Social engineering, for example, is now acknowledged as a leading threat to organizations and businesses of all sizes with many lacking the resources to control this multi-faceted problem. The rise of personal gadgets used within the workplace brings its own set of problems, too.
One of the keys to countering cybercrime in its many forms and guises is to raise awareness of the problems and to educate users/employees/
For example, discussed in the report this quarter is the rise of GHOSTing, or Bulletproof Cybercrime Hosting and the Cloud, which is increasingly being used as a way of serving malicious material whilst remaining under the radar. It gives, by all intents and purpose, the impression of clean and responsible hosting as no criminal, or dubious, activity is detected on the providers’ servers. This is achieved through the legitimate offering of VPN or VPS services to those clients who wish to host illicit or objectionable badness e.g. malware, botnet C&Cs, phishing, spam operations, or even images of child sexual abuses. In this way hosts can feign ignorance or turn a blind eye to their customers’ real intentions. More on this issue can be found in the Q3 report.
The HostExploit ‘Top 50 Bad Hosts’ series of quarterly reports is our way of contributing to the fight against cybercrime. The aim is to raise awareness about where badness is being hosted and to provide a means for hosts to benchmark the cleanness of their service against others in the industry.
HostExploit analyzes all 39,056 plus currently advertised and commercial hosts (ASNs) with the results represented in a number of ways. The main findings are available in .pdf format on the HostExploit website. For the second time, we are pleased to announce that this report is also published in Russian, due to a collaborative partnership with Group-IB Moscow (group-ib.ru)
In Q3 2011, there were several changes in the top positions in the ‘Top Bad Hosts’ table:
• The title of #1 Bad Host (Overall Category) now goes to AS33626 Oversee.net, a monetizer of domain names, for high levels of hosting malicious URLs, badware, Zeus botnet servers and infected sites.
• The US share of the Top 50 has dropped from 23 in Q2 to 16 In Q3 although 5 of the Top 10 are still hosted from the United States including the #1 spot.
• #1 in the category of 'Exploit Servers', the most important category in the analysis of malware, phishing or badness as a whole, is AS47583 Hosting-Media, hosted in Lithuania.
An in-depth analysis of the type of badness served on individual ASNs, such as is botnet activity, badware, exploit kits, spam, etc., is available on our sister site, www.SiteVet.com. Here, also, is historical information that gives a further insight into the longer term performance of individual hosting providers. This information is additionally beneficial to the making of an informed decision about the reputation of a particular host.
In a quarter that included the notorious hack of DigiNotar many questions relating to lax security remain unanswered. At times it can seem to be a struggle to find any good news but that is why HostExploit reports include a regular feature on the ‘Good Hosts’, as a way of emphasizing that the vast majority of hosts do a good job and to congratulate the most improved hosts. This quarter is no exception and includes at least one familiar name, Dutch host AS29073 Ecatel, a former #1 Bad Host, and regular in the Top 10, has recently shown a significant improvement by dropping just out of the Top 50.
Download Q3 2011 'Top 50 Bad Hosts and Networks' report (English version) here: http://hostexploit.com/
Download Q3 2011 'Top 50 Bad Hosts and Networks' report (Russian version) here:
About HostExploit http://hostexploit.com/
HostExploit provides open source intelligence on cyber security issues and cybercriminal operations. In providing analysis of all the public Internet servers worldwide the quarterly Top Bad Hosts reports and daily SiteVet updates aim to maximize the awareness for hosts, registrars, governmental and cyber security researchers.
Group-IB is the first company in Russia and the CIS working professionally and comprehensively in cybercrime investigation, information security breaches, and computer forensics. As part of the company, a computer forensics lab provides independent computer forensic investigations, including for Russian law enforcement agencies. Group-IB is part of LETA Group.