Google's New Malware Dashboard: Incero's on the Top 10

Discussion in 'The Pub (Off topic discussion)' started by manacit, Jun 26, 2013.

  1. manacit

    manacit New Member

    108
    43
    May 17, 2013
    I was checking out Google's new Malware Dashboard when I found this:

    [​IMG]

    Looks like someone needs to go through and do some cleaning! 

    Check the link earlier though, the malware dashboard is a pretty nice tool!
     
  2. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    Looks like a lot of people have cleaning to do. I wouldn't say Incero is worth highlighting though. High on the list because it's sorted by percentage but the number of scanned sites is fairly low. Although I'm certain Gordon won't be terribly pleased by the result regardless ;)
     
    Last edited by a moderator: Jun 26, 2013
  3. kaniini

    kaniini Beware the bunny-rabbit! Verified Provider

    497
    236
    Jun 18, 2013
    The most annoying aspect of Google's security efforts is that, at least in my experience, they don't notify the netblock operator of the compromised/attack sites, so you find out about them later.

    I really wish they would do that, it doesn't seem like it would be too difficult for Google to send out a notification mail when it encounters a hacked site.
     
  4. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Wait... wait... but...

    Google says they've only scanned 7% of Incero's ASN.

    Of that, 19% of the sites scanned therein contain malware --- that's 1-in-5.  Quite high. 

    Not Gordo's fault, but certainly needs some top down house cleaning.

    Does Google offer some more details on this --- like the specific sites, IPs, etc.?
     
  5. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Google is like that... They love making messes, banning people, breaking things, etc.  It's all about big, fat, ugly piles of data.

    Providing email notifications, well that might be deemed providing a service and people might then complain they weren't mailed in the future or more likely, that when nothing turns up on site/IP and they can't get it delisted and the auto-bots continue, no one is home for support at Google.
     
  6. manacit

    manacit New Member

    108
    43
    May 17, 2013
    Yeah I'm surprised they don't just file a notification to [email protected] or whatever the registered contact is - you'd think it would be in everyone's best interest.

    Despite their entire ASN not being scanned, as of now they are one of the top malware providers (by %) in the USA, according to Google. Whether or not that's actually true, however, would require a bit more data. 
     
  7. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    I mean, if I had 2 IPs and 1 had malware I'd be #1 on that list ;)

    Still a lot though you're right. I wish it gave more detail.
     
  8. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    True Jarland, true.

    Google shaming providers now.  Hopefully they don't go banning ASNs like they do with search engine results where malware found.  Too much power welding by the G'men.
     
  9. HalfEatenPie

    HalfEatenPie The Irrational One Retired Staff

    2,890
    1,386
    Mar 25, 2013
    HalfEatenPie
    Title has been revised due to merge with a different thread of similar discussion.  
     
  10. maounique

    maounique Active Member

    349
    112
    May 29, 2013
    Well, we are having problems with Spamhaus.

    After years of successful cooperation they deem us spam heaven and escalate every incident to block even further without even notifying.

    So far /23 is blocked and next time probably the whole ASN.

    Too much power to those people, nobody to actually check what their motivations are, whom they hate and why.

    Prometeus spammer heaven, cool, last time I checked at reputable lists we didnt have more than a handful of IPs and we eliminated them all the time.

    Did Spamhaus stop spam ? No, this is like the war on islam or drugs, it will never be won, just some guys will make some cool dough because of it.

    At least something good is coming out of this, we no longer have spammers signing up already :p

    Hosting emailers is a bad business, even legit ones, most ppl "mark as spam" instead of unsubscribing what they subscribed, is faster that way and then this never stopped real spammers.

    When the war on something makes more colateral damage than the actual good and helps some ppl get a lot of power instead, then it is just another kind of a religious/ideological war. Good for the government, bad for the people.
     
    Last edited by a moderator: Jun 26, 2013
  11. jarland

    jarland The ocean is digital

    873
    562
    Apr 4, 2013
    That's terrible. I second that these organizations need to be given less power or they need to be more transparent in providing details for their actions. It's them who decided this was the service they want to provide, and it's the ISPs who decide if they're worth giving power to. Perhaps it's time for people to start massively lobbying the ISPs to demand a change.
     
  12. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
     

    +1 for transparent... and...

    They need to staff humans for support to deal with problems and get quick resolution/steps to resolve matters when needed.
     
  13. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    Seems to be hit and miss, I suppose. Several of the Spamhaus techs know me on a first name basis, and I've never had any issues getting listings dealt with *shrug*
     
  14. maounique

    maounique Active Member

    349
    112
    May 29, 2013
    The detail they gave was that their "customers" are annoyed by what comes from our customers (which is what, both incidents were from spamvertized sites, not actual spam, we catch port 25 junk pretty quick) and we need to work much harder, probably a canned reply. I doubt anyone actually checks there and they have autoresponders lately.

    For 5 k IPs with 5 at most IPs listed in various lists that expire them after 1 week, which actually means some 5 a week is a very good result if you ask me.

    We wont pay them anything (nor did they ask, to be honest, unlike other lists that have "delisting" prices), it is actually better to be blacklisted, as I said, hosting emailers is bad business and I will write a tutorial on how to use the free mandrill to send a few mails that forums and similar software need as well as monitoring tools. Customers know (and if they dont, we can prove it all the time with reputable lists) that we are not hosting spammers. We even delete DNS of those when we get notified.
     
  15. maounique

    maounique Active Member

    349
    112
    May 29, 2013
    Strange, we were removed from the list of spammer heavens...

    I wonder what made them change their mind :eek:
     
  16. rds100

    rds100 New Member Verified Provider

    733
    300
    May 18, 2013
    Last edited by a moderator: Jun 27, 2013
  17. H4G

    H4G New Member Verified Provider

    61
    19
    Jun 22, 2013
    I asked Gordon about it, he says:

     
  18. Steven F

    Steven F New Member Verified Provider

    475
    147
    Jun 27, 2013
    We don't know what Google's methods are. They may specifically only target sites that they believe are malware, meaning that 30% of the domains they scanned may have malware, but that's 19% of sites they suspected which is 2% of Incero's overall network. That would mean it's closer to .5% of Incero's servers are malware, which may seem a bit high, but it's not so crazy. Think hundreds of servers, possibly thousands of VMs.

    Just a thought.
     
  19. maounique

    maounique Active Member

    349
    112
    May 29, 2013
    Cool, signed up too.

    This is a plague, even our forum has been targetted by malware, somehow the attacker managed to load a script instead of a picture as avatar taking advantage of improper sanitization. As such any folders where user content can be uploaded have been made readonly :p

    However, wordpress is a disaster, probably bigger than kloxo or zpanel in terms of exploits.