{"id":90266,"date":"2019-02-17T18:50:10","date_gmt":"2019-02-17T23:50:10","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-08-21T19:38:59","modified_gmt":"2021-08-21T23:38:59","slug":"volunteers-take-down-124k-malware-sites","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/volunteers-take-down-124k-malware-sites\/","title":{"rendered":"Volunteers Take Down 124K Malware Sites"},"content":{"rendered":"<p><a href=\"https:\/\/www.oceanacoa.com\/support-us\/\" target=\"_blank\" rel=\"124k down malware sites take volunteers noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft\" title=\"Volunteers Take Down 124K Malware Sites\" src=\"https:\/\/i0.wp.com\/www.oceanacoa.com\/wp-content\/uploads\/2017\/10\/volunteering-300x257.png?resize=93%2C80&#038;ssl=1\" alt=\"Volunteers Take Down 124K Malware Sites\" width=\"93\" height=\"80\" \/><\/a>\u00a0<a href=\"http:\/\/www.circleid.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><em>CircleID<\/em><\/a> <a href=\"https:\/\/www.circleid.com\/posts\/volunteer_based_project_succeeds_in_taking_down_100000_malware_distribution\/\" target=\"_blank\" rel=\"noopener noreferrer\">reports<\/a> that <strong><a href=\"https:\/\/abuse.ch\/\" target=\"_blank\" rel=\"noopener noreferrer\">abuse.ch<\/a><\/strong>, a non-profit cybersecurity organization based in Switzerland kicked off a volunteer-based information sharing project called <a href=\"https:\/\/urlhaus.abuse.ch\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>URLhaus<\/strong><\/a> in March 2018. URLhaus collects and shares URLs identified to be distributing <a href=\"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/what-is-malware\/\" target=\"_blank\" rel=\"noopener noreferrer\">malware<\/a>. Since its start up, URLhaus has proven to be quite effective in taking down over <a href=\"https:\/\/urlhaus.abuse.ch\/browse\/\" target=\"_blank\" rel=\"noopener noreferrer\">124,000<\/a> <strong>malware distribution<\/strong> sites.<\/p>\n<p>Abus<a href=\"https:\/\/mycomputerworks.com\/how-to-remove-a-virus\/\" target=\"_blank\" rel=\"300 average in malware noopener sites submitted noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright\" title=\"submitted in average 300 malware sites\" src=\"https:\/\/i0.wp.com\/mycomputerworks.com\/wp-content\/uploads\/2016\/12\/virus1-1080x675.png?resize=153%2C96&#038;ssl=1\" alt=\"submitted in average 300 malware sites\" width=\"153\" height=\"96\" \/><\/a>e.ch\u2019s URLhaus project allows anyone to sign up with a Twitter account to report malicious URLs. The system will download and analyze the site\u2019s payload and try to identify it before submitting it to Anti-Virus vendors and blacklist providers such as <a href=\"https:\/\/safebrowsing.google.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Google Safe Browsing<\/a>, <a href=\"https:\/\/www.spamhaus.org\/dbl\/\" target=\"_blank\" rel=\"noopener noreferrer\">Spamhaus DBL<\/a>, and <a href=\"http:\/\/www.surbl.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">SURBL<\/a>, according to the blog post.<\/p>\n<p><em>CircleID<\/em> reports that 265 security researchers located all over the world have identified and submitted on average <strong>300 malware sites to URLhaus each day<\/strong>. The article said URLhaus succeeded beyond the infosec community; the project also managed to get the attention of many hosting providers which is not an easy task, especially for large hosting providers that have tens of thousands of customers and hence a significant amount hijacked websites in their network that are getting abused by cybercriminals to distribute malware.<\/p>\n<p>The chart below produced by <a href=\"https:\/\/twitter.com\/abuse_ch\" target=\"_blank\" rel=\"noopener noreferrer\">abuse.ch<\/a> shows the number of active malware distribution sites tracked since the launch of URLhaus.