Posted by Maxim Weinstein
Wed, 30 Jul 2008 18:45:00 GMT
In June we released a report with numbers from late May, showing the network blocks containing the largest numbers of badware sites reported by Google. Here are updated numbers from early July:
| # of badware sites |
AS block name |
| 26792 |
CHINANET-BACKBONE No.31,Jin-rong Street |
| 13250 |
BIZLAND-SD – Endurance International Group, Inc. |
| 8582 |
CHINA169-BACKBONE CNCGROUP China169 Backbone |
| 5311 |
CHINANET-SH-AP China Telecom (Group) |
| 5203 |
AOL-ATDN – AOL Transit Data Network |
| 3845 |
CNCNET-CN China Netcom Corp. |
| 2544 |
CRNET_BJ_IDC-CNNIC-AP China Tietong Telecommunication Corporation |
| 2525 |
THEPLANET-AS – ThePlanet.com Internet Services, Inc. |
| 1865 |
SOFTLAYER – SoftLayer Technologies Inc. |
| 1348 |
CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation |
Note: A network block owner is not always the owner or operator of the infected servers on that block, and our publication of these data is intended to inform and educate, not to assign blame.
Overall, the numbers have decreased significantly as a result of Google more aggressively scanning previously-flagged sites and removing stale entries. A few other notable changes:
- Google is no longer on the top 10 list, probably as a result of more aggressive rescanning of their own sites after they have been cleaned.
- Also dropping from the top 10 are European web hosting company iEurop and Chinese network provider Beijing Dian-Xin-Tong Network Technologies Co., Ltd.
- New on the list is AOL, a StopBadware.org partner. Most or all of the infected sites are from their Hometown service, which offers free blogging and web hosting. (Like Google’s Blogspot, free accounts on Hometown are targeted by spammers and other bad actors as a means to create bogus websites containing or linking to badware.) AOL tells us that they are taking quick action against the sites and the user accounts involved.
- Also new on the list is Endurance International Group. (Endurance is now the parent company of iPowerWeb, which led our list over a year ago.) Endurance told us that as soon as they received notice from us about these infections, they identified thousands of malware redirects on their customers’ sites and took action, including removing the redirects, notifying the customers, and forcing the users to reset their passwords. They also took steps to look for and respond proactively to similar malware in the future.
Posted in all | Tags aol, endurance, Google, stats, stopbadware
Posted by Maxim Weinstein
Fri, 11 Jul 2008 17:01:00 GMT
A new report [pdf] from Commtouch, an e-mail security vendor, indicates that “zombies” (PCs infected with bots that send spam and malware) are geographically much more dispersed than we found infected websites to be. Turkey led the world by a small margin, with 11% of the ten million zombie IP addresses analyzed, while the U.S. was in 9th place with 4.3%.
Not mentioned in the report is that some of the countries near the top of the list, including Turkey, Germany, and Poland, must have very high “zombies per Internet user” rates, as these countries have far fewer users, yet more total zombies, than the U.S. Perhaps all the work that has been done here at home in the last few years to educate users about PC security is having some effect. Still a long way to go, though, if we have 4+ million zombies in the country.
Posted in all | Tags commtouch, stats, stopbadware
Posted by Maxim Weinstein
Mon, 07 Apr 2008 13:33:00 GMT
Oliver posted some great stats early this morning showing the networks and individual IP addresses with the largest number of infected sites. Some might be wondering why Google appears so high on a list of sites that Google itself has flagged as potentially harmful. Our colleagues at Google (disclaimer: Google is a sponsor of StopBadware.org) tell us that these sites represent infected Blogspot blogs and that Google takes these down quickly after identifying them as bad. Sometimes, they don’t get around to rescanning and removing them from their list of bad URLs right away, which is why they continue to show up in our data and in our Clearinghouse. Apparently, though, the sites are no longer a threat.
We have also been in touch with ThePlanet.com, and they say they are working to clean up the infected sites hosted on their network.
If anyone has any knowledge of how to contact the various Chinese providers listed, please let us know at contact@stopbadware.org.
Posted in all | Tags stats, stopbadware
Posted by Oliver Day
Sun, 06 Apr 2008 02:26:00 GMT
| Infections | AS Name
|
| 67771 |
CHINANET-BACKBONE
No.31,Jin-rong Street |
| 24540 | CHINA169-BACKBONE CNCGROUP China169
Backbone |
| 13263 |
CHINANET-SH-AP China Telecom (Group) |
| 8222 |
DXTNET Beijing Dian-Xin-Tong Network
Technologies Co., Ltd. |
| 7602 |
CNCNET-CN China Netcom Corp. |
| 3772 |
GOOGLE – Google Inc. |
| 3455 |
THEPLANET-AS – ThePlanet.com
Internet Services, Inc. |
| 2650 |
CNNIC-GIANT ZhengZhou GIANT Computer
Network Technology Co., Ltd |
| 2624 |
CMNET-V4SHANGHAI-AS-AP Shanghai
Mobile Communications Co.,Ltd. |
| 2493 |
ASN-THEPLANET-4 – ThePlanet.com
Internet Services, Inc. |
[note] All data provided by Google and Team Cymru
Tags asn, stats, stopbadware
Posted by Oliver Day
Sun, 06 Apr 2008 01:48:00 GMT
| IP Address | Infections | CC | AS Name |
| 72.14.207.191 |
3722 |
US |
GOOGLE - Google Inc. |
| 60.28.237.31 |
1403 |
CN |
CHINA169-BACKBONE CNCGROUP China169 Backbone |
| 218.244.143.169 |
1201 |
CN |
DXTNET Beijing Dian-Xin-Tong Network
Technologies Co., Ltd. |
| 209.63.57.10 |
1050 |
US |
INTEGRATELECOM - Integra Telecom, Inc. |
| 205.178.145.65 |
848 |
CA |
NETWORK-SOLUTIONS - InterNIC Registration
Services |
| 209.62.72.189 |
824 |
US |
ASN-THEPLANET-4 - ThePlanet.com Internet
Services, Inc. |
| 221.11.172.166 |
742 |
CN |
CHINA169-BACKBONE CNCGROUP China169 Backbone |
| 209.51.196.242 |
728 |
US |
COLUMBUSNAP - The Columbus Network Access
Point, Inc. |
| 221.4.242.60 |
687 |
CN |
CHINA169-GZ CNCGROUP IP network China169
Guangzhou MAN |
| 211.151.91.66 |
678 |
CN |
CHINA-ABITCOOL Abitcool(China) Inc. |
[note] all data provided by Google
Tags stats
Posted by Erica George
Thu, 07 Feb 2008 22:08:00 GMT
One of the most popular resources at StopBadware is our Badware Website Clearinghouse, which has information about websites that have been reported as potentially harmful by one of our partners. The Clearinghouse pages for websites that Google has flagged also are linked from Google’s warnings for the sites.
Now you can see which of those Clearinghouse pages are the most popular. We’ve set up a traffic monitor that automatically displays the top Clearinghouse pages, by visits to our website. You can view today’s top sites, this week’s, this month’s and this year’s data. Check out our new top sites page to see which website reports have been generating the most interest.
Posted in all | Tags clearinghouse, stats, stopbadware, transparency
|
