Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon and GoDaddy Are the Biggest Malware Hosters

Posted by Unknown on from the spin-up-an-extortion-image dept.

An anonymous reader writes "The United States is the leading malware hosting nation, with 44 percent of all malware hosted domestically, according to Solutionary. The U.S. hosts approximately 5 times more malware than the second-leading malware-hosting nation, Germany, which is responsible for 9 percent of the detected malware. The cloud is allowing malware distributors to create, host and remove websites rapidly, and major hosting providers such as Amazon, GoDaddy and Google have made it economical for malicious actors to use their services to infect millions of computers and vast numbers of enterprise systems."

21 of 76 comments (clear)

  1. no way the biggest hosts by maliqua · · Score: 5, Funny

    also host the most malware

    mind blown

    1. Re:no way the biggest hosts by Arrogant-Bastard · · Score: 5, Insightful

      Your comment is funny, but misses the point about economics of scale.

      Amazon, with its immense resources, should be one of the cleanest hosts on the planet. They can afford, using their spare change, to staff a 24x7 abuse desk with very senior people. The budgetary impact wouldn't even be a blip. And with the right people, suitably empowered, they could keep their operation nearly free of malware, phishing, spam, and other forms of abuse. They're far better positioned to do this than many smaller operations, who couldn't possibly afford it.

      But they haven't. Why not? Is it because they don't know? Unlikely. Of course they know. Is it because they don't know how to address it? Equally unlikely. Of course they do. They have some smart people on staff. No, they know what the problem is AND they know how to fix it.

      They just don't want to.

      Because even as (relatively) small as those costs would be, it's still cheaper for them to externalize them to the entire rest of the Internet, and let all of us deal with it. So rather than taking professional responsibility for their own operation, they've decided to just blow it off. After all: who's going to make them?

      I would say the same about GoDaddy, but it's not true. They actively support, encourage, and endorse spam, malware, phishing and every other form of abuse. They have from the beginning, only their method of lying about it has changed. (And don't forget GoDaddy's own history of self-promoting spam.) But once again: who's going to make them do anything differently?

      Until operations are held accountable for their actions -- which is something that we USED to do on this network, a long time ago -- most won't bother. And that is, in large part, why problems like spam and phishing and malware are epidemic.

    2. Re:no way the biggest hosts by tranquilidad · · Score: 3

      "Amazon, with its immense resources,"

      Amazon, on sales of $2.98 Billion for the 12 months ending September 30, 2013, had net income of $130 million.

      You say the budgetary impact wouldn't even be a blip. How about putting a hard number on it?

      There's a difference between a company being big and having "immense resources" to spend on staffing "a 24x7 abuse desk with very senior people."

      Generally speaking, Amazon has been happy incurring a lot of losses in their bid for world domination. You may disagree with their allocation of resources as a company but it's difficult to conclude they have immense, unallocated resources sitting by and "they just don't want to" fix the problem.

      I'm curious as to what you think the solution is that would be so easy for their smart people to fix.

    3. Re:no way the biggest hosts by amicusNYCL · · Score: 3, Informative

      They can afford, using their spare change, to staff a 24x7 abuse desk with very senior people.

      You think that the solution to this problem is a 24-hour abuse desk? Isn't that, by nature, a reactive solution instead of a proactive solution? This comes with the turf. When Amazon allows their customers to quickly and easily set up new virtual servers and things like that, this is going to happen. Unless they are actively scanning all files and data that go through their network to block things (and even that is not a full solution), we are going to continue to see the "cloud" malware sites. These are sites that pop up and maybe they only exist for a day or two, or a few hours, before they get shut down, but in that time they've done what they were supposed to do and once they go down another one pops up. A place that people can call to report malware is not going to solve that problem.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
    4. Re:no way the biggest hosts by postbigbang · · Score: 3, Insightful

      Of course they make money. Plain and simple: never credit consipacy where sloth was the problem.

      Yeah, they gain by being sloppy. But there's not a single law enforcement entity that gives a flying fleep, either. Do you see the FBI jumping in to save the day? Har. CIA? I'm ROFL. Justice Dept? ho ho ho. FTC? Huh?

      But you didn't tell me: how do you know what's malware and not, so that a judge doesn't throw out a warrant or an order? And you didn't tell me: what kind of secondary auth is going to be acceptable? And you didn't tell me how they're going to police it-- parse incoming streams? Audit what are supposed to be private sites? With what? Updated with what?

