Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,573

    [EN] Spamhaus Botnet Summary 2016

    In 2016, one out of five SBL listings was for a botnet C&C server.

    Thomas Morrison
    2017-01-17

    2016 was a busy year for existing and emerging cyber threats. In the past year, Spamhaus researchers issued listings for over 7,000 botnet Command & Control ("C&C") servers on more than 1,100 different networks. These C&C servers enabled and controlled online crime such as credential theft, e-banking fraud, spam and DDoS attacks.

    ...



    Overall botnet hosting (compromised websites, compromised servers, fraudulent sign-ups):


    Rank C&Cs 2016 C&Cs 2015 Network Country
    1 395 385 ovh.net France (FR)
    2 257 143 godaddy.com United States (US)
    3 167 183 endurance.com United States (US)
    4 144 197 hetzner.de Germany (DE)
    5 128 170 ispserver.com Russia (RU)
    6 118 106 colocrossing.con United States (US)
    7 98 172 cloudflare.com United States (US)
    8 89 50 quadranet.com United States (US)
    9 83 73 digitalocean.com United States (US)
    10 75 121 worldstream.nl Netherlands (NL)
    11 71 26 blazingfast.io Ukraine (UA)
    12 71 89 choopa.com United States (US)
    13 69 3 chinanet-js China (CN)
    14 69 108 softlayer.com United States (US)
    15 68 126 heg.com Great Britain (GB)
    16 68 103 itl.ua Ukraine (UA)
    17 68 6 virpus.com United States (US)
    18 66 137 leaseweb.com Netherlands (NL)
    19 65 24 timeweb.ru Russia (RU)
    20 65 46 uk2group.com Great Britain (GB)


    (continua)
    Última edição por 5ms; 18-01-2017 às 11:35.

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,573

    Fraudulent sign-ups

    However, compromised servers and websites are just part of the problem. The other part of the ongoing botnet problem are the fraudulent sign-ups. "Fraudulent sign-ups" are generally when a miscreant orders a server (e.g. VPS) at a hosting provider that is intended for the exclusive purpose of hosting a botnet controller. This means that the host running at such an IP address is not compromised; it is operated by cybercriminals. To ensure they are not traceable, cybercriminals use fake or stolen identities to place orders with service providers. Services are paid for using either stolen credit cards, compromised PayPal accounts or (anonymous) crypto-currency such as Bitcoin. Providers can battle such fraudulent sign-ups by doing proper customer verification. However, it is not unusual that a fraudulent sign-up can slip through the anti-fraud checks. Our article, "How hosting providers can battle fraudulent sign-ups", contains more information on this topic.


    Rank C&Cs 2016 C&Cs 2015 Network Country
    1 295 247 ovh.net France (FR)
    2 112 82 colocrossing.con United States (US)
    3 109 153 ispserver.com Russia (RU)
    4 79 119 hetzner.de Germany (DE)
    5 72 45 quadranet.com United States (US)
    6 69 24 blazingfast.io Ukraine (UA)
    7 68 3 chinanet-js China (CN)
    8 66 88 itl.ua Ukraine (UA)
    9 65 5 virpus.com United States (US)
    10 64 106 worldstream.nl Netherlands (NL)
    11 61 67 choopa.com United States (US)
    12 57 51 hostkey.ru Russia (RU)
    13 56 51 digitalocean.com United States (US)
    14 55 110 hostsailor.com United Arab Emirates (AE)
    15 53 66 leaseweb.com Netherlands (NL)
    16 49 64 heg.com Great Britain (GB)
    17 49 45 severius.nl Netherlands (NL)
    18 49 11 zomro.com Ukraine (UA)
    19 43 38 selectel.ru Russia (RU)
    20 41 33 qhoster.com Netherlands (NL)

    Note that this table shows the raw number of C&Cs on each provider. It says nothing about how long each botnet C&C was left active, or whether the provider heeded C&C reports from Spamhaus or not. In many cases, the volume of abuse originating from a provider is proportional to the size of the ISP or hosting provider's network and the number of customers.

    However, the table also contains a few smaller providers that you may never have heard of, but that have hosted disproportionately large numbers of C&Cs. These providers attract more cybercriminals than other providers. Why? There are several reasons that this may happen:

    • Employing the automated sign-up of new customers that skips or has inadequate fraud checking in place, thus allowing cybercriminals to set up C&Cs quickly.
    • Inadequately staffed abuse departments and/or lax abuse handling processes can allow cybercriminals to continue to operate for relatively long periods of time before their C&Cs are shut down.
    • The provider's datacenter might be located in a legal jurisdiction, province, or country that lacks sufficient resources to investigate and prosecute cybercrime, or that even actively encourages it.



    https://www.spamhaus.org/news/article/733/
    Última edição por 5ms; 18-01-2017 às 11:43.

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    18,573
    Hum. Quer dizer que a Softlayer aparece listada mas não Amazon AWS e Microsoft Azure, duas empresas que tive que bloquear *todos* os IPs no firewall tal o volume de spam, phishing, virus enviados a cada segundo. DE fato, na minha listinha, tem provedor muito mais comprometido com a bandidagem, criado para cometer crimes. Talvez a idéia seja enlamear marcas conhecidas.

    Fica a pergunta: será mesmo que a Microsoft vai deixar de vender Azure diretamente e está acabando com PAYG apenas para privilegiar revendas? Ou também está promovendo uma desratização?

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •