Forgot your password?
typodupeerror
China Security United States IT

US and Russia Lead List of Malware Hosts 39

Posted by timothy
from the so-close-to-home dept.
Trailrunner7 writes "China has become the go-to bogeyman behind every cyber attack or malware campaign, but if you're looking for the most malicious hosting providers on the Web, you won't find any of the top 10 in China. In fact, the United States and Russia have many more bad hosting providers in the top 20 than China does. ... [One] interesting data point is the appearance of Amazon in the top 10 list of providers hosting the highest concentration of infected Web sites. These are the kind of sites used in drive-by download attacks and to deliver exploits from exploit packs. Amazon, with more than two million IPs, ranks fourth in the list of providers hosting infected sites. Also on that list is Google, which comes in at number seven. The top spot belongs to Mail.ru, a Russian hosting provider."
This discussion has been archived. No new comments can be posted.

US and Russia Lead List of Malware Hosts

Comments Filter:
  • by fustakrakich (1673220) on Friday March 29, 2013 @03:51PM (#43314447) Journal

    Around here that's like calling beetlejuice

  • by asmkm22 (1902712) on Friday March 29, 2013 @03:57PM (#43314495)

    Many many networks that I've dealt with have essentially blacklisted Chinese IP ranges, so it makes sense for anyone looking to setup a malware site to use a "legit" hosting service. They don't care if it stays up for more than a few months, in most cases.

    What would be much more interesting is data on *who* is registering and setting up all of these sites, rather than where.

    • by Gordonjcp (186804) on Friday March 29, 2013 @05:46PM (#43315165) Homepage

      Years ago I started blocking US dynamic IP ranges from port 25 because of the amount of spam from compromised machines. I started mapping the attempts to send spam using an intelligent guess based on the hostnames (most ISPs have a clue to the city in their reverse DNS) and GeoIP lookup. Now, I'm sure it's an artifact and not a "real" effect, but there seemed to be a strong correlation between red states and compromised machines sending spam.
      I'd love to see the results of a more rigorous investigation.

    • What would be much more interesting is data on *who* is registering and setting up all of these sites, rather than where.

      I'd start with a list of Nigerian royalty.

    • Many many networks that I've dealt with have essentially blacklisted Chinese IP ranges...

      That's probably what they want, so they don't have to go through the expense of setting up their 'great' firewall to censor their internet. Neat trick, huh?

  • by N0Man74 (1620447) on Friday March 29, 2013 @03:58PM (#43314519)

    We must continue building more Malware Hosts!

    We must not allow a Malware Host gap!

  • by raymorris (2726007) on Friday March 29, 2013 @04:03PM (#43314553)

    In fact, the United States and Russia have many more bad hosting providers in the top 20 than China does.

    Because:
    In fact, the United States and Russia have many more hosting providers in the top 20 than China does.

  • Perhaps that makes it harder to host malware in China? Duh

    Thereby, I'm not surprised at all by the findings. How is the US beating Russia 5-4 on this though, Russian internet has been the black market of the web pretty much and has hosted every single crack, hack, and exploit known to the internet at some point. I wonder if they rounded them all up and sent them to siberia between then and now. They're capable of doing that too.

  • by Anonymous Coward

    A bogeyman is an imaginary entity. It is not the same as a scapegoat.

  • by Anonymous Coward on Friday March 29, 2013 @04:43PM (#43314795)

    I work for a midsize eCommerce hosting firm as the Sysadmin and have been in this position for 8 years. 100% of the DDoS attacks, spam attacks, etc are originating in China, North Korea, Turkey, and Russia. All day, every day, year after year. There have been zero against our data center from within the US. Just my two cents on this. So sure, maybe US hosting companies have more malware sites or phishing scams, but the actual cyber attacks against the US are from the nations I've listed.

    • by Anonymous Coward

      100% of the DDoS attacks, spam attacks, etc are originating in China, North Korea, Turkey, and Russia.

      For me, it's been 98% China, 1% US (almost entirely Amazon's shitcloud), with the remainder being elements of Russia, Italy, Israel and Brazil.

The bugs you have to avoid are the ones that give the user not only the inclination to get on a plane, but also the time. -- Kay Bostic

Working...