The study of malicious Internet activity: Russia again in the lead
Group-IB , the Russian leader in the computer crime investigation market, in cooperation with the HostExploit community , presents the latest report Top 50 “The Worst Networks and Hosts” in the second quarter of 2012. This time, domestic providers significantly worsened their position in this rating. This directly affected the position of Russia in the overall standings of the countries in which it ended up on the top line.
In the second quarter of 2012, the overall rating of the Russian host WEBALTA, which already headed the list in early 2011, returned to the first place. The HE index of the “winner” was 214.67. This autonomous system jumped from fourth position to first because of the high concentration of malware and other threats, including XSS attacks and RFI. Recall that last year WEBALTA was already on the top line due to the presence of a huge number of exploit servers and Zeus servers.
')
It should be noted that autonomous systems registered in Russia continue to worsen their position. If in the first quarter of 2012 in the Top 50 list they occupied five positions, then this time - already nine, including the first and second place of the overall rating. Russian hosts are also leaders in the categories "C & C Servers" and "Phishing Servers". Unfortunately, the result of this trend was the deterioration of Russia's overall rating. In the standings of the countries of the Russian Federation with an index of 359.3 "won" the top line, ahead of Luxembourg, Latvia and Ukraine. This state of affairs shows that, despite the successes of large-scale operations against cybercrime groups in the so-called Carberp club, there is still a lot of work to be done to cleanse the systems registered in Russia.
But the US hosts continue to demonstrate a record improvement: for the second quarter in a row, no autonomous system registered in America ranked first in one category or another. The total number of US hosts in the Top 50 has dropped from 17 in the first quarter to 13 in the second.
As the saying goes, a holy place is never empty, as demonstrated by unexpected changes in the category “Worsening Hosts”. The most "outstanding" host of this quarter is the AS48159 Telecommunication Infrastructure Company system from Iran, which showed a huge increase in malicious content (12888%) due to mass spamming. A similar incredible jump (12044.3%) was made by AS44553 SNS-BG-AS Smart Network Solutions Ltd, registered in Bulgaria. This time the reason was a significant increase in the number of hosted C & C servers and the same spam mailing.
Separately, it is worth praising the system from Lithuania AS45634 HOSTING-MEDIA. She finally took the appropriate measures to remedy the situation and eventually dropped from second place to position # 600. Thus, in this quarter, it became the "Most Improved Host."
The current report on the results of the II quarter of 2012 was prepared on the basis of a study of 41,635 registered autonomous systems, which is 957 more than it was at the end of the I quarter of 2012.
The HostExploit community is engaged in non-commercial research on issues of information security and countering cybercrime. Reports on the level of content of malicious content in the hosts have been published by the community for more than two years and during this time they have become a reliable source of information on this issue. According to the results of the work of analysts, a list of the Top 50 most dangerous autonomous systems (hosts and networks) is compiled, on the basis of which the implementation of increased malicious activity was recorded. All studies are conducted with the direct participation of Group-IB specialists.
The full report is available at: http://www.group-ib.ru/images/media/top_50_bad_hosts_201206_ru.pdf . Its English version is available at the following address: http://hostexploit.com/downloads/viewdownload/7/41.html .
In the second quarter of 2012, the overall rating of the Russian host WEBALTA, which already headed the list in early 2011, returned to the first place. The HE index of the “winner” was 214.67. This autonomous system jumped from fourth position to first because of the high concentration of malware and other threats, including XSS attacks and RFI. Recall that last year WEBALTA was already on the top line due to the presence of a huge number of exploit servers and Zeus servers.
')
It should be noted that autonomous systems registered in Russia continue to worsen their position. If in the first quarter of 2012 in the Top 50 list they occupied five positions, then this time - already nine, including the first and second place of the overall rating. Russian hosts are also leaders in the categories "C & C Servers" and "Phishing Servers". Unfortunately, the result of this trend was the deterioration of Russia's overall rating. In the standings of the countries of the Russian Federation with an index of 359.3 "won" the top line, ahead of Luxembourg, Latvia and Ukraine. This state of affairs shows that, despite the successes of large-scale operations against cybercrime groups in the so-called Carberp club, there is still a lot of work to be done to cleanse the systems registered in Russia.
But the US hosts continue to demonstrate a record improvement: for the second quarter in a row, no autonomous system registered in America ranked first in one category or another. The total number of US hosts in the Top 50 has dropped from 17 in the first quarter to 13 in the second.
As the saying goes, a holy place is never empty, as demonstrated by unexpected changes in the category “Worsening Hosts”. The most "outstanding" host of this quarter is the AS48159 Telecommunication Infrastructure Company system from Iran, which showed a huge increase in malicious content (12888%) due to mass spamming. A similar incredible jump (12044.3%) was made by AS44553 SNS-BG-AS Smart Network Solutions Ltd, registered in Bulgaria. This time the reason was a significant increase in the number of hosted C & C servers and the same spam mailing.
Separately, it is worth praising the system from Lithuania AS45634 HOSTING-MEDIA. She finally took the appropriate measures to remedy the situation and eventually dropped from second place to position # 600. Thus, in this quarter, it became the "Most Improved Host."
The current report on the results of the II quarter of 2012 was prepared on the basis of a study of 41,635 registered autonomous systems, which is 957 more than it was at the end of the I quarter of 2012.
The HostExploit community is engaged in non-commercial research on issues of information security and countering cybercrime. Reports on the level of content of malicious content in the hosts have been published by the community for more than two years and during this time they have become a reliable source of information on this issue. According to the results of the work of analysts, a list of the Top 50 most dangerous autonomous systems (hosts and networks) is compiled, on the basis of which the implementation of increased malicious activity was recorded. All studies are conducted with the direct participation of Group-IB specialists.
The full report is available at: http://www.group-ib.ru/images/media/top_50_bad_hosts_201206_ru.pdf . Its English version is available at the following address: http://hostexploit.com/downloads/viewdownload/7/41.html .
Source: https://habr.com/ru/post/149662/
All Articles