CSIRT-IE Reports on Active Malware Distribution Sites
Objective
CSIRT-IE primary focus, in regard to the following reports, is to identify sites, within the State, that are reported to be actively distributing malware. CSIRT-IE seek to, reinforce, the initial complaint sent by abuse.ch to the host responsible for hosting the affected site, by email, and to provide advice and recommendations on how to reduce the threat posed by a site that is reported to be actively distributing malware.
Source of Information
Abuse.ch is a research project at the Institute for Cybersecurity and Engineering (ICE) hosted at the Bern University of Applied Sciences (BFH) in Switzerland. The project's main goal is to identify and track cyber threats, with a strong focus on malware and botnets.
The abuse.ch project was first launched in 2006 by the Swiss security activist, Roman Hussy, after he began to study malware samples, that occasionally hit his personal mailbox, and to document his findings in a blog. From these small beginnings emerged abuse.ch. Roman Hussy continue to work on the project with the objective of helping the Information Technology (IT) community to combat cybercrime. By October 2020, both the infrastructure of abuse.ch and the data processed had expanded and grown considerably. See undermentioned table for details:-
The Infrastructure of abuse.ch & data processed - 26th Oct 2020
| No. | The Infrastructure of abuse.ch & data processed |
|---|---|
| 1. | Infrastructure consisted of almost 50 servers and 200 sandboxes |
| 2. | Over 130 terabytes (TB ) of network traffic generated per month |
| 3. | 2,000,000 Application Programming Interface (API) requests answered per day |
| 4. | Over 3000,000,0000 HTTP request handled per month |
| 5. | 80 gigabytes (GB) of data generated every day. |
On the 15th Aril 2021, abuse.ch became a research project at the Institute for Cybersecurity and Engineering (ICE) at the Bern University of Applied Sciences (BFH) in Switzerland. The resources of ICE enabled abuse.ch, to maintain and expand its infrastructure and to process and analyze data at scale, while donations from industry finance the project.
abuse.ch currently provides and maintain three (3) platforms where security researchers and threat analysts can share information on sites that are being used for malware distribution, samples of known malicious malware and indicators of compromise (IOCs).
Platforms maintained by abuse.ch
| No. | Platform | Description |
|---|---|---|
| 1. | URLhaus | Platform on which IT security researchers can collect and share information on URLs that are being used for distributing malware. |
| 2. | MalwareBazaar | Platform on which IT security researchers can share information on current malicious software ("malware"). |
| 3. | ThreatFox | Platform on which IT security researchers can exchange technical information on current cyber threats (Indicators of Compromise - IOCs). |
The free and open source threat intelligence provided by abuse.ch is utilised by the international Information Technology (IT) community to protect their infrastructure and networks from cyber attacks. To-date, abuse.ch has being responsible for identifying over 1.2 million sites that were being used for malware distribution, sites that were subsequently rendered harmless, and has analysed over 40 million malicious programs ("malware").
Roman Hussy continues to managed the project.
Ref: [Abuse.ch]