      Grow up.

      --
      ---- Teach Peace. It's Cheaper Than War.
    5. Re:no way the biggest hosts by cerberusti · · Score: 3, Interesting

      Amazon does control spam to at least some extent. They sent me an e-mail asking about it when one of the servers I have there started sending e-mail.

      They asked me to describe my use case and set a new limit on outgoing messages.

      Serving malware is probably difficult to do much about. I doubt they can directly scan servers for it (for a variety of reasons) and it would be difficult to distinguish from normal web traffic (especially if encrypted.) This probably means they need to wait for a problem before they can do something about it.

      I suppose they could require more information about their customers, or include a waiting period on servers... but nobody does that, and in my opinion it would be unreasonable to require it of them.

      --
      I'm a signature virus. Please copy me to your signature so I can replicate.
    6. Re:no way the biggest hosts by hackus · · Score: 2

      It is more profitable to accept the malware business than it is to staff people.

      -Hack

      --
      Got Geometrodynamics? Awe, too hard to figure out? Too bad.
    7. Re:no way the biggest hosts by Arrogant-Bastard · · Score: 4, Insightful

      There are a large number of reasonably well-understood methods for dealing with this.

      First, you have a working RFC 2142 role account address: abuse@ your domain. You pay attention to what shows up there. You reply promptly. You engage. After all, if someone is doing your job for you and doing it on THEIR dime, the least you can do is take advantage of it. Moreover, if you manage to do this reasonably well, word will get out, you'll earn the respect of your peers, and they will reward you with more reports -- again, doing your work for you for free.

      Worth noting is that Amazon makes it nearly impossible to communicate with their abuse desk and fails to respond to reports in any way, let alone a timely one. And it's well known that GoDaddy frequently forwards them to the abusers.

      Second, you pay attention to netflows. If a virtual host instance is opening up TCP connections on port 25 to a kazillion hosts/hour, then it's spamming. Any kind of perfunctory monitoring will spot this and a hundred other similar things in real time.

      Third, you pay attention to who's behind the incidents. If you don't, then they'll just sign up over and over and over again. So you work to avoid that, by looking at the who, what, where, when patterns -- and you ban repeat offenders. This isn't watertight, of course -- but it doesn't need to be. If you raise the bar high enough, they'll just go somewhere else, which reduces your workload and lets you focus more tightly on what's left.

      Fourth, you look at usage patterns. Most web sites do NOT display global usage patterns, particularly those which are connected to a domain registered yesterday. (Think about it.) If you observe that, then something's up: it might be legitimate. It's almost certainly not. The same thing applies to other services and other protocols.

      Fifth, if you're Amazon, you have a highly paid legal staff. Use them. Smack the crap out of a few particulaly egregious offenders in court. Make it noisy so that everyone else knows you're doing it. Again, this doesn't have to be watertight; it just has to discourage miscreants.

      Finally (and I'm stopping here for brevity, there's a lot more), do all this publicly. Encourage your peers to do the same. Challenge them. Raise the collective bar, not just your own. Cooperate with your competitors.

      All of this costs money. Not a stupid amount of money, but it does cost. Which is why it almost never gets done (see previous post).

  2. Expected by kamapuaa · · Score: 5, Insightful

    Spinning this as a national issue is like saying "California has far more car accidents than Rhode Island." Of course it's true, but the US is far larger than (say) Germany, and has the largest hosting providers in the world. It would be a great surprise if the US wasn't in the lead.

    --
    Slashdot: providing anti-social weirdos a soapbox, since 1997.
    1. Re:Expected by MickyTheIdiot · · Score: 3

      The assumption that "size is directly responsible for the malware" has been the excuse made by every Microsoft advocate ever to walk the face of the earth.

    2. Re:Expected by trongey · · Score: 3, Interesting

      So, is it your assumption that size is directly responsible for the malware? Why can't a large hosting company also institute the best protection mechanisms to reduce their malware content? GoDaddy I can see not giving a crap, but Amazon should do some proper management to reduce this problem.

      Do you realize how much business they would lose if they did that?
      You can't just kick off all your best customers.

