Malware Patrol has maintained a database of malicious URLs and IOCs since 2005. We often receive emails from our users about “popular” and “important” domains being present in our block lists and data feeds, and that this must be a mistake. It didn’t take much time for us to become aware of a widespread – and dangerous – assumption that domains owned by trusted brands don’t host malicious files.
Unfortunately, many of us are learning the hard way that malware can be found on the most commonly frequented domains. The same applies to other sites that users often assume are safe, such as government and educational organizations. Our database currently shows the following:
- 1,601 active malicious files hosted on the likes of Amazon, Dropbox and Google
- 127 files hosted on government sites in Bosnia and Herzegovina, Brazil, China, Italy, Jamaica, USA, Taiwan and Vietnam
- Malware hosted by educational institutions in Brazil, China, Hong Kong, Poland, Portugal, Russia, Taiwan, the United States and Vietnam.
Each of these organizations employs rigