Slashdot Mirror

← Back to Stories (view on slashdot.org)

US and Russia Lead List of Malware Hosts

Posted by timothy on from the so-close-to-home dept.

Trailrunner7 writes "China has become the go-to bogeyman behind every cyber attack or malware campaign, but if you're looking for the most malicious hosting providers on the Web, you won't find any of the top 10 in China. In fact, the United States and Russia have many more bad hosting providers in the top 20 than China does. ... [One] interesting data point is the appearance of Amazon in the top 10 list of providers hosting the highest concentration of infected Web sites. These are the kind of sites used in drive-by download attacks and to deliver exploits from exploit packs. Amazon, with more than two million IPs, ranks fourth in the list of providers hosting infected sites. Also on that list is Google, which comes in at number seven. The top spot belongs to Mail.ru, a Russian hosting provider."

9 of 39 comments (clear)

  1. Hosts? Don't say that! by fustakrakich · · Score: 4, Funny

    Around here that's like calling beetlejuice

    --
    “He’s not deformed, he’s just drunk!”
  2. Not really all that surprising by asmkm22 · · Score: 5, Insightful

    Many many networks that I've dealt with have essentially blacklisted Chinese IP ranges, so it makes sense for anyone looking to setup a malware site to use a "legit" hosting service. They don't care if it stays up for more than a few months, in most cases.

    What would be much more interesting is data on *who* is registering and setting up all of these sites, rather than where.

    1. Re:Not really all that surprising by Gordonjcp · · Score: 4, Interesting

      Years ago I started blocking US dynamic IP ranges from port 25 because of the amount of spam from compromised machines. I started mapping the attempts to send spam using an intelligent guess based on the hostnames (most ISPs have a clue to the city in their reverse DNS) and GeoIP lookup. Now, I'm sure it's an artifact and not a "real" effect, but there seemed to be a strong correlation between red states and compromised machines sending spam.
      I'd love to see the results of a more rigorous investigation.

    2. Re:Not really all that surprising by interkin3tic · · Score: 2

      What would be much more interesting is data on *who* is registering and setting up all of these sites, rather than where.

      I'd start with a list of Nigerian royalty.

  3. The Us must continue... by N0Man74 · · Score: 2

    We must continue building more Malware Hosts!

    We must not allow a Malware Host gap!

  4. "US and Russia have many more hosting providers" by raymorris · · Score: 5, Insightful

    In fact, the United States and Russia have many more bad hosting providers in the top 20 than China does.

    Because:
    In fact, the United States and Russia have many more hosting providers in the top 20 than China does.

  5. Re:The Great Firewall by qaz123 · · Score: 2

    You are thinking too good about the US.

  6. Re:No, *I* am Spartacus! by similar_name · · Score: 3, Informative

    Because /. doesn't just delete shit. It's part of what makes this site what it is. I say this as someone who browses at -1 all the time. Now, if you want to advocate truncating posts with a 'read the rest of the comment' link, I'll support that.

  7. China, North Korea, Turkey, Russia - Not US by Anonymous Coward · · Score: 5, Interesting

    I work for a midsize eCommerce hosting firm as the Sysadmin and have been in this position for 8 years. 100% of the DDoS attacks, spam attacks, etc are originating in China, North Korea, Turkey, and Russia. All day, every day, year after year. There have been zero against our data center from within the US. Just my two cents on this. So sure, maybe US hosting companies have more malware sites or phishing scams, but the actual cyber attacks against the US are from the nations I've listed.