At the end of the March 2018, non-profit cybersecurity organization, abuse.ch, initiated a project called ‘URLhaus’ which brought researchers across the globe together with the intent to share URLs employed in malicious campaigns.
The project averaged a total of 300 submissions from more than 250 security researchers who took down around 100,000 websites involved in the distribution of malware.
It demanded the cooperation of various organizations which had the offensive websites hosted onto their infrastructure and while doing so, it was noticed that some of these companies did not take immediate remedial measures which left the compromised websites in action for a prolonged period.
Reportedly, the remedial measures were delayed the most by Chinese hosting providers who took a significant amount of time in responding to abuse reports and complaints against few websites’ participation in malicious acts.
“The three top Chinese malware hosting networks have an average abuse desk reaction time of more than a month!” reads the report by abuse.ch.
URLhaus, on a day-to-day basis, witnesses an average of 4,000 to 5,000 active malware distribution sites.
Notably, a total of 500 malware URLs were reported to ChinaNet, China Unicom, and Alibaba, however, none of them bothered with taking immediate remedial actions which left the compromised websites active for prolonged time periods, dissecting the durations: ChinaNet- one month and ~10 days, China Unicom- one month and 23 days and Alibaba- one month and 2 days.
On contrary, Critical Case in Italy is reported to be the fastest among all to take appropriate measures in response to URLhaus reports; it successfully attempted to get down 151 malicious URLs in just 22 hours. Another one was Unified Layer from the U.S, which is reported to have taken down 127 malicious URLs in a short period of two and a half days. The time taken to respond varied from organization to organization and in certain cases, it was extended up to three months.