Amazon and GoDaddy Are the Biggest Malware Hosters 76
An anonymous reader writes "The United States is the leading malware hosting nation, with 44 percent of all malware hosted domestically, according to Solutionary. The U.S. hosts approximately 5 times more malware than the second-leading malware-hosting nation, Germany, which is responsible for 9 percent of the detected malware. The cloud is allowing malware distributors to create, host and remove websites rapidly, and major hosting providers such as Amazon, GoDaddy and Google have made it economical for malicious actors to use their services to infect millions of computers and vast numbers of enterprise systems."
Expected (Score:5, Insightful)
Spinning this as a national issue is like saying "California has far more car accidents than Rhode Island." Of course it's true, but the US is far larger than (say) Germany, and has the largest hosting providers in the world. It would be a great surprise if the US wasn't in the lead.
Re:no way the biggest hosts (Score:5, Insightful)
Amazon, with its immense resources, should be one of the cleanest hosts on the planet. They can afford, using their spare change, to staff a 24x7 abuse desk with very senior people. The budgetary impact wouldn't even be a blip. And with the right people, suitably empowered, they could keep their operation nearly free of malware, phishing, spam, and other forms of abuse. They're far better positioned to do this than many smaller operations, who couldn't possibly afford it.
But they haven't. Why not? Is it because they don't know? Unlikely. Of course they know. Is it because they don't know how to address it? Equally unlikely. Of course they do. They have some smart people on staff. No, they know what the problem is AND they know how to fix it.
They just don't want to.
Because even as (relatively) small as those costs would be, it's still cheaper for them to externalize them to the entire rest of the Internet, and let all of us deal with it. So rather than taking professional responsibility for their own operation, they've decided to just blow it off. After all: who's going to make them?
I would say the same about GoDaddy, but it's not true. They actively support, encourage, and endorse spam, malware, phishing and every other form of abuse. They have from the beginning, only their method of lying about it has changed. (And don't forget GoDaddy's own history of self-promoting spam.) But once again: who's going to make them do anything differently?
Until operations are held accountable for their actions -- which is something that we USED to do on this network, a long time ago -- most won't bother. And that is, in large part, why problems like spam and phishing and malware are epidemic.
Re:no way the biggest hosts (Score:4, Insightful)
Of course they make money. Plain and simple: never credit consipacy where sloth was the problem.
Yeah, they gain by being sloppy. But there's not a single law enforcement entity that gives a flying fleep, either. Do you see the FBI jumping in to save the day? Har. CIA? I'm ROFL. Justice Dept? ho ho ho. FTC? Huh?
But you didn't tell me: how do you know what's malware and not, so that a judge doesn't throw out a warrant or an order? And you didn't tell me: what kind of secondary auth is going to be acceptable? And you didn't tell me how they're going to police it-- parse incoming streams? Audit what are supposed to be private sites? With what? Updated with what?
Grow up.
Re:no way the biggest hosts (Score:5, Insightful)
First, you have a working RFC 2142 role account address: abuse@ your domain. You pay attention to what shows up there. You reply promptly. You engage. After all, if someone is doing your job for you and doing it on THEIR dime, the least you can do is take advantage of it. Moreover, if you manage to do this reasonably well, word will get out, you'll earn the respect of your peers, and they will reward you with more reports -- again, doing your work for you for free.
Worth noting is that Amazon makes it nearly impossible to communicate with their abuse desk and fails to respond to reports in any way, let alone a timely one. And it's well known that GoDaddy frequently forwards them to the abusers.
Second, you pay attention to netflows. If a virtual host instance is opening up TCP connections on port 25 to a kazillion hosts/hour, then it's spamming. Any kind of perfunctory monitoring will spot this and a hundred other similar things in real time.
Third, you pay attention to who's behind the incidents. If you don't, then they'll just sign up over and over and over again. So you work to avoid that, by looking at the who, what, where, when patterns -- and you ban repeat offenders. This isn't watertight, of course -- but it doesn't need to be. If you raise the bar high enough, they'll just go somewhere else, which reduces your workload and lets you focus more tightly on what's left.
Fourth, you look at usage patterns. Most web sites do NOT display global usage patterns, particularly those which are connected to a domain registered yesterday. (Think about it.) If you observe that, then something's up: it might be legitimate. It's almost certainly not. The same thing applies to other services and other protocols.
Fifth, if you're Amazon, you have a highly paid legal staff. Use them. Smack the crap out of a few particulaly egregious offenders in court. Make it noisy so that everyone else knows you're doing it. Again, this doesn't have to be watertight; it just has to discourage miscreants.
Finally (and I'm stopping here for brevity, there's a lot more), do all this publicly. Encourage your peers to do the same. Challenge them. Raise the collective bar, not just your own. Cooperate with your competitors.
All of this costs money. Not a stupid amount of money, but it does cost. Which is why it almost never gets done (see previous post).