This is one major achievement the cybersecurity community can be proud of—instead of advising users to take steps to protect their systems from malware, a team of researchers went straightaway into action and took down 100,000 sites that had malicious content.
And the significance of this achievement can only be appreciated when you learn that this was done by all of 265 independent researchers from around the world.
The group formed a community of their own, called URLhaus, and owned the responsibility to report the offending URLs to the companies hosting these sites, ensuring they were taken off the grid.
This record of actions was taken over a period of 10 months, beginning in March 2018.
A Majority of Hosting Servers in the U.S. and China
It might not come as a surprise that the list published by the researchers shows that most of the URLs and sites hosting them are based in the United States and China.
The details have been posted, along with the names of the malware found on the individual sites.
Once the URL is identified and reported, the researchers would blacklist the site and tell the hosting company to withdraw the hosting arrangement for the URL.
They have now proudly shared the details to the public as the number of URLs blacklisted has crossed 100,000.
It is now reported that they succeeded in pooling in as many as 4,000 to 5,000 websites that were engaged in spreading malware.
Emotet Tops the List
Now if you are keen to know which particular malware appeared most through these 100,000+ URLs, then the answer is Emotet.
This malware was practically found all over and was repeatedly noticed and reported.
Emotet appears to have dominated the malware market throughout 2018. Cybersecurity experts know it by another name too, “Heodo.”
This malware is capable of precipitating a variety of damages to your computer; it can also steal data and act as a Trojan.
There was another dangerous malware detected through the efforts of these researchers, called “Gozi.”
This is a known banking Trojan and was repeatedly found on the malicious URLs.
GandCrab is another well-known malware exposed during reports of ransomware cyberattacks.
Still Some Way to Go Before the Mission Is Accomplished
URLhaus feels they have some work to do before this menace of malware can be eliminated.
One of the issues that the cybersecurity experts have to contend with is the way the hosting companies react to their reports of malicious URLs.
They found that companies, particularly those based in China, took too long to take action.
The report by Abuse.ch names a couple of them, including Alibaba, China Unicom and China Net.
They would take over a month before the URLs were taken off their servers. This let the offending websites carry on their mischief for many days, even after they were called out.
Having said this, the report goes on to appreciate the quick response they got from some companies.
The website hosting company Critical Case, located in Italy, took less than 24 hours to dump URLs reported by URLhaus. There were at least 151 of them.
The team has put up the whole list containing the names of the website hosting companies, the countries they are located in and the time they took to remove the URLs.
Lastly, on how URLhaus came to carrying out this complete exercise, these cybersecurity experts and researchers did an analysis on how hackers had changed the way they went about implanting their malware and went about collecting the URLs that distributed the malware.
But during March-April 2018, they might not have thought they would get this far. Their efforts continue.