Thursday, April 18, 2024

Security Researchers Globally take down Nearly 100K Malware Sites in the Period of 10 Months

The coordinated efforts were part of the URLhaus initiative that Abuse.ch launched in March 2018, and whose primary objective is to collect and share URLs about active malware campaigns so the information security (infosec) community can take action by blacklisting or taking down URLs.

In a report published today, Abuse.ch says the URLhaus project has been a resounding success, with 265 security researchers sharing URLs and filing abuse reports with web hosting providers over the past year.

The organization says that researchers shared between 4,000 and 5,000 active malware distribution sites per day, filing hundreds of abuse reports in the process.

The table below shows the top malware hosting networks, hosting active malware content (counting online malware distribution sites only as of Jan 20th, 2019). As you can easily spot, 2/3 of the top malware hosting networks are hosted either in the US or China.

URLhaus

The vast majority of malware links hosted payloads for the Emotet and Gozi trojans, and the GandCrab ransomware.

Emotet ruled the year 2018 – URLhaus

As for what the 265 security researchers have reported the most in the last ten months, the answer was not a surprise. Of the 380,000 malware samples that security researchers found hosted on newly created or hacked websites, the most common malware family was Emotet (also known as Heodo), a multi-faceted malware strain that can work as a downloader for other malware, a backdoor, a banking trojan, a credentials stealer, or a spam bot, among many other things.

URLhaus

Other popular malware strains that researchers spotted and reported included variations of the Gozi banking trojan, and installers for GandCrab, which is, by far, today’s most prevalent ransomware strain.

Because most of today’s email security scanners do a good job at detecting malicious file attachments, recent email spam campaigns don’t work as they did in the past.

Nowadays, many spam campaigns have switched from including the malware payload in the file attachment to add a link inside the email body that points to a website from where the victim is asked to download a malicious document or the malware’s installer.

“URLhaus wouldn’t be successful without the help of the community. But we are not where we should be yet. There is still a long way to go with regards to the response time of abuse desks. An average reaction time of more than a week is just too much and proves bad internet hygiene.” concludes abuse.ch.

Related Read

Android Released First Security updates for 2019 & Fixed 13 vulnerabilities – Update Your Phone Now

Spyware From Google Play as a Legitimate Android Apps That Infected 196 Country Users

Website

Latest articles

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...

WAAP/WAF ROI Analysis

Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles