24.01.2012
Top 50 Bad Hosts & Networks – 4th Quarter 2011 – published by HostExploit and Group-IB
January 24, 2012
HostExploit’s report for Q4 2011 on the ‘Top 50 Bad Hosts and Networks’ focuses on malicious internet activity served from nearly 40,000 public Autonomous Systems worldwide. Featured this quarter is the regular table of Bad Hosts with special reports on the ‘Pocket Botnet’, the Dirt Jumper and Armageddon DDoS botnets, and DeepEndResearch.org.
HostExploit’s (HE) Q4 2011 ‘Top 50 Bad Host and Networks’ report, released today, provides a quantitative analysis of all hosts and networks worldwide on the basis that all cybercrime is hosted, served, and transmitted by a host or a network operation. It is co-published with Group-IB, who operates CERT-GIB – the first private computer emergency response team in Russia.
Throughout 2011, internet users faced numerous threats as organizations large and small fell foul to attacks on their systems leading to several commentators branding 2011 as ‘the year of the data breach’. There were some truly shocking revelations about large-scale data breaches with many questions still outstanding on the ‘who, where and why.’ The year ended as it began with yet another data breach of epic proportions, with more than 75,000 credit card numbers and 850,000 usernames and passwords being stolen from strategic forecaster ‘Stratfor’.
New threats in 2011 included the appearance of the first smartphone infections with botnet-like attributes to bring the reality of a ‘pocket botnet’ ever closer. 2012 will see more of the same as the continuing popularity of the smartphone as the device of choice for accessing the internet ensures that cybercriminals will make it their target in pursuit of financial gain. There is a special feature on this subject in HE’s Q4 2011 report.
Featured too in the report is an overview of the analysis performed on the ‘Dirt Jumper’ DDoS botnet by newly-formed security group DeepEnd Research – a fusion of independent, experienced and highly-respected researchers including founder Andre’ M. DiMino with members Mila Parkour, Jart Armin, Yuriy Khvyl, Marnie King, Rosanno Ferraris and Chris Lee.
As a regular feature, the HE Bad Hosts report identifies which hosts have the most malicious activities in terms of delivering botnets, spam, phishing, exploits, viruses, etc., via their servers. Each category has its own clearly reported analysis which, when combined, gives an overview on where internet badness is located.
Highlights from the Q4 2011 report include a new “#1 Bad Host”: Lithuanian (LT) AS47583 Hosting Media supporting some of the worst types of threats including several botnet-related activities such as Zeus as well as C&C servers, exploit servers, phishing servers, malware and badware.
Publicizing information in this fashion helps service providers to gauge their own levels of ‘badness’, to compare their performance against other providers and serves as an alert or early warning about a problem that time-pressured hosting providers may have overlooked.
HE believes it makes sense for hosting providers to be proactive and to engage in self-regulation. After all, it makes no economic sense to gain a bad reputation.
By highlighting the ‘bad’ hosts, who put money before concern for the safety of Internet users, we can raise awareness among webmasters and domain owners. Armed with this information they can make an informed decision about where to host their websites. Hosting providers will thus be provided with an incentive to stay clean in a highly competitive market.
Note: Live results can be found at www.sitevet.com. The figures contained here were correct at the time of the end of year analysis.
For a full copy of The Q4 Top 50 Bad Hosts & Networks report, please visit: http://hostexploit.com/downloads/viewdownload/7-public-reports/35-top-50-bad-hosts-a-networks-2011-q4.html.
About HostExploit
HostExploit provides open source intelligence on cyber security issues and cybercriminal operations. In providing analysis of all the public Internet servers worldwide the quarterly Top Bad Hosts reports and daily SiteVet updates aim to maximize the awareness for hosts, registrars, governmental and cyber security researchers.
About Group IB
Group-IB is Russia and the CIS’s (Commonwealth of Independent States) leading computer security company, specializing in the investigation of computer crime, information security breaches, and computer forensics.
On the basis of Group-IB, CERT-GIB operates as the first private computer emergency response team in Russia. CERT-GIB provides the client with comprehensive support in minimizing informational risks, consisting of technical, organizational, and legal advice.
Contact
