Q4-2010 - Top 50 Bad Hosts and Networks
FYI...
Q4-2010 - Top 50 Bad Hosts and Networks
-
http://hostexploit.com/blog/14-reports/3528-repeat-offenders-host-cybercrime-activity.html
12 January 2011 - "... The emphasis this quarter is on the repeat offending of some hosting providers...
VolgaHost AS29106 is no stranger to the Top 50 reports, having been in the top 10 for the entire 6 months prior to this quarter. And yet the effective badness levels have continued to rise to now take the #1 rank. Particularly prevalent on VolgaHost are Zeus servers and infected web sites. On the theme of repeat offenders, it has been a disappointing quarter for
eNom AS21740, the domain Registrar arm of Demand Media. Ever willing to give credit where due, HE praised, in the last quarter report, what seemed to be a genuine attempt on eNom’s part to ‘clean-up’. Sadly, however, this effort appears to have been short lived. eNom is
back up to ranking #3 from #7 in Q3, having previously been #1. In the Badware sector eNom is once again
top of the pile as #1 Bad Host. HE’s view is that the majority of hosts do a good job at keeping their servers clean. So why then are there hosts such as VolgaHost, eNom and
Ecatel AS29073 (displaced from #1 down to #2), all of whom display enduring levels of cybercriminal activities on their servers?... Perhaps the attitude of hosting providers is best summed up by Andre' M. Di Mino (Co-Founder & Director of The Shadowserver Foundation) in his foreword to the report:
"The majority of network and hosting providers are very concerned about their reputation and will respond in rapid fashion when notified of malicious activity. Others are content to let such activities flourish. In any case, it is important to highlight those providers where malicious activity is rampant, and raise general public awareness." - Andre' M. Di Mino
HE’s Q4 2010 Report exposes the persistent nature of some of the more dubious activities hosted by a few providers such as:
•
INTERIAPL (PL) AS16138 #1 for Current Events (exploit kits etc) since June 2010.
•
DATA ELECTRONICS (IE) AS13100 #1 for Exploit Servers in the last 2 reports.
An example of the lack of due diligence allowing bad habits to return can be seen with Brazilian
Cyberweb Networks AS28299. This hosting provider had dropped down to #228 in Q3 2010, from #9 in Q2 as a result of ‘cleaning-up’. Recent increased
levels of botnets and phishing, however, has bounced this provider back up to #21. The HE Q4 2010 Report recognizes the genuinely hard effort made by hosts and providers intent on ‘cleaning up’. The ‘Most Improved Hosts’ section displays those deserving of praise and approval for their achievements. For example: CTC-CORE-AS (RU) AS44237 #29 in Q3
now #27,204. An improvement of 99% to almost negligible levels of badness. The vast majority of hosts do provide a safe and relatively clean Internet experience for their customers.
Approximately only 6% of the 36,371 public ASes (Autonomous Systems) display levels of badness that give cause for concern through ineffective abuse procedures and a tolerance of cybercriminal friendly activities. The HE quarterly reports continue to display the results of the monitoring ‘bad’ hosts in anticipation of a cleaner and safer Internet experience for all users..."
:fear:
