Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Amazon, GoDaddy: Top Malware Hosts Per Threat Report

By - Source: Toms IT Pro

If an individual or organization wanted to create a public storefront or test a cloud application, then using a cloud service provider (CSP) to host it would be a convenient and cost effective choice. Based on a 2013 Q4 threat analysis report from research firm Solutionary, cybercriminals would agree.

The report generated by Solutionary's Security Engineering Research Team (SERT) dispels the urban myth that all cybercriminals and malicious domains come from shadowy and unknown regions on the other side of the world (although many still do). The report released on Wednesday indicates that the U.S. is a favorite location for cybercriminals to host their malware with a reported 44% of hosted malware finding a home here. According to SERT, this percentage validated previous research and was expected since malware hosting was closely related to the distribution of web hosting. 

The top 10 list of providers hosting malware placed Amazon at the top with 16%. GoDaddy was second at 14%, and in third place was LeaseWeb with 13%. The top 10 list represents about 29% of the total ISP market that SERT estimated at 22,000 market members.

Although Amazon and GoDaddy had the dubious distinction of being at the top of the hosting list, the SERT report mentioned "that while some malicious actors are using the big providers directly (or compromising hosts on them), that a significant number of the actors are finding alternate providers." Those alternate providers would be the other 71% of the ISP market. However, the report further indicated that of the top 10 malware sites for all hosting providers and countries, AWS was hosting the top malware sites ranked in the 1, 3, 5, and 9 positions.

What makes AWS ideal for most entrepreneurs is its ease of use, fast startup, scalability, and reasonably low cost. As with any business, the more customers and revenue you have coming in, the more capacity you can purchase. In addition, having a legitimate and trusted address means the business is less likely to be considered a potential risk by a customer. As indicated by SERT's report, the same business model works just as well for illegal business activities operating on the web.

An example of a malware package designed for profit were files identified by SERT hosted primarily on AWS and European hosting provider OVH. The malware, designed to masquerade as legitimate software, uses commercially available, and totally legitimate installation packaging.

"When installed, the adware searches for the default browser and uses it to conduct its primary activities. This infection is designed specifically to make money. It generates Web traffic, collects sales leads for other dubious sites and displays pre-defined advertisements and sponsored links within the Web browser,"the SERT report indicates.

The scheme involves tricking users into installing malware so that an organization can commit fraud and make money. Because the software is hosted on a legitimate site, the user feels secure. What was particularly troubling was that, according to the report, none of the 750 samples of the files collected by SERT was recognized by any of the 46 antivirus software packages used by SERT.

SERT's report indicates that a trusted site can just as easily distribute malware as an untrusted site. While AWS was mentioned many times in the report, and will likely work to remove or block malware distribution channels located on their site, a point that should not be missed is that cybercriminals are going to use the same technology that most organizations use to do business. When an organization believes a technology is safe, there will likely be a cybercriminal out there working on ways to exploit that assumption to their benefit.

[ Get IT news updates right in your inbox -- Sign up for Tom's IT Pro's Weekly Newsletter ]



Bill Oliver has worked in IT as a techie, trainer, manager, and in business roles supporting IT for 20+ years.  For the past 12 years his focus has been on the business side of IT Contracts, Software Licensing, and all things related to IT Purchasing.

More by Bill Oliver