HostExploit - Q3 2012 World Hosts Report
Familiar Hosts & Open Resolvers
24 Oct 2012 - "... the Q3 2012 World Hosts Report, in collaboration with Group-IB and CSIS. The #1 Host this quarter for levels of malicious activity is new to the top 50 ranking table – AS40034* Confluence Networks, registered in the Virgin Islands but hosted in the United States.
New names in new places is sadly not a consistent theme for this quarter as, despite the new #1, the ‘Top 50 Hosts’ table for Q3 2012 has more than a fair share of familiar names holding the top positions. Unlike the new #1 (AS40034 Confluence Networks), AS16138 Interia.pl, the holder of the #2 spot**, is a regular at the top of the chart for consistently serving some of the worst types of malicious activity on the web. Offences include large amounts of ‘Current Events’, a mix of the most up-to-date and fast changing attack exploits and vectors.
... An important topic under discussion in the Q3 2012 report is on the subject of ‘open resolvers’, ‘DDoS the World - The Problem with DNS Open & Misconfigured Resolvers’. An area that has yet to fully capture the attention of the media, despite being known about for many years, is the -misconfiguration- of DNS resolvers or ‘open resolvers’. This can leave powerful resources vulnerable to being hijacked for the purpose of amplifying of DDoS attacks... in the country rankings, there have not been large movements. It is disappointing to see that both the United States and Russia have deteriorated since Q2 in their hosts’ overall standings... The full HE ‘World Hosts Report’ for Q3 2012 - available here (1) - provides more detailed information on all of the topics above, including data on individual categories such as Botnet C&C servers, phishing servers, exploit servers, Zeus botnet hosting, infected websites, spam, current events and badware..."
"... over the past 90 days, 296 site(s)... served content that resulted in malicious software being downloaded and installed without user consent... the last time suspicious content was found was on 2012-10-24... Over the past 90 days, we found 16 site(s) on this network... that appeared to function as intermediaries for the infection of 211 other site(s)... this network has hosted sites that have distributed malicious software in the past 90 days. We found 776 site(s)... that infected 4417 other site(s)..."
Top 50 bad hosts - Q3 2012
GOOGLE - Blacklisted URLs: 9117
AMAZON-AES - Blacklisted URLs: 723
Edited by AplusWebMaster, 24 October 2012 - 03:02 PM.