Follow on Google News News By Tag Industry News News By Location Country(s) Industry News
Follow on Google News | HostExploit Q2 2011 Top 50 Bad Hosts Report - Hacking, Bad Hosts and False PositivesThe HE Q2 Top 50 Bad Hosts & Networks report analyzes all 38,030 advertised hosts (ASNs), focusing on the 50 worst offenders, now newly available in both English and Russian due to a collaborative partnership between HostExploit and Group iB, Moscow.
By: HostExploit The Q2 Top 50 Bad Hosts & Networks report encompasses analysis on all 38,030 currently advertised and commercial hosts (ASNs), focusing on the 50 worst offenders. For the first time, and due to a collaborative partnership between HostExploit (HE) (http://www.hostexploit.com) The need for standardization is a recurring theme for this quarter. This conclusion is reached as a result of, and based upon, our observation of the many different ways that blacklists are compiled. Differences in data sets can be explained, in part, by blacklists being produced for specific malicious activity. Rapid expansion of the blacklist community has resulted, in some cases, in an increase in the number of false positives, and often difficulty in their removal within a reasonable period of time. After consulting with Google about the problem of false positives in relation to domain parking, Google recently made a process change to eliminate many false positives in their Safe Browsing service (used in browsers to protect end-users from malicious websites). For example, HE research shows that the removal of false positives from the Google Phishing list has resulted in a significant reduction (80 per cent) in the listings of AS21740 eNom. For eNom, now dropped out of the Top 100, this has proved to be significant, enabling them to concentrate on cleaning up the real issues. This will also be reflected across other domain registrars and domain wholesalers as well as reducing the problem of false positives that can be associated with domain parking. In summary other findings from the report show: • The title of #1 Bad Host (Overall Category) goes to AS33182 HostDime for significant levels of spam, exploit servers, phishing servers and Zeus servers, as well as botnet C&C servers, badware and infected websites. • Nearly one half (23) of the Top 50 Bad Hosts operate from the United States. Cybercriminals like hosting services that are easy to obtain and which provide false credibility. • Exploit Servers represents HostExploit’ • In the Current Events sector, the most up-to-date and fast-changing malicious activities, such as click jacking, counterfeit pharma, new exploit kits, SpyEye, Stuxnet and blended attacks such as MALfi, in #1 position is AS16138 Interia.pl. • Comparing Q1 with Q2 2011, there are few changes in terms of overall levels of badness being served. Website infections, however, are down on the corresponding period of 2010. Hosts and corporate networks invariably do not host malicious activity with deliberate intent, but can deliver malware from servers that have been hacked or compromised and added to a network of zombies. Such networks are used to further the outreach of noxious or virulent material by masking its true origin and, thus, helping to avoid detection. For this reason HostExploit considers the category called Exploit Servers to be the most important in its analysis and the basis behind its added weighting. Full details of the methodology used is available in the full report. To end on a positive note, some well-known names have shown significant reductions in levels of badness and are deserving entrants to the ‘Most Improved Host’ category. Most Improved this quarter is AS47764 Netbridge, host to the popular mail client Mail.ru, which has shown a drop of 84 percent. The title of overall #1 Good Host, for consistent low levels of badness this quarter, is awarded to AS34744 GVM Sistem, hosted in Romania. To download the Q2 2011 Top 50 Bad Hosts Report in either English or Russian visit: http://hostexploit.com/ # # # About HostExploit HostExploit part of CyberDefcon, provides open source intelligence on cyber security issues and cybercriminal operations. In providing analysis of all the public Internet servers worldwide the quarterly Top Bad Hosts reports and daily SiteVet updates aim to maximize the awareness for hosts, registrars, governmental and cyber security researchers. About Group-iB Group-iB is Russia and the CIS’s leading computer security company, specializing in the investigation of computer crime, information security breaches, and computer forensics. It was the first and the only company in Russian Federation which specializes on cybercrime investigations, and post incident consulting. End
Account Email Address Account Phone Number Disclaimer Report Abuse
|
|