FYI...Bulletproof cybercrime hosting & the Cloud
20 October 2011 - "... In Q3 2011
, there were several changes in the top positions in the Top Bad Hosts table:
• The title of #1 Bad Host (Overall Category) now goes to AS33626 Oversee.net
*, a monetizer of domain names, for high levels of hosting malicious URLs, badware, Zeus botnet servers and infected sites.
• The US share of the Top 50 has dropped from 23 in Q2 to 16 In Q3 although 5 of the Top 10 are still hosting from the United States
including the #1 spot.
• #1 in the most important category, Exploit Servers, in the analysis of malware, phishing or badness as a whole, is AS47583 Hosting-Media
**, hosted in Lithuania....
Discussed in this quarter report, also, is the rise of GHOSTing, or 'Bulletproof Cybercrime Hosting and the Cloud
', which is increasingly being used as a way of serving malicious material and yet remaining under the radar
. It gives, by all intents and purposes, the impression of clean and responsible hosting as no obvious sign of criminal activity is detected on the providers’ servers. This is achieved through the legitimate offering of VPN or VPS services to those clients who wish to host illicit or objectionable badness e.g. malware, botnet C&Cs, phishing, spam operations or even images of child sexual abuses
. In this way hosts can feign ignorance or turn a blind eye to their customers’ real intentions. Further information on this practice can be found in the Q3 report..."
"... over the past 90 days, 3 site(s)... served content that resulted in malicious software being downloaded and installed without user consent... the last time suspicious content was found was on 2011-10-20... we found 3 site(s) on this network... that appeared to function as intermediaries for the infection of 4 other site(s)... We found 443 site(s)... that infected 8141 other site(s)
"... over the past 90 days, 973 site(s)... served content that resulted in malicious software being downloaded and installed without user consent... the last time suspicious content was found was on 2011-10-20... we found 99 site(s) on this network... that appeared to function as intermediaries for the infection of 467 other site(s)... We found 99 site(s)... that infected 685 other site(s)