Top 50 Bad Hosts - June 2012
Transnational Cooperation Defeating Cybercrime.
Recent successes against several gangs and major cybercriminals affirm the essentiality of transnational cooperation. A trend that is likely to continue, supporters of cross-border collaboration find reason for optimism with the prospect of further actions.
The news of three separate operations against users of the Carberp virus is a highlight of the quarter according to HostExploit’s Q2 2012 “Bad Hosts and Networks” report. For the central investigator, Group-IB and its various partners in each of the operations, this is a major coup as well as an important strike against some of the biggest cybercriminals.
The three gangs used the bank raider, Carberp Trojan, to carry out major attacks on online banking and financial systems worldwide. They are suspected of looting and stealing millions of dollars over the course of several years.
Apprehending notorious crooks like these makes obvious headline stories and serves to highlight some of the ‘behind the scene’ operations that otherwise may go unnoticed. It accentuates the various roles and efforts required to bring such operations to fruition. As well, it strengthens the momentum for transnational cooperation, which time and again proves its worth, through the pooling of valuable information and knowledge.
The HostExploit approach is to encourage an ethos of responsible hosting. By remaining vigilant about what, or who, uses their services, hosting providers can avoid gaining a bad reputation. In today’s competitive environment that is a valuable asset.
So what does the HE 2012 Q2 report reveal and how is it useful?
- There is a new #1 for this quarter, but not a newcomer to the #1 position: AS41947 WEBALTA.
- Russian hosts take the top 2 positions: AS41947 WEBALTA and AS44112 SWEB-AS SpaceWeb JSC.
- The highest placed hosting provider registered in the United States is at #8 - AS15244 ADDD2NET-COM-INC-DBA-LUNARPAGES - Lunar Pages.
- The Russian Federation regains the #1 title for serving the most cybercriminal activities from hosting providers registered in the country.
- An exceptionally large number of C&C botnets were found on the servers of AS50465 IQHOST (RU) this quarter.
It is especially frustrating to see Russian registered hosts placed so highly this quarter while conversely the rankings for those registered in the United States have improved. For the United States, this is obviously a positive, and while too soon to commend the beginning of a new trend, the next quarter results may provide further testimony.
It is scenarios like these that prove the value of the HostExploit ‘Top 50 Bad Hosts and Networks’ tables and reports. Quarterly trends relative to the hosting industry can be easily followed while live daily reports on individual ASNs are available via our free online tool, SiteVet.
So will the next few months see more successful takedowns and disruptions? Already there has been a notorious strike against the Grum botnet, a story that continues to unfold. There is every reason to believe that more will follow over the coming months.
|Reviewers||Dr. Bob Bruen
We welcome any feedback relating to this paper or assistance in this area of research from the community.