An Autonomous Systems or AS is a routing construct that represents a group of networks under the control of an organization (credit for edit :Max@badwarebusters.org). These form the “structure” of the Internet. These organizations can be thought of as web-hosting companies, large Internet-based companies or resellers of bandwidth and IP addresses. These are usually large organizations for whom simply getting an Internet connection and hosting a company for their website is not enough.
In recent months, the trend of benign websites being affected by code injection clearly show that attacks to inject malware into unsuspecting websites is on the rise. It is important to understand the profile of the ASes which are actually providing transit to infected websites hosted within their systems. Since each AS provides bandwidth and resources supporting the downloading of malware to computers which belong to unsuspecting visitors of a compromised website. ASes, more specifically hosting companies and other network operators (rather than ASes) should play a pivotal role in addressing compromised websites.
At StopTheHacker.com, we have conducted extensive experiments to analyze and profile over 20,000 ASes to identify which ASes are the worst offenders in terms of hosting Blacklisted websites. We have used Google safebrowsing data, also accessible via StopBadware.org, (which sources data from Google and Sunbelt)to identify and trend which ASes are responsible for the proliferation of badware on the Internet. We have correlated AS size with data available from CAIDA to determine whether larger ASes are more at fault or not.
We present some brief results below:
Below we present some graphs to highlight the percentage of blacklisted websites hosted by the top few ASes. Note that all AS rankings below are based on the number of websites analyzed by Google. An AS with rank 1 hosts more websites, analyzed by Google than an AS with rank 2.
Below follows the list of ASes, which host more than 10,000 sites each. Of those, at least 6% (600) are blacklisted by Google. Perhaps more attention needs to be focused on fighting malware from within these ASes. There are quite a few prominent web-hosting companies in this list. Note that all ASes below are ranked based on the number of websites analyzed by Google. An AS which appears earlier in the list hosts more websites, analyzed by Google than an AS which appears later on in the list.
ASN Name 21844 ThePlanet.com Internet Services, Inc. 4837 CNC 11798 Bluehost Inc. US 4812 CABLENETSWISS-HITTNAU Cablenetswiss CH 26347 New Dream Network, LLC US 29629 INETWORK-AS IEUROP AS FR 32244 Liquid Web, Inc. US 16265 LEASEWEB LEASEWEB AS NL 3786 LGDACOM LG DACOM Corporation KR 3595 Global Net Access, LLC US 32392 Ecommerce Corporation US 32613 iWeb Technologies Inc. CA 4847 CNIX 33182 HostDime.com, Inc. US 21788 Network Operations Center Inc. US 38356 TIMENET BeiJing Sincerity-times Network Technology Project Ltd. CN 15244 Lunar Pages US 25074 INETBONE-AS INET-People Provider Services DE 25532 MASTERHOST-AS .masterhost autonomous system RU 30496 Colo4Dallas LP US 12824 HOMEPL-AS home.pl autonomous system PL 9929 CNCNET-CN China Netcom Corp. CN 28753 NETDIRECT AS NETDIRECT Frankfurt, DE 11388 Peer 1 Dedicated Hosting US 9121 TTNET TTnet Autonomous System TR 13237 LAMBDANET-AS European Backbone of LambdaNet EU 9931 CAT-AP The Communication Authoity of Thailand, CAT TH 46475 Limestone Networks, Inc. US 29671 SERVAGE Servage GmbH DE 15685 Casablanca INT Autonomous system CZ 39392 SUPERNETWORK-AS SuperNetwork s.r.o. CZ 8342 RTCOMM-AS RTComm.RU Autonomous System RU 34104 TELETEK-AS TELETEK TELEKOMINIKASYON HIZMETLERI A.S TR 42910 SADECEHOSTING-COM Sadecehosting-Com TR 8358 INTERWARE-AS InterWare Autonomus System HU 25653 FortressITX US 26277 A+ Hosting, Inc. US 12363 DADA-AS DADA S.p.a. IT 23352 Server Central Network US 17964 DXTNET Beijing Dian-Xin-Tong Network Technologies Co., Ltd. CN 24400 CMNET-V4SHANGHAI-AS-AP Shanghai Mobile Communications Co.,Ltd. CN 30176 Priority Colo CA 4750 CSLOXINFO-ISP-AS-AP CSLOXINFO Public Company Limited. TH 32181 GigeNET US 27823 Dattatec.com AR 16557 Colo Solutions, Inc. US 5617 TPNET Polish Telecom's commercial IP network PL 39561 AGAVA Agava JSC AS number RU 19318 NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC US 9848 GNGAS Enterprise Networks KR