In a report just issued, hostexploit researchers have delivered an analysis of “The Top 50 Bad Hosts and Networks,” recognizing the worst Websites worldwide for policy abuses and cybercriminal activities.

 

Research by hostexploit and extensive data from community sources have been applied to a unique combination of scientifically weighted mathematical equations, with an emphasis on the various aspects of cybercriminal activity, resulting in a “badness” rating called the HE Index. This rating has been used to compile a table of the Top 50 Bad Hosts and Networks. The report can be downloaded for free from HostExploit.com.

 

This definitive list of “Bad Hosts” is also split into smaller tables defined by sector so that the worst hosts of the cybercriminal activities that we have all, unfortunately, become so familiar with -- such as spam, malware, phishing, exploit servers, botnets, and badware -- can be seen in terms of mini-HE Indexes.

 

It needs to be stressed that most of the hosts listed were simply lax in enforcing responsible security policies, which enables undesirable activities to carry on unhindered via their resources. However, this isn’t the case for “Exploit Servers,” as these are the points that, for example, collect stolen IDs from perhaps thousands of infected Websites.

 

Activity is displayed by country as well as by specialist sector, giving a clear indication that some types of activity are favored by particular regions or countries. An example of this is the cluster of Brazilian hosts in the “Spammers” league table. In that country, high bandwidth and poor Internet controls create the perfect environment for a high incidence of this type of criminal activity.

 

This research has produced some surprising results and reaffirmed other assumptions. For instance, when breaking hosts down by country, it was no surprise to find that Russia topped the “Bad Host” league, but one surprising aspect was that all this bad activity originated from only five Russian hosting services.

 

On the other hand, China was fairly low in the table (tenth), a surprise given its huge number of IP addresses -- 106,854,912 on a few ASNs. This spread appears to have a damage limitation effect, despite the high incidence of general crimeware in China. Or perhaps the Chinese government’s control over abuses is having an effect on hosts.

 

One peculiar incidence of note from two servers in China at the same physical address: One server came out as fifth worst in the world, yet the other came in as one of the cleanest!

 

Exposing levels of badness found on hosting sites and networks in this way highlights the part that hosts play in the cycle of cybercriminal activity. It is hoped that the methodology used in the compiling of a “security index” for hosts could become a consumer standard. Hopefully, the “thumbs down” could become a driving force for hosts and networks to enforce abuse policies.

 

It has to be said, though, that it is not all bad news. In compiling a “worst of” table, hostexploit was also able to find instances of good or responsible hosting, and credit should be given where it is due. This resulted in a “Best Host” award for 10 good hosts listed. And just as it is hoped that providers will want to avoid being labeled as “Bad Hosts,” providers will be pleased to receive a hostexploit “Good Host” award.

 

But let’s leave the best for last. First, here’s who topped the “Bad Hosts” list:

Here is the table of Top Hosts for specific categories:

 

Table 1: