Blogs
HostExploit presents the latest report on the Top 50 Bad Hosts and Networks, for Q4 2011.
There is one common denominator in cybercrime – it is hosted, served, or trafficked by some host or network operator somewhere. It could be assumed that such a succinct, yet true, statement should yield, in return, an equally concise solution. In fact, it provides only a place to start, albeit a very good one, in the complex world of cybercrime.
It has been a few years since the HostExploit "Top 50 Bad Hosts and Networks" reports began, during which time we have published, each quarter, the results of our analysis on all the world’s publicly-announced Autonomous Systems (ASes) which are serving and delivering, unwittingly or otherwise, malicious activities.
Luckily, we are not alone in seeing the value in presenting this comparative data (see report for a full list of our community partners). Through a range of charts and tables we give an overview on where internet badness is located. The aim is to encourage service providers to "clean up" and to be proactive in stopping the cybercriminal activities found on their servers.
Also, once again, Group-IB, Russia and the CIS’s leading computer security company (specializing in the investigation of computer crime, information security breaches, and computer forensics) collaborated with us to publish our report in both English and Russian.
Recently in the UK, close to my home, there have been riots. Hearing stories of children, adults and, of course, 'youths', murdering, mugging and looting has been a scary experience. Some people blame the parenting of the generation, perhaps the news uncovers a different story as the riots involved not just youths, but a thirty-one year old teacher, eleven year olds, men, women, children and people of all races. One common factor was the technology that provided the means to communicate and without doubt helped the riots to gather momentum.
Nearly half of all UK teenagers now have a smartphone according to Ofcom. In March 2011, Ofcom found BlackBerry to be the most popular choice (37%) for young adults and teens. This also represents the largest age group of the rioters and many reports have linked the use of BlackBerrys to the spreading of messages about the riots.
Young people like the BlackBerry Messaging services (BBM) because it is free to use, can be used as often as liked and messages can be sent to as many people as wanted in a short space of time. Before the riots, BlackBerry BBM was untraceable – this made it easy to communicate information about the location and timing of planned riots.
Seeing this as a violation of its service, BlackBerry may now have to change some of its terms so that messages can be traced by the authorities. Although technology isn't to blame for these acts, it has been used as a tool to help criminals organise their crimes.
Somewhat controversially, two men have received four years imprisonment each for inciting looting and rioting by the use of social networking sites. They invited friends and family to meet "behind maccies" to go looting and rioting. Meanwhile, rioters are not the only ones using the Internet as a means to an end. The Police have been using Twitter to name and shame rioters and looters, spreading photos on Facebook and other social networking sites in the belief that everyone is connected to everyone else through six steps, a sort of six degrees of separation technique. Some people think this is morally wrong, but perhaps naming and shaming is the best thing for the current situation. If the people involved in the situation are made an example of they are less likely to repeat the same behaviour and they are less likely to be copied.
Technology has also been used to try to save some of the communities that were in danger of being destroyed by the riots. Local people to the riots, came out and cleared up the mess in the true spirit of community action. There are countless Facebook pages and events with thousands of people taking part in "Operation Cup of Tea", an attempt to rescue what they see as lost communities. This shows the internet can be used also to support and help all of those who have lost something, whether its faith in the human race or their home.
These types of actions are signs that the Internet can be used for good. Other similar examples can be found around the world for instance WikiCrimes, a website for the anonymous reporting of crimes that maps hotspots and raises awareness about pockets of crime. WikiCrimes is big in Brazil with other South American countries following this lead.
The Internet is a powerful tool and I hope the actions of a few will not lead to the disadvantage of the majority.
If you find yourself under any form of peer pressure on the internet, to take part in any type of activity, you can find help and advice on a number of websites. Here are a few suggestions:
- KidsHealth – Dealing With Peer Pressure
- About.com - Peer Pressure
- BBC - Peer Pressure
- P.U.R.E. - Peer Pressure
The UK Police has a helpful site with information about reporting local crime and links to helpful advice on a number of subjects.
Welcome to our feature: "A Teen Talks Cyber Security".
We are pleased to welcome a new guest blogger, Faye Shippam. As a victim of cyberbullying Faye has turned her attention to helping others in a similar position and will be posting her views as well as providing help and advice on the subject of cyber security.
