Slashdot Mirror

← Back to Stories (view on slashdot.org)

US and Russia Lead List of Malware Hosts

Posted by timothy on from the so-close-to-home dept.

Trailrunner7 writes "China has become the go-to bogeyman behind every cyber attack or malware campaign, but if you're looking for the most malicious hosting providers on the Web, you won't find any of the top 10 in China. In fact, the United States and Russia have many more bad hosting providers in the top 20 than China does. ... [One] interesting data point is the appearance of Amazon in the top 10 list of providers hosting the highest concentration of infected Web sites. These are the kind of sites used in drive-by download attacks and to deliver exploits from exploit packs. Amazon, with more than two million IPs, ranks fourth in the list of providers hosting infected sites. Also on that list is Google, which comes in at number seven. The top spot belongs to Mail.ru, a Russian hosting provider."

39 comments

  1. Hosts? Don't say that! by fustakrakich · · Score: 4, Funny

    Around here that's like calling beetlejuice

    --
    “He’s not deformed, he’s just drunk!”
    1. Re:Hosts? Don't say that! by Anonymous Coward · · Score: 0

      Hostfile, hostfile, hostfile.

    2. Re:Hosts? Don't say that! by Anonymous Coward · · Score: 0

      I Soviet Russia crazy people are full of unmoderated comments. On Slashdot comments are full of unmoderated crazy people!

    3. Re:Hosts? Don't say that! by wierd_w · · Score: 1

      Oh shit!

      You just summoned APK and JC! When Micheal Kristopiet shows up and demands they use their real names, the end will be upon us!

    4. Re:Hosts? Don't say that! by Anonymous Coward · · Score: 0

      Nooo! Don't mention Kristopiet! He and his army of ban-evading sock puppet accounts will appear! They are legion, they speak with one true name, and they'll all call you a coward for not doing the same!

    5. Re:Hosts? Don't say that! by techno-vampire · · Score: 1

      Why? Are you afraid that you'll get the attention of The Lord of hosts? If so, you're probably not the one who should be worrying!

      --
      Good, inexpensive web hosting
  2. Not really all that surprising by asmkm22 · · Score: 5, Insightful

    Many many networks that I've dealt with have essentially blacklisted Chinese IP ranges, so it makes sense for anyone looking to setup a malware site to use a "legit" hosting service. They don't care if it stays up for more than a few months, in most cases.

    What would be much more interesting is data on *who* is registering and setting up all of these sites, rather than where.

    1. Re:Not really all that surprising by Gordonjcp · · Score: 4, Interesting

      Years ago I started blocking US dynamic IP ranges from port 25 because of the amount of spam from compromised machines. I started mapping the attempts to send spam using an intelligent guess based on the hostnames (most ISPs have a clue to the city in their reverse DNS) and GeoIP lookup. Now, I'm sure it's an artifact and not a "real" effect, but there seemed to be a strong correlation between red states and compromised machines sending spam.
      I'd love to see the results of a more rigorous investigation.

    2. Re:Not really all that surprising by interkin3tic · · Score: 2

      What would be much more interesting is data on *who* is registering and setting up all of these sites, rather than where.

      I'd start with a list of Nigerian royalty.

    3. Re:Not really all that surprising by fustakrakich · · Score: 1

      Many many networks that I've dealt with have essentially blacklisted Chinese IP ranges...

      That's probably what they want, so they don't have to go through the expense of setting up their 'great' firewall to censor their internet. Neat trick, huh?

      --
      “He’s not deformed, he’s just drunk!”
    4. Re:Not really all that surprising by Anonymous Coward · · Score: 0

      Seems that blew right over the heads of these folks. /. ain't what it used to be.

  3. The Us must continue... by N0Man74 · · Score: 2

    We must continue building more Malware Hosts!

    We must not allow a Malware Host gap!

  4. Re:No, *I* am Spartacus! by Anonymous Coward · · Score: 0, Interesting

    why do the mods not delete this shit?

    Way to lower the bar everyone.

  5. "US and Russia have many more hosting providers" by raymorris · · Score: 5, Insightful

    In fact, the United States and Russia have many more bad hosting providers in the top 20 than China does.

    Because:
    In fact, the United States and Russia have many more hosting providers in the top 20 than China does.

  6. The Great Firewall by Synerg1y · · Score: 1

    Perhaps that makes it harder to host malware in China? Duh

    Thereby, I'm not surprised at all by the findings. How is the US beating Russia 5-4 on this though, Russian internet has been the black market of the web pretty much and has hosted every single crack, hack, and exploit known to the internet at some point. I wonder if they rounded them all up and sent them to siberia between then and now. They're capable of doing that too.

    1. Re:The Great Firewall by qaz123 · · Score: 2

      You are thinking too good about the US.

  7. America #1 !!! by Anonymous Coward · · Score: 0

    Fuck yeah!!!

  8. Re:No, *I* am Spartacus! by Anonymous Coward · · Score: 1

    hello, You must be new here

  9. You keep using that word... by Anonymous Coward · · Score: 1

    A bogeyman is an imaginary entity. It is not the same as a scapegoat.

