Over 100,000 malicious sites taken down in last 10 months as a part of URLhaus project

• The project, dubbed as ‘URLhaus’ was launched at the end of March 2018.
• During the past 10 months, these researchers were responsible for identifying and submitting an average of 300 malware sites each day.

Abuse.ch team, along with the help of information security community, had launched a project in order to deal with the websites that distributed malware. And as a part of the project, nearly 100,000 malicious sites have been identified and taken down over the course of 10 months.

About 'URLhaus'

The project, dubbed as ‘URLhaus’ was launched at the end of March 2018. It included around 265 researchers from across the world. During the past 10 months, these researchers were responsible for identifying and submitting an average of 300 malware sites each day. Overall, the ‘URLhaus’ project tracked between 4,000 to 5,000 active malware distribution sites per day.

One of the major challenges faced by the researchers was the amount of time taken to remove a malware-laden website. A malware distribution site remained active for over a week before it was taken down completely. This is enough time for the attackers to infect around thousands of devices every day.

“Having a look at the average takedown time doesn't make the situation any better: In average, malware distribution sites stay active for more than a week (8 days, 10 hours, 24 minutes). That's more than enough time to infect thousands of device every day,” said Abuse.ch team in a blog post.

Moreover, the average takedown time for a Chinese malware distribution site was found to be more than a month.

Emotet is a popular malware

The researchers collected around 380,000 malware samples that were propagated via websites over last 10 months and it was found that Emotet trojan is a popular malware among the hackers.

The malware strain can work as a downloader for other malware, a backdoor, a banking trojan, a credential stealer and a spam bot.

“Emotet gets propagated through spam that hits users inbox almost every day. These malspam campaigns usually contain a malicious office document with macros. Once the victim opens the document and enables macros, it will automatically download and execute Emotet from a compromised website,” said the Abuse.ch team.

Other popular malware strains that researchers found in huge number were Gozi trojan (with 12,800 samples) and GandCrab ransomware.

Furthermore, it was found that a large number of malicious sites were hosted in China.

“URLhaus wouldn’t be successful without the help of the community. But we are not where we should be yet. There is still a long way to go with regards to response time of abuse desks. An average reaction time of more than a week is just too much and proves a bad internet hygiene,” said the abuse.ch team.