Thursday, March 28, 2024

Security Researchers Globally take down Nearly 100K Malware Sites in the Period of 10 Months

The coordinated efforts were part of the URLhaus initiative that Abuse.ch launched in March 2018, and whose primary objective is to collect and share URLs about active malware campaigns so the information security (infosec) community can take action by blacklisting or taking down URLs.

In a report published today, Abuse.ch says the URLhaus project has been a resounding success, with 265 security researchers sharing URLs and filing abuse reports with web hosting providers over the past year.

The organization says that researchers shared between 4,000 and 5,000 active malware distribution sites per day, filing hundreds of abuse reports in the process.

The table below shows the top malware hosting networks, hosting active malware content (counting online malware distribution sites only as of Jan 20th, 2019). As you can easily spot, 2/3 of the top malware hosting networks are hosted either in the US or China.

URLhaus

The vast majority of malware links hosted payloads for the Emotet and Gozi trojans, and the GandCrab ransomware.

Emotet ruled the year 2018 – URLhaus

As for what the 265 security researchers have reported the most in the last ten months, the answer was not a surprise. Of the 380,000 malware samples that security researchers found hosted on newly created or hacked websites, the most common malware family was Emotet (also known as Heodo), a multi-faceted malware strain that can work as a downloader for other malware, a backdoor, a banking trojan, a credentials stealer, or a spam bot, among many other things.

URLhaus

Other popular malware strains that researchers spotted and reported included variations of the Gozi banking trojan, and installers for GandCrab, which is, by far, today’s most prevalent ransomware strain.

Because most of today’s email security scanners do a good job at detecting malicious file attachments, recent email spam campaigns don’t work as they did in the past.

Nowadays, many spam campaigns have switched from including the malware payload in the file attachment to add a link inside the email body that points to a website from where the victim is asked to download a malicious document or the malware’s installer.

“URLhaus wouldn’t be successful without the help of the community. But we are not where we should be yet. There is still a long way to go with regards to the response time of abuse desks. An average reaction time of more than a week is just too much and proves bad internet hygiene.” concludes abuse.ch.

Related Read

Android Released First Security updates for 2019 & Fixed 13 vulnerabilities – Update Your Phone Now

Spyware From Google Play as a Legitimate Android Apps That Infected 196 Country Users

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles