Swiss non-profit threat sharing, Abuse.ch, announced its platform has managed to takedown 100,000 malware distribution sites in 10 months in a recent project which consisted of sharing malicious URL used for distribution.
Abuse.ch’s URLhaus project was launched last year to collect malicious URLs by allowing anyone to sign up with a Twitter account to report malicious URL’s.
Afterwards the system will download and analyse the site’s payload in an attempt to identify it before submitting it to Anti-Virus vendors and blacklist providers such as Google Safe Browsing, Spamhaus DBL and SURBL, according to a Jan 21 blog post.
Since its launch, more than 265 researchers from across the globe have submitted an average of 300 malware a day while URLhaus in average counts between 4,000 and 5,000 active malware distribution sites every day.
From this data, researchers found that on average, malware distribution sites are active for eight days, 10 hours, and 24 minutes, allocating enough time for threat actors to infect thousands of devices every day.
From the sites reported, two-thirds of the top malware hosting networks were hosted in either the U.S. or China and the top three Chinese malware hosting networks averaged an abuse reaction time of more than a month.
“I do also hope that the Chinese hosting providers wake up and start taking care about the abuse problems in their networks in time,” researchers said in the post. “Having malware distribution sites staying active for over a month is just not acceptable.”
Researchers noted the majority of malware distributed sites tracked by the platform are related to Emotet propagated through spam in the form of malicious office documents containing macros.
In order to thwart these threats, it's important that the associated malware sites are cleaned up and removed in a timely manor by the hosting providers responsible.