    1. Re:You keep using that word... by Anonymous Coward · · Score: 0

      That's the point. The use of it indicates that the writer believes the threat from China is mostly imagined (or at least very exaggerated). It has nothing to do with whether China is imaginary or not. I think scapegoat would be the wrong word to use in that context.

  10. Re:No, *I* am Spartacus! by similar_name · · Score: 3, Informative

    Because /. doesn't just delete shit. It's part of what makes this site what it is. I say this as someone who browses at -1 all the time. Now, if you want to advocate truncating posts with a 'read the rest of the comment' link, I'll support that.

  11. Once again ... by Anonymous Coward · · Score: 0

    ... China has some serious catching up to do.

  12. China, North Korea, Turkey, Russia - Not US by Anonymous Coward · · Score: 5, Interesting

    I work for a midsize eCommerce hosting firm as the Sysadmin and have been in this position for 8 years. 100% of the DDoS attacks, spam attacks, etc are originating in China, North Korea, Turkey, and Russia. All day, every day, year after year. There have been zero against our data center from within the US. Just my two cents on this. So sure, maybe US hosting companies have more malware sites or phishing scams, but the actual cyber attacks against the US are from the nations I've listed.

    1. Re:China, North Korea, Turkey, Russia - Not US by Anonymous Coward · · Score: 1

      100% of the DDoS attacks, spam attacks, etc are originating in China, North Korea, Turkey, and Russia.

      For me, it's been 98% China, 1% US (almost entirely Amazon's shitcloud), with the remainder being elements of Russia, Italy, Israel and Brazil.

    2. Re:China, North Korea, Turkey, Russia - Not US by Anonymous Coward · · Score: 0

      Most companies I've worked for just end up blocking those sites. Every once in a while they'd get hack attempts from residential IPs, but they'd always come in clusters (indicating a botnet)...like it'd be fine for a week then suddenly 20 unique residential US IPs would be knocking on ports trying to get in, and all go away at the same time.

    3. Re:China, North Korea, Turkey, Russia - Not US by EvilIdler · · Score: 1

      I get a lot of those botnet hack attempts on sites I host, and it's mainly Spain, Italy and Ukraine lately, from residential IPs. A few come from the UK, and they're at other server hosts. The last type are actually fixable, as the admins respond. The residential ones either keep quiet and deal with it, or don't care. The past few months the clustering has dropped off too. It's an isolated login attempt or two a day to Wordpress sites (which one filter bans after 3-5 failures) or SSH ports (rarely, and handled by fail2ban).

  13. Government Has The Best 0Days by Anonymous Coward · · Score: 0

    It's 'choose your own adventure' time for Governments and evil orgs:

    http://buggedplanet.info/

    Let the Wikileaks Spy Files sink in deeply.

    READ IT UNTIL YOU LOVE IT.

    I believe all anti-* scanners whitelist a lot [of 0days] at the feet of their masters in Gov.

  14. Re:No, *I* am Spartacus! by Anonymous Coward · · Score: 1

    How about a new mod value. -2APK

  15. Re:THIS IS NOT ME... apk by RMingin · · Score: 1

    I have copied and pasted one troll and thereby triggered another, equally egregious rant from the other troll. I also receive the triple troll bonus for having the copied troll come and paste a troll response to the troll responding to my mock post. I submit this as my interpretation of Slashdot's native art style. Apologies to all I offended, but I hope I win an award.

    "Say good night, Gracie."
    "Good night, Gracie."

    Oh, and Anti-APK? Thanks for participating. That's a lovely idea, a BTC tip jar! Me too!

    Tipping is not a city in China: 18pzfMyde2BcuDQ5HjzHXc9kmYmDkv1z2Z

    --
    The preceding comment is my own, and in no way construes an opinon of the Emperor of Mankind.
  16. PC Hell disproves MyCleanPC by tepples · · Score: 1

    I will give $10,000.00 to frost pister who can disprove MyCleanPC.

    Done. Apparently it's just a poorly written registry cleaner, and CCleaner works better for no charge. You can send the 10,000 USD reward through PayPal to ebay(at)pineight.com.

    Oh, and Time Cube's four simultaneous 24-hour days offset by a quarter of a day are just time zones. What do New York, London, Beijing, and Honolulu experience?

  17. Request to Slashdot Sysadmin by Anonymous Coward · · Score: 0

    Have you thought of correlating this poster to known pest posts? If the text shows a high degree of correlation, reject it as "redundant".

    At least make this pest go through the trouble of at least coming up with an original post.

    Or maybe give moderators a "pest" moderation, which would carry a heavy penalty - like giving you max negative karma - for misuse. And it would be well known that all uses of the "pest" moderation will be metamodded by the Slashdot sysadmin. This way we all can share in the elimination of this pest. Many hands make for a light load. The "pest" moderation would immediately kill subsequent display of the offending post to everyone unless metamodded back into existence. Giving us authority to completely kill off a post is a great responsibility and should carry an equally heavy liability for its misuse.

  18. Re:No, *I* am Spartacus! by Anonymous Coward · · Score: 0

    timecube parody ftw :]

  19. Re:"US and Russia have many more hosting providers by Anonymous Coward · · Score: 0

    Do you realize that this top 10 list is based on illegal activity and not number of subscribers or IPs or anything else?

    But hey, don't let facts get in the way of your logic...

    Love all patriotic morons upvoting parent.