      --
      You never really know how close to the edge you can go until you fall off.
  3. Re:Sweet, I block both ashole companies entirely. by netsavior · · Score: 3, Informative

    so you don't use Pinterest, Reddit, Foursquare, Spotify, Adobe, Etsy, IMDB, PBS, Netflix, or Yelp?

    Wow. Such internet. Much isolationism. Very consumer.

  4. sigh, all the innovation has gone elsewhere by swschrad · · Score: 2

    we host the most sites, but all the big hacks and l337 hax0rz are from other countries. just shows to go ya, we have lost the innovation edge in the US, outclassed by WhateverStan. I am so embarassed...

    --
    if this is supposed to be a new economy, how come they still want my old fashioned money?
  5. popn size by minstrelmike · · Score: 4, Funny

    Alert. Largest subpopulations of a population have the most parasites.
    The longest books tend to have the most typos.
    Enquiring minds want to know why.

  6. This is why company's block Amazon EC2. by urbanriot · · Score: 4, Interesting

    I often interact with large companies' IT departments and the general ID is to completely block all Amazon EC2 servers to prevent spam, malware attacks and access to filter bypass services like Ultrasurf, regardless of the possibility of legitimate sites hosted on Amazon. Occasionally they'll make exceptions for port 80 but the idea is basically, "since Amazon is complicit in hosting so much malicious or nefarious crap on the internet, just block Amazon."

  7. Well, you can spin it as a national issue... by Ecuador · · Score: 4, Interesting

    I mean, the whole problem is the legal framework, which is focused on dealing with the wrong issues. Imagine if instead of malware you attempted to host copyrighted content on Amazon or GoDaddy or whomever else. Immediate takedown of the content and people coming after you. If you host malware on the other hand, meh, as long as Amazon gets paid they can host it without getting into trouble.
    When I say it is a national issue, I don't mean it is only a US issue. It is a national issue for every country that writes the laws that corps ask for. Well, of course, it is the only country that I know off where corporate bribes are institutionalized, but that's another story.

    --
    Violence is the last refuge of the incompetent. Polar Scope Align for iOS
  8. Yep by Sycraft-fu · · Score: 2

    Amazon operates on very thin margins. This is partially because they want to give customers a good price, which means they don't make a lot of profit per sale. It is also because they reinvest their profits in their business, buying more infrastructure, that kind of thing.

    They are not like Apple, just hoarding tons of cash, they don't actually have a tone of money left over.

  9. Welcome to 1999 by nobuddy · · Score: 2

    reacting to an increase in mail traffic from a known mail server? Spam has used botnets and distributed sending for a decade. Only the total noob mom-and-pop shop tries to direct mail spam anymore.

    Perhaps if they watched for more modern malware signatures instead they would be more effective.

  10. Entitlement is rampant. by nobuddy · · Score: 2

    We blocked facebook a couple of years ago. the wailing and gnashing of teeth was everywhere.

    It went away rather rapidly when we offered to open access on a per-person basis with a request, signed by management, as to what their business need for facebook was. Same with streaming radio and video sites.
    When your allocated bandwidth for a site is operating at a constant 80% or more, and 90% of THAT is recreational/entertainment sites something has to change. They bitched, but real business traffic began working properly again. Satellite offices for the energy sector tend to have very limited internet options. hell, one is still rocking a T1 because we can't get a better option with low enough latency for their needs.

  11. Wrong. Re:Welcome to 1999 by billstewart · · Score: 2

    Amazon cloud instances are a perfectly plausible place to send spam from, if you can get away with it and if it's cheaper than botnet service (and of course botnet services are just as happy to sell you compromised Amazon cloud instances instead of compromised home PCs if they have them.)

    But he didn't say he tried to spam from his Amazon server and got questioned - he said he tried to send mail, and Amazon questioned them. Most virtual machines don't send mail directly, just as most residential PCs don't, so it's reasonable for them to check that he's sending mail on purpose and wasn't just pwned.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  12. Interesting Architectural Change, Actually by billstewart · · Score: 2

    It used to be that the US was the largest target/market for malware, but the malware itself was often running in China or Korea, and if it was running in the US it was on compromised home PCs. Now it's moved to the cloud. The Amazon part is more interesting, because it's general-purpose cloud service, as opposed to GoDaddy which specializes in hosting domain parking pages and similar malware-usable services.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks