War against malware claims 100,000 malware distribution sites in 10 months

War against malware claims 100,000 malware distribution sites in 10 months

Microsoft issues fresh warning about nation-state actor Gadolinium

A collaborative effort aided by hundreds of cyber security researchers to identify and share links to websites that are being used for distributing malware has succeeded in destroying almost 100,000 malware distribution websites since it was launched in March last year.

The initiative was the brainchild of cyber security firm Abuse.ch who launched a new project called URLhaus in March with the objective of collecting URLs of malicious websites that were being used for distributing malware and sharing them with hosting providers.

Following its launch, URLhaus received hundreds of thousands of malicious URLs from 265 cyber security researchers, averaging 300 malware sites every day and has so far succeeded in taking down 100,000 such URLs. Abuse.ch aims to carry on its effort of identifying and reporting malicious URLs with greater success in the days ahead.

“URLhaus also managed to get the attention of many hosting providers, helping them to identify and re-mediate compromised websites hosted in their network. This is not an easy task, especially for large hosting providers that have tens of thousands of customers and hence a significant amount hijacked websites in their network that are getting abused by cybercriminals to distribute malware,” the firm said.

Hosting providers taking too long to shut down malicious sites

Even though URLhaus counts between 4,000 and 5,000 active malware distribution sites every day and frequently send out abuse reports to hosting providers, its efforts often get wasted because of the time taken by hosting providers to take down malware distribution sites which, at present, averages more than a week (8 days, 10 hours, 24 minutes), enough time for malware to infect thousands of devices.

While hosting providers based in the United States took between two and sixteen days to take down sites used for distributing malware, some hosting providers in China took well over a month to shut down such websites, thereby defeating the very purpose of the exercise.

“An average reaction time of more than a week is just too much and proofs a bad internet hygiene. I do also hope that the Chinese hosting providers weak up and start taking care about the abuse problems in their networks in time. Having malware distribution sites staying active for over a month is just not acceptable,” the firm said.

Based on an analysis of malware-distribution sites whose URLs were shared by security researchers, URLhaus found that a vast amount of the malware distribution sites were linked to Emotet which is usually distributed via spam emails. Once victims click on malicious links, Emotet is downloaded to their devices from already-compromised websites. The effectiveness of such spam campaigns can be reduced by taking down such compromised websites in quick time as well.

Other forms of malware that were being distributed widely by cyber criminals included the GandCrab ransomware, Gozi, Breitchopp adware, Dridex, Dorv, Slimware adware, Loki ransomware, AgentTesla, and Formbook.

ALSO READ: HMRC removed over 20,000 malicious websites that targeted taxpayers

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]