<\/p>\n<p><a href=\"https:\/\/www.circleid.com\/posts\/volunteer_based_project_succeeds_in_taking_down_100000_malware_distribution\/\" target=\"_blank\" rel=\"urlhaus. distribution launch malware noopener of since sites the tracked noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"aligncenter\" title=\"malware distribution sites tracked since the launch of URLhaus. \" src=\"https:\/\/i0.wp.com\/www.circleid.com\/images\/uploads\/11687.png?resize=478%2C196&#038;ssl=1\" alt=\"malware distribution sites tracked since the launch of URLhaus. \" width=\"478\" height=\"196\" \/><\/a><\/p>\n<p>abuse.ch reports that the<strong> US or China hosts 2\/3 of the top malware hosting networks<\/strong>. The overall average malicious site take-down time is 8 days, 10 hours, 24 minutes. The three top Chinese malware hosting networks have an average abuse desk reaction time of more than a month!<\/p>\n<p>That&#8217;s more than enough time to infect thousands of devices every day.<\/p>\n<p>&nbsp;<\/p>\n<h2 id=\"tablepress-64-name\" class=\"tablepress-table-name tablepress-table-name-id-64\">Top malware hosting networks<\/h2>\n<span id=\"tablepress-64-description\" class=\"tablepress-table-description tablepress-table-description-id-64\">The top malware hosting networks, hosting active malware content identified by abuse.ch as of January 2019.<\/span>\n\n<table id=\"tablepress-64\" class=\"tablepress tablepress-id-64\" aria-labelledby=\"tablepress-64-name\" aria-describedby=\"tablepress-64-description\">\n<thead>\n<tr class=\"row-1\">\n\t<th class=\"column-1\">Rank<\/th><th class=\"column-2\">ASN<\/th><th class=\"column-3\">Country<\/th><th class=\"column-4\">Average Reaction Time<\/th><th class=\"column-5\">Malware URLs<\/th>\n<\/tr>\n<\/thead>\n<tbody class=\"row-striping row-hover\">\n<tr class=\"row-2\">\n\t<td class=\"column-1\">1<\/td><td class=\"column-2\">AS14061 DIGITALOCEAN-ASN - DigitalOcean, LLC<\/td><td class=\"column-3\">US<\/td><td class=\"column-4\">6 days, 12 hours, 56 minutes<\/td><td class=\"column-5\">307<\/td>\n<\/tr>\n<tr class=\"row-3\">\n\t<td class=\"column-1\">2<\/td><td class=\"column-2\">AS4134 CHINANET-BACKBONE No.31,Jin-rong Street<\/td><td class=\"column-3\">CN<\/td><td class=\"column-4\">1 month, 9 days, 19 hours, 22 minutes<\/td><td class=\"column-5\">256<\/td>\n<\/tr>\n<tr class=\"row-4\">\n\t<td class=\"column-1\">3<\/td><td class=\"column-2\">AS4837 CHINA169-BACKBONE CHINA UNICOM China169<\/td><td class=\"column-3\">CN<\/td><td class=\"column-4\">1 month, 23 days, 8 hours, 41 minutes<\/td><td class=\"column-5\">163<\/td>\n<\/tr>\n<tr class=\"row-5\">\n\t<td class=\"column-1\">4<\/td><td class=\"column-2\">AS48815 CRITICALCASE<\/td><td class=\"column-3\">IT<\/td><td class=\"column-4\">21 hours, 58 minutes<\/td><td class=\"column-5\">151<\/td>\n<\/tr>\n<tr class=\"row-6\">\n\t<td class=\"column-1\">5<\/td><td class=\"column-2\">AS46606 UNIFIEDLAYER-AS-1 - Unified Layer<\/td><td class=\"column-3\">US<\/td><td class=\"column-4\">2 days, 11 hours, 54 minutes<\/td><td class=\"column-5\">127<\/td>\n<\/tr>\n<tr class=\"row-7\">\n\t<td class=\"column-1\">6<\/td><td class=\"column-2\">AS53667 PONYNET - FranTech Solutions<\/td><td class=\"column-3\">US<\/td><td class=\"column-4\">13 days, 3 hours, 37 minutes<\/td><td class=\"column-5\">105<\/td>\n<\/tr>\n<tr class=\"row-8\">\n\t<td class=\"column-1\">7<\/td><td class=\"column-2\">AS16276 OVH<\/td><td class=\"column-3\">FR<\/td><td class=\"column-4\">5 days, 22 hours, 6 minutes<\/td><td class=\"column-5\">104<\/td>\n<\/tr>\n<tr class=\"row-9\">\n\t<td class=\"column-1\">8<\/td><td class=\"column-2\">AS60144 THREE-W-INFRA-AS -- TRANSIT --<\/td><td class=\"column-3\">NL<\/td><td class=\"column-4\">9 days, 10 hours, 37 minutes<\/td><td class=\"column-5\">83<\/td>\n<\/tr>\n<tr class=\"row-10\">\n\t<td class=\"column-1\">9<\/td><td class=\"column-2\">AS13335 CLOUDFLARENET - Cloudflare, Inc.