals for the other 176 are 2,920 articles for 2017 (more incomplete than previous years); 5,250 for 2016; 5,016 for 2015; 4,335 for 2014; 3,698 for 2013; and 2,546 for 2012–that is, never more than about 1% of serious gold OA totals.

Some brave or foolhardy folks, and those without especially careful protective software, will find that some of these journals don’t seem problematic (and, of course, some universities may get around to cleaning up their code). That could include 80 “riskware” (lower threat level) and 67 “phishing” sites. along with the 49 “malware” and two security certificate problems.

Update 4/29: I’ve completed the second pass; the third pass will begin on May 1 (and with luck end on May 3; medical stuff will take up all of May 2).

The good news: the malware count has been roughly cut in half. There are now 201 journals where malware prevents me from getting full data–and another 30 where blocked subsites mean that I *can* get full data but that users not running good malware software might be infected. [A couple of new malware cases showed up during the second pass, and are included in the 201.]

The bad news: There are still 201 malware-blocked journals, which I’ll recheck starting May 1, in addition to the 30 “malware outbound” cases, 46 “X category” journals to get one final check (journals that yield 404s, parking pages, database failures or are otherwise not workable), and 20 miscellaneous rechecks. After that I’ll normalize the data, prepare the upload spreadsheet, add derived-data columns, and start on the book[s].

If you’re wondering: Indonesia still dominates with 136 malware cases, but that’s also the biggest drop. Brazil shows 27; Romania 10; Malaysia 9; Iran 4; Taiwan, Philippines, and Portugal 3 each; Chile and Italy 2 each; and singletons from Turkey and Ukraine. Two Indonesian universities account for 67 of the 136 cases, with domain-level issues.

Original post:

Here’s the short version: if you’re involved with gold OA and think you can contact useful people, download, a spreadsheet with allĀ 410 journals flagged as having malware during my scan of gold OA journals (first pass just completed). Sites that are fixed by May 1, 2018 will be included in GOAJ3: Gold Open Access Journals 2012-2017. Those that aren’t, won’t.

CHANGES 4/4/2018: At DOAJ’s request, I’ve added ISSN and E-ISSN columns to the spreadsheet, both populated using Excel VLOOKUP on the URL column.

Slightly longer version:

I’ve finished the first pass. There are a lot of journals with malware problems: 410, as compared to 67 in last year’s run.

Yes, Indonesia makes up the bulk of them–but by no means all.

The acceptable number of infected journal sites is, of course, zero.

The spreadsheet is arranged by country, then publisher, then journal. A “note” column contains possibly-useful notes (e.g., did Malwarebytes flag an outbound request as malware or was it at the domain level?).

Thirty countries had at least one instance, but most were from a handful of countries:

Indonesia 287
Brazil 41
Ukraine 13
Romania 11
Malaysia 9
Portugal 5
Colombia 4
Costa Rica 4
Iran, Islamic Republic of 3
Philippines 3
Poland 3

These countries had two cases each: Argentina; Chile; Italy; Morocco; Nepal; Peru; Spain; Venezuela, Bolivarian Republic of.

These had one each: Bangladesh; Bulgaria; Ecuador; Georgia; Mexico; Mongolia; Paraguay; Taiwan, Province of China; Tunisia; United Kingdom; United States.

The spreadsheet includes a country page–and a publisher page for those (slightly normalized) with four or more malware journals.


The second pass will probably start around April 20, 2018–but journals still flagged as having malware will be tested once more, no earlier than May 1, 2018, but probably not long after that.

If I continue to hit malware, I’ll try an alternate access path (doing a journal name search in Bing or Google); if that doesn’t help, I’ll pick up numbers fro DOAJ if I can–but only for “bigger numbers.” I won’t include infected journals in the overall study, and certainly can’t recommend them.

Interestingly, only three of the journals were also infected with malware in last year’s study.

Comments are closed.