URLhaus Takes Down 100,000 Malware Sites within 10 Months
NEWS

URLhaus Takes Down 100,000 Malware Sites within 10 Months


URLhaus is a cybersecurity project launched by the well-known abuse.ch non-profit organization in Switzerland. The project is focused on sharing malicious URLs, and it just succeeded in taking down nearly 100,000 websites exploited for malware distribution.




The take-down operation requires the cooperation of hosting companies whose infrastructure was used. However, this is not an easy task since most companies tend to take the time to respond to such reports.

Related:
What are the most popular file extensions used to infect Windows computers? How to detect malicious file types and protect yourself from them in 2018?
Most Popular Windows File Types Used by Malware

More about URLhaus and Its Take-Down Operation

URLhaus was launched at the end of March last year, with the idea to collect and share URLs used for malware distribution. The 100,000 malware distribution sites were taken down within 10 months. It took 265 security researchers from around the world to identify and submit approximately 300 malware sites on a daily basis.

According to their own report on the matter, the project managed to “get the attention of many hosting providers, helping them to identify and re-mediate compromised websites hosted in their network”. Large hosting providers have tens of thousands of customers, a significant amount of which hijacked websites in their network that are getting abused by cybercriminals to distribute malware, the researchers said.

It is noteworthy that Chinese hosting providers took the longest to respond. “The three top Chinese malware hosting networks have an average abuse desk reaction time of more than a month,” the report says. More specifically, ChinaNet, ChinaUnicom and Alibaba left the compromised websites running for more than a month. The negligence to respond left 500 malware URLs active and running, hence spreading malware.

The most adequate response came from Unified Layer, a hosting provider in the United States.

Related:
A new plugin that exfiltrated email subjects and 16KB of the email bodies was detected in Emotet, and it is now used to improve phishing templates.
Thanksgiving Phishing Scam Delivers the Emotet Malware

Most Malware Sites Are Related to Emotet

The average number of active malware distribution sites that URLhaus counts is between 4,000 and 5,000 on a daily basis.

Emotet gets propagated through spam that hits users inbox almost every day, the researchers noted.

Malicious spam campaigns usually contain a rogue office document with macros, which upon opening and enabling automatically downloads and executes Emotet from the compromised website. There is a way for these campaigns to bypass spam filters, and it is to redirect to a compromised website hosting the malicious document rather than attach it to the email message.

There is still a long way to go with regards to response time of abuse desks, the researchers said in conclusion, hoping that hosting providers will improve their response rates and take the malware distribution matter seriously.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...