One of the lessons we’ve learned in recent years is that online attacks can come from anywhere. Viruses and spyware were more common to pornography and pirate download web sites five years ago. Today, even the most reputable web sites might be the source of online mayhem. In fact, so-called “watering hole” attacks that exploit legitimate web sites and use them as honey pots to lure the intended victims are all the rage among sophisticated attackers. (For evidence of this, see our recent story on the compromise at the web site of The National Journal, a publication for Beltway policy wonks.)
But the Internet still has its dark alleys and bad neighborhoods. And they’re still the source of a lot of malicious activity – especially in connection to run of the mill crimes like spam and phishing attacks. That’s the conclusion of research done by students at the University of Twente’s Centre for Telematics and Information Technology (CTIT), which studied 42,000 Internet Service Providers (ISPs) and found that just 20 (.05%) were responsible for nearly half of the IP addresses linked to spam e-mail.
The study said that these “bad neighborhoods” were the source of a lion’s share of the spam, phishing and other undesirable activity online. In many cases, the IPSs themselves appeared dedicated – in large part – to propagating malicious traffic. In one case, 62% of the IP addresses at one ISP were related to spamming activity, the study found.
The research was conducted by Giovane César Moreira Moura, a PhD student in the Design and Analysis of Communication Systems department at CTIT. Moura worked with Prof. Boudewijn Haverkort and Dr Aiko Pras, monitoring and analyzing network data from tens of thousands of ISPs. He found that malicious activity was concentrated in limited “zones,” or areas in which the IP addresses show strong similarities, per ISP, or even per country. Spam, he discovered, mostly comes from southern Asian nations, while Phishing attacks mostly originate in the developed world, including the U.S.
You can read more about the research or request a copy of Moura’s thesis here.