CSIRT-IE - Active Malware Distribution Site(s) Report

Objective

CSIRT-IE primary focus, in regard to the following reports, is to identify sites, within the Jurisdiction, that are reported to be actively distributing malware.  CSIRT-IE seek to, reinforce by e-mail, the initial notification and complaint sent by abuse.ch to the Internet Service Provider (ISP) responsible for hosting the site identified to be actively distributing malware, and to provide additional information on the source of the report together with advice and recommendations on how to reduce the threat posed by a site that is reported to be actively distributing malware.

Source of Information

Abuse.ch  is a research project at the Institute for Cybersecurity and Engineering (ICE) hosted at the Bern University of Applied Sciences (BFH) in Switzerland.  The project's main goal is to identify and track cyber threats, with a strong focus on malware and botnets.  

The abuse.ch project was first launched in 2006 by the Swiss security activist,  Roman Hussy, after he began to study malware samples, that occasionally hit his personal mailbox, and to document his findings in a blog.  From these small beginnings emerged abuse.ch.  Roman Hussy continue to work on the project with the objective of helping the Information Technology (IT) community to combat cybercrime.   By October 2020, both the infrastructure of abuse.ch and the data processed had expanded and grown considerably, as indicated by the data contained in the undermentioned table.

The Infrastructure of abuse.ch & data processed - 26th Oct 2020

No. The Infrastructure of abuse.ch & data processed
1. Infrastructure consisted of almost 50 servers and 200 sandboxes.
2. Over 130 terabytes (TB ) of network traffic generated per month.
3. 2,000,000 Application Programming Interface (API) requests answered per day.
4. Over 3000,000,0000 HTTP request handled per month.
5. 80 gigabytes (GB) of data generated every day.

On the 15th Aril 2021, abuse.ch became a research project at the Institute for Cybersecurity and Engineering (ICE) at the Bern University of Applied Sciences (BFH) in Switzerland.   The resources of ICE enabled abuse.ch, to maintain and expand its infrastructure and to process and analyze data at scale, while donations from industry finance the project.

abuse.ch currently provides and maintain six (6) platforms where security researchers and threat analysts can share information on sites that are being used for malware distribution, samples of known malicious malware and indicators of compromise (IOCs).

Platforms maintained by abuse.ch

No. Platform Description
1. URLhaus. Platform on which IT security researchers can collect and share information on URLs that are being used for distributing malware.
2. MalwareBazaar Platform on which IT security researchers can share information on current malicious software ("malware").
3. ThreatFox Platform on which IT security researchers can exchange technical information on current cyber threats (Indicators of Compromise - IOCs).

The free and open source threat intelligence provided by abuse.ch is utilised by the international Information Technology (IT) community to protect their infrastructure and networks from cyber attacks.   To-date, abuse.ch has being responsible for identifying over 1.2 million sites that were being used for the distribution of malware, sites that were subsequently rendered harmless,  and has analysed over 40 million malicious programs ("malware").

Roman Hussy continues to managed the project.

Ref:  [Abuse.ch]