In June we released "a report":http://www.stopbadware.org/home/badwebs with numbers from late May, showing the network blocks containing the largest numbers of badware sites reported by Google. We released updated in "July":http://blogs.stopbadware.org/articles/2008/07/30/updated-infection-stats and "August":http://blog.stopbadware.org/2008/08/25/top-infected-network-blocks-for-mid-august. Here is another update from early October:
|_.# of badware sites |_.AS block name |
|35147|CHINANET-BACKBONE No.31,Jin-rong Street|
|9504|CHINA169-BACKBONE CNCGROUP China169 Backbone|
|6222|CHINANET-SH-AP China Telecom (Group)|
|4671|BIZLAND-SD – Endurance International Group, Inc.|
|4654|CNCNET-CN China Netcom Corp.|
|3302|THEPLANET-AS – ThePlanet.com Internet Services, Inc.|
|2460|CRNET_BJ_IDC-CNNIC-AP China Tietong Telecommunication Corporation|
|1632|SOFTLAYER – SoftLayer Technologies Inc.|
|1597|PAH-INC – GoDaddy.com, Inc.|
Note: A network block owner is not always the owner or operator of the infected servers on that block, and our publication of these data is intended to inform and educate, not to assign blame.
Compared to August, we see that Bizland/Endurance has dropped its number of infected sites by nearly 50%, though it still has several thousand, and Google and NetDirect are no longer on the list. GoDaddy is a newcomer to the list. I just got off the phone with the chief information security officer at GoDaddy, who let me know that they are using the list of infected URLs we provided them to notify customers, offer support in cleaning up the sites, identify the root cause of the infections, and develop proactive strategies for preventing and monitoring site compromises in the future.
