Reports

The HostExploit (HE) series on worldwide cybercriminal activities continues in the Q4 2010 Report on the ‘Top 50 Bad Hosts and Networks’. The emphasis this quarter is on the repeat offending of some hosting providers.

Download the two page summary (PDF) here and the full report here.

VolgaHost AS29106 is no stranger to the Top 50 reports, having been in the top 10 for the entire 6 months prior to this quarter. And yet the effective badness levels have continued to rise to now take the #1 rank. Particularly prevalent on VolgaHost are Zeus servers and infected web sites.

HostExploit is pleased to present the Q3 2010 report on the Top 50 Bad Hosts and Networks. The emphasis this quarter is on the most improved hosts, with many of the worst hosts from the last quarter taking steps to remove cybercriminal activity from their servers.

Download the report here.

Bad publicity damages reputations and can be financially detrimental to business. A sobering dose of bad publicity can result in positive action being taken, as Demand Media have demonstrated since the previous report.

As part of a series of reports on ‘Cybercrime USA’, HostExploit presents a detailed analysis on Demand Media/eNom’s position as #1 Bad Host in the HE Index of comparative Internet badness. Research published in our recent Q2 2010 Top 50 Bad Hosts and Networks Report shows AS21740 Demand Media/eNom topping the HE chart by serving and distributing internet badness through: botnets, spam, malware, infected web sites, and exploit serving. Out of the known 34,738 publicly reported ASes (servers), Demand Media/eNom is shown to be #1 for Internet badness and #1 abusive registrar.

Download the report here.

To demonstrate how the Internet badness served by Demand Media relates to other known centers of badness, we introduce in this report “The McColo Standard of Cybercrime”, whereby scores on our HE Index are illustrated in an easy to understand format and in comparison to how the infamous McColo would have fared using this system. A score of 4 to 5 on the HE Index is an average of all ASes. Much to our surprise, both Demand Media and McColo (using retroactive data from October 2008) scored around 270 indicating high levels of Internet badness. This placed Demand Media firmly in the #1 position on the HE Index.

Press Release

HostExploit is pleased to present the Q2 2010 report on the ‘Top 50 Bad Hosts and Networks’. At rank #1 in the report, Demand Media/eNom (USA) earns the label of ‘worst host’ from security analysts at HostExploit, taking over the top spot from Ecatel (Netherlands). A detailed analysis shows high levels of Internet ‘badness’ and cybercriminal activity hosted by Demand Media/eNom in their role as a hosting provider.

Download the report here.

Using data, supplied by SiteVet.com, together with Open Source Security data partners, HostExploit has released an updated HE Index of the worst internet hosting operators around the world. Compiled by actuarial analysis on data provided from all 34,748 public ASes (Autonomous Systems), the HE Index is presented as an easy-to-understand ‘badness’ rating, on a scale of 0 to 1000, published in tables and charts. With a focus on the worst aspects of cybercriminal activity, the HE Index also takes into account factors such as: size of network; potential for the hosting of botnets; distribution of malware, exploits, rogues and spam.

At 9:00am EST on Friday May14th AS50896 PROXIEZ lost its ability to infect the Internet. To avoid confusion there were ‘unsuccessful’ attempts to reconnect on Saturday & Sunday May 15/16^th. This is where there may have been reports of connections to bots and malware being still alive.

The upstream peer AS50818 DIGERNET was also disconnected from the Internet @ 10:30am EST on Friday May14th. AS50908 EVAUA (InfoPlus Ltd.) is currently attempting to serve the Zeus C&Cs as a replacement for Proxiez.

AS50896 PROXIEZ – Issued by RIPE and first active April 19th 2010 and AS50908 EVAUA first active May17th 2010 again leads to the question the issuance of ASNs and IP ranges by RIPE which are immediately utilized for crime servers.

Mini Report in PDF can be downloaded here (registration required).