Top 50 Bad Hosts, Q2 2010
hostexploit is pleased to present the Q2 2010 report on the ‘Top 50 Bad Hosts and Networks’. At rank #1 in the report, Demand Media/eNom (USA) earns the label of ‘worst host’ from security analysts at hostexploit, taking over the top spot from Ecatel (Netherlands). A detailed analysis shows high levels of Internet ‘badness’ and cybercriminal activity hosted by Demand Media/eNom in their role as a hosting provider.
Using data, supplied by SiteVet.com, together with Open Source Security data partners, hostexploit has released an updated HE Index of the worst internet hosting operators around the world. Compiled by actuarial analysis on data provided from all 34,748 public ASes (Autonomous Systems), the HE Index is presented as an easy-to-understand ‘badness’ rating, on a scale of 0 to 1000, published in tables and charts. With a focus on the worst aspects of cybercriminal activity, the HE Index also takes into account factors such as: size of network; potential for the hosting of botnets; distribution of malware, exploits, rogues and spam.
hostexploit’s unique quantitative study using data across a range of respected data sources produces a more comprehensive analysis on the ‘where’ of Internet hosting ‘badness’ and cybercriminal activity than other current methodologies.
Key findings from the ‘Top 50 Bad Hosts and Networks’ report include:
The United States has 38% (19 out of the Top 50) of providers hosting Internet badness.
6 out of the Top 50 or 12% are based in Russia; 4 or 8% are based in The Netherlands.
At rank #1 is Demand Media / eNom (US) with an HE Index of 307.5. A detailed analysis shows high levels of botnet command & control servers, badware, malicious URLs, and high levels of abuse via eNom-registered, parked and hosted domains.
The vast majority of the world’s commercial Internet hosts, ISPs and servers operate effective abuse procedures with a low tolerance for hosting badness. 94.2% of the 34,748 ASes compared had an HE Index of 25.0 or lower, indicating low levels of abuses.
‘Bad’ hosts are concentrated into 5.8% of all providers.
Disclosure in the ‘Q1 Top 50 Bad Hosts’ report has been helpful to a number of hosts. Some in contact with us have made good progress in resolving badness and abuse issues, with decreases by as much as up to 90%.
“We whole-heartedly support the vast majority of hosting providers who do a good job in the prevention of cybercriminal activities. For this reason we also highlight the ‘Top 10 Good Hosts’ to emphasize that when proper abuse controls are in place, organized criminal gangs are prevented from sheltering under the protection of legitimate businesses.
“The security and wider internet community can play an active role in calling for more stringent enforcement of abuse policies. The power of community action should not be underestimated, as illustrated in the recent exposure and demise of malware-serving hosts such as Troyak, and others.”
The ‘Top 50 Bad Hosts’ report explores the implications of criminal involvement in terms of global security. It should be seen as a benchmark for law enforcement agencies, Internet crime monitoring bodies and the Internet community as a whole.
The free report can be downloaded in PDF form at HostExploit.com
The quantitative analysis of each of the 34,748 ASes now with daily updates can be viewed on SiteVet.com
hostexploit.com is an informative, community-based website dedicated to exposing world-wide internet malpractice, backed by Nominet Trust. A foremost source of information on rogue and malicious networks, hostexploit is widely-respected for its research reports and daily news feeds, as well as community reports exposing the RBN (russian business network), Atrivo, McColo, Real Host, and others.
SiteVet is a tool aimed at the security research and web development community, providing historical and current data on Domains, IPs, ASNs and Cnets across a wide range of blacklists.
This one-stop research tool provides information that will aid internet marketers, security researchers, web developers/masters, and general internet users, in choice of hosting, selection of domains and the security of servers and DNS systems.