Faye is a student, edits her college magazine and wants to spread the message about staying safe online further afield. She is also into marine biology, likes running and is a self-confessed 'utter' animal lover. So enjoy Faye's blogs here...
We are pleased to report that the #1 Bad Host and crime server from last quarter's report - AS29106 VolgaHost, has been taken off-line, as from January 17th 2011.
This has occurred on the back of the recent de-peering of several major bulletproof hosts - so called for their support of known centers of cybercrime.
VolgaHost is well known to HostExploit. It topped our ranking of ‘Bad Hosts’ for the 4th quarter of 2010, having been ranked #3 in the two previous quarters.
As the following chart shows, it earned its placing due to the number of botnet Command & Control (C&C) servers it was hosting, as well as significant levels of malicious URLs, Zeus and exploit servers:
Click image to view full size.
As a test of its capabilities during BETA development, SiteVet has produced data on the world's worst web hosts (specifically, Autonomous Systems). This data was produced for HostExploit in conjunction with the report released this month.
The top bad hosts are shown below; click each one for further details and break down reports brought to you by SiteVet. You can also take the demo tour to find out what Sitevet will be able to do for you.
As SiteVet moves out of BETA development, detailed reports will be available for every active AS this will coincide with HostExploit becoming a conclusive source for information on the worst and best hosts globally and the respective reasons.
| HE Rank | HE Index | AS Number | Name | Country |
|---|---|---|---|---|
| 1 | 269.9 | AS30407 | VELCOM - Rcp.net | CANADA |
| 2 | 225.7 | AS23522 | IPNAP-ES - GigeNET | UNITED STATES |
| 3 | 179.7 | AS16276 | OVH OVH | FRANCE |
| 4 | 159.5 | AS41665 | HOSTING-AS National Hosting Provider, Hosting.UA | UKRAINE |
| 5 | 158.7 | AS4134 | CHINANET - BACKBONE No.31,Jin-rong Street | CHINA |
| 6 | 151.7 | AS49637 | ZHM-AS PE Zavalnuk Vladislav Mihailovich | KAZAKHSTAN |
| 7 | 147.9 | AS32613 | IWEB-AS - iWeb Technologies Inc. | CANADA |
| 8 | 142.2 | AS10929 | Netelligent Hosting Services Inc | CANADA |
| 9 | 140.3 | AS28753 | NETDIRECT AS NETDIRECT Frankfurt, DE | GERMANY |
| 10 | 135.4 | AS49314 | NEVAL PE Nevedomskiy Alexey Alexeevich | RUSSIAN FEDERATION |
| 11 | 127.6 | AS49365 | GR-VERTICAL-AS | RUSSIAN FEDERATION |
| 12 | 122.8 | AS23456 | RESERVED-AS assigned by IANA | UNKNOWN/NOT APPLICABLE |
| 13 | 120.3 | AS48445 | FAVN Favorit Network SL | SPAIN |
| 14 | 116.3 | AS21607 | DEPLOYLINUX - DeployLinux Consulting, Inc | UNITED STATES |
| 15 | 116.3 | AS14280 | NETNATION - NetNation Communications Inc | CANADA |
| 16 | 114 | AS21844 | THEPLANET-AS - ThePlanet.com Internet Services, Inc. | UNITED STATES |
| 17 | 113.6 | AS48031 | NOVIKOV-AS IP Novikov Aleksandr Leonidovich | RUSSIAN FEDERATION |
| 18 | 112.6 | AS15135 | EVERYDNS ASN | UNITED STATES |
| 19 | 111.7 | AS21740 | DemandMedia AS DemandMedia eNom | UNITED STATES |
| 20 | 111.6 | AS15435 | KABELFOON | NETHERLANDS, THE |
| 21 | 111.5 | AS30083 | SERVER4YOU - Hosting Solutions International, Inc. | UNITED STATES |
| 22 | 110.8 | AS16265 | LEASEWEB LEASEWEB AS | UNITED STATES |
| 23 | 109.2 | AS32181 | ASN-ECOMD-COLOQUEST - GigeNET | UNITED STATES |
| 24 | 105.6 | AS3595 | GNAXNET-AS - Global Net Access, LLC | UNITED STATES |
| 25 | 104.5 | AS23352 | SERVERCENTRAL - Server Central Network | UNITED STATES |
| 26 | 102.9 | AS6713 | IAM-AS | MOROCCO |
| 27 | 102.1 | AS30058 | FDCSERVERS - FDCservers.net | UNITED STATES |
| 28 | 101.5 | AS19969 | JOESDATACENTER (AKA AARONSNET) | UNITED STATES |
| 29 | 100.7 | AS8206 | JUNIK-RIGA-LV JUNIKNET Autonomous System | LATVIA |
| 30 | 100.5 | AS24940 | HETZNER-AS Hetzner Online AG RZ-Nuernberg | GERMANY |
| 31 | 100.3 | AS32244 | LIQUID-WEB-INC - Liquid Web, Inc. | UNITED STATES |
| 32 | 97.1 | AS9121 | TTNET TTNET AUTONOMOUS SYSTEM | TURKEY |
| 33 | 95 | AS41671 | SERVER-UA-AS SERVER.UA UKRAINE DEDICATED SERVICE | UKRAINE |
| 34 | 91.6 | AS3257 | TISCALI-BACKBONE Tiscali Intl Network BV Formerly Nacamar Data Communications, Germany | GERMANY |
| 35 | 91.5 | AS8560 | ONEANDONE-AS 1&1 Internet AG (SCHLUND) | GERMANY |
| 36 | 90.3 | AS29629 | INETWORK-AS IEUROP AS | FRANCE |
| 37 | 90.1 | AS44042 | ROOT root eSolutions | LUXEMBOURG |
| 38 | 90 | AS9929 | China-Netcom-Corporation China Netcom Corporation | CHINA |
| 39 | 90 | AS44349 | MEDLAIF-AS PP Medlaif | UKRAINE |
| 40 | 89.2 | AS43689 | DANKON-AS Dankon Ltd. | RUSSIAN FEDERATION |
| 41 | 89.2 | AS4837 | CHINA169 - BACKBONE CNCGROUP China169 Backbone | CHINA |
| 42 | 88.8 | AS15149 | EZZINET Ezzi.net (A Service of AccessIT) | UNITED STATES |
| 43 | 86.8 | AS15244 | ADDD2NET-COM-INC-DBA-LUNARPAGES | UNITED STATES |
| 44 | 86.4 | AS6849 | UKRTELNET JSC UKRTELECOM, | UKRAINE |
| 45 | 86 | AS19318 | NJIIX-AS-1 - NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC | UNITED STATES |
| 46 | 85 | AS16557 | COLOSOLUTIONS - Colo Solutions, Inc. | UNITED STATES |
| 47 | 84.9 | AS35908 | VPLSNET - VPLS Inc. d/b/a Krypt Technologies | UNITED STATES |
| 48 | 84.7 | AS35118 | SMARTLOGIC-AS SmartLogic Ltd | RUSSIAN FEDERATION |
| 49 | 84.7 | AS46475 | LIMESTONENETWORKS | UNITED STATES |
| 50 | 83 | AS26496 | PAH-INC - GoDaddy.com, Inc. | UNITED STATES |
HostExploit is pleased to present the next report in the Top 50 Bad Hosts & Networks series, for the period of 2011 Q3. For the second consecutive quarter, the report is published in collaboration with Russian security company Group-IB. Both English and Russian versions of the report are available to download now:
Download the English report (PDF) here.
Download the Russian report (PDF) here.
Download the Russian report (PDF) here from Group-IB.
This year has been characterized by frequent reports of hacks and data breaches with little change in Q3 2011 in a seemingly never ending outflow of data from organizations struggling to cope with the demands of ever changing technologies.
Social engineering is now acknowledged as a leading threat to organizations and businesses of all sizes with many lacking the resources to control this multi-faceted problem. The rise of personal gadgets used within the workplace brings its own set of problems too. Key to countering cybercrime in its many forms and guises is to raise awareness and to educate users/employees/IT personnel about current threats and the places that they are likely to come from.
More Articles...
Page 1 of 6
Latest Blogs
-
Cybercrime-Friendly Hosts or Industry Victims?HostExploit presents the latest report on the Top 50 Bad Hosts and Networks,...
-
Bulletproof Cybercrime Hosting & the CloudHostExploit is pleased to present the next report in the Top 50 Bad Hosts &...
-
UK Riots and the Internet: How They Destroyed LivesRecently in the UK, close to my home, there have been riots. Hearing stories...
- 1
- 2
- 3