<\/td><td class=\"column-3\">US<\/td><td class=\"column-4\">13 days, 7 hours, 5 minutes<\/td><td class=\"column-5\">67<\/td>\n<\/tr>\n<tr class=\"row-11\">\n\t<td class=\"column-1\">10<\/td><td class=\"column-2\">AS37963 CNNIC-ALIBABA-CN-NET-AP Hangzhou Alibaba<\/td><td class=\"column-3\">CN<\/td><td class=\"column-4\">1 month, 2 days, 0 hours, 1 minutes<\/td><td class=\"column-5\">66<\/td>\n<\/tr>\n<tr class=\"row-12\">\n\t<td class=\"column-1\">11<\/td><td class=\"column-2\">AS8342 RTCOMM-AS<\/td><td class=\"column-3\">RU<\/td><td class=\"column-4\">10 days, 8 hours, 9 minutes<\/td><td class=\"column-5\">63<\/td>\n<\/tr>\n<tr class=\"row-13\">\n\t<td class=\"column-1\">12<\/td><td class=\"column-2\">AS36352 AS-COLOCROSSING - ColoCrossing<\/td><td class=\"column-3\">US<\/td><td class=\"column-4\">16 days, 9 hours, 57 minutes<\/td><td class=\"column-5\">53<\/td>\n<\/tr>\n<tr class=\"row-14\">\n\t<td class=\"column-1\">13<\/td><td class=\"column-2\">AS3462 HINET Data Communication Business Group<\/td><td class=\"column-3\">TW<\/td><td class=\"column-4\">17 days, 6 hours, 19 minutes<\/td><td class=\"column-5\">51<\/td>\n<\/tr>\n<tr class=\"row-15\">\n\t<td class=\"column-1\">14<\/td><td class=\"column-2\">AS23650 CHINANET-JS-AS-AP CHINANET jiangsu province<\/td><td class=\"column-3\">CN<\/td><td class=\"column-4\">3 days, 11 hours, 50 minutes<\/td><td class=\"column-5\">51<\/td>\n<\/tr>\n<tr class=\"row-16\">\n\t<td class=\"column-1\">15<\/td><td class=\"column-2\">AS3462 HINET Data Communication Business<\/td><td class=\"column-3\">TW<\/td><td class=\"column-4\">17 days, 6 hours, 19 minutes<\/td><td class=\"column-5\">51<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<!-- #tablepress-64 from cache -->\n<p>&nbsp;<\/p>\n<p><strong><em>rb-<\/em><\/strong><\/p>\n<p><em>abuse.ch offers the URLhaus black list for free to help protect your networks and users from malware. You can get more details from abuse.ch <a href=\"https:\/\/abuse.ch\/#projects\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>here<\/strong><\/a>.<\/em><\/p>\n<p>&nbsp;<\/p>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/gizmodo.com\/why-experts-are-skeptical-of-ibms-new-commercial-quantu-1831617788\" target=\"_blank\" rel=\"noopener noreferrer\">US Tops Global Malware C2 Distribution<\/a> (<a href=\"https:\/\/www.darkreading.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Dark Reading.com<\/a>)<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>US &#038; China are home to 2\/3 of the top malware hosting networks. The overall average malicious site takedown time is over a week according to abuse.ch<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3161,3185,1570,3187,35,3190,3188,3122,3189,23,4,3191,3186],"class_list":["post-90266","post","type-post","status-publish","format-standard","hentry","category-security","tag-3161","tag-abuse-ch","tag-alibaba","tag-asn","tag-china","tag-china-unicom","tag-chinanet","tag-cloudflare","tag-digitalocean","tag-malware","tag-security","tag-unifiedplayer","tag-urlhaus"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/90266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=90266"}],"version-history":[{"count":4,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/90266\/revisions"}],"predecessor-version":[{"id":127513,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/90266\/revisions\/127513"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=90266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=90266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=90266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}