U.S. has the top Security Agencies like NSA, FBI to tackle cyber crime and terrorism with their high profile surveillance technologies, but even after that U.S is proudly hosting 44% of the entire cloud based malware distribution.
With the enhancement in Internet technology, Cloud computing has shown the possibility of existence and now has become an essential gradient for any Internet Identity.
Cloud services are designed in such a way that it is easy to maintain, use, configure and can be scaled depending upon the requirement of the service being provided using the CLOUD technology with cost effective manner.
Due to the Easy and Cost effective alternative of traditional computing, Malware writers are using the big cloud hosting platforms to quickly and effectively serve malware to Internet users, allowing them to bypass detection and geographic blacklisting by serving from a trusted provider.
Hiding behind trusted domains and names is not something new. According to recently published SERT Q4 2013 Threat Intelligence Report, the malware distributors are using Cloud Services from Amazon, GoDaddy and Google like a legitimate customer, allowing them to infect millions of computers and vast numbers of enterprise systems.
The Cloud-based hosting services let malware distributors to avoid the detection because repeatedly changes IP addresses and domain names to avoid detection. Amazon and GoDaddy were identified as the top malware-hosting providers, with a 16 percent and a 14 percent share, respectively.
Major Additional findings include:
United States hosts 4.6 times more malware than the next leading country.
58% of malicious files obtained were identified as HTML files, 26% were directly executable.
Many malware developers and distributors are utilizing social engineering tactics, including the use of trusted keywords and services, to evade detection and increase potential infection counts.
A single malicious domain was spread across 20 countries, 67 providers and 199 unique IPs evade detection.
The SERT Research team collected a large number of samples from more than 12,000 Registrars, 22,000 ISPs (Internet Service Providers) and tested all malicious packages with more than 40 antivirus engines, output of which is concluded below:
Malware on Amazon and GoDaddy Cloud Services
The majority of the top malware sites is domains commonly associated with the Potentially Unwanted Applications (PUA), more commonly known as adware, type of malware distributions.
“Researchers found that a significant portion of the malware sampled consisted of Microsoft Windows 32-bit Portable Executable (PE32) files being used to distribute pay-per-install applications known as potentially unwanted applications (PUAs).”
The report claimed that these malware is undetectable from over 40 anti-virus engines, that can act as a gateway for exploits and more than half of malware found being distributed by HTML web pages.