2008-04-17

The Top 25 World's Exploit Hosts and Servers - Issue 1: The Base

The Top 25 World's Exploit Hosts and Servers, deals with a holistic problem, requiring a holistic solution, "HostExploit.com" will attempt to be part of the solution.



With the increasing subversion of the DNS (Domain Name System) by the now widespread automated domain generation in the 100’s to 1,000’s per week by the exploiters. This combined with the usage of armies of virtually untraceable P2P (Peer to Peer) directed botnets and undetectable polymorphic viruses and malware. It may appear increasingly difficult for the community to even block such threats let alone reduce them. This involves the whole area of internet security and network security.


Table 1. - The Top25 World's Exploit Hosts and Servers




However, this route is controversial and hitherto a taboo subject; i.e. the hosts, registrars, and servers. Whether it is; spam, exploits, malware, spyware or even botnet control, the domains are registered, the web sites are hosted or served by an organization, i.e. the 'web host' and are assigned an AS # (Autonomous System) by ICANN. To commence we begin exposing the 'Top 25 World's Exploit Hosts and Servers' these alone serve and provide an estimated 80%+ of all the bad stuff on the Internet, infect; good servers, good websites, and overall are a scourge to the average internet user .



Why controversial or taboo?


- It is complex - Yes it is, however through already man years worth of detailed research and even more community references we will partition into manageable chunks. So will add downloadable lists, rules, block information, and educational explanation where possible . Commencing as we do here with a top down 'peeling the onion' approach.


- It involves big money, in most cases many $millions - As we unfold this subject we will provide focused details on a particular 'Exploiting Host' with the economics involved, where possible. It is our view that because an organization makes a great deal of money and exploits or spams the average user, whether 'intentional exploiters' e.g. Atrivo or 'allowed themselves to be highly infected' e.g. The Planet, does not exclude it from exposure.


- Many innocent or grey web sites may suffer due to the few - this will undoubtedly be the case . A major technique for the exploiters is to hide the needle in the haystack , however we and most Internet users would argue, this is not our problem. It is the problem for the host or server, if they are legitimate they will or should move heaven and earth to clean up their act for the benefit of the legitimate webmasters, and more importantly the . For the innocent webmasters, why are you still hosting your web site with these hosts and servers anyway?



In the final analysis this is about choice. Choice for the average PC user to reduce the threat of being exploited, the ISP (Internet Service Provider) to assist in 'prevention' for their users, the hosts, servers, and DNS registrars, to not just take an anonymous client and probably stolen credit card. Authorities such as ICANN are well aware of this increasing problem, perhaps this helps create the groundswell for them to act on behalf of the 99% of Internet users.



Useful Article Links:



Article Downloads - Top 25 csv, IP block lists


SecureWorks - Top Spam Botnets


ICANN - Advisory on Fast Flux Hosting and DNS


DNS Education - How Domain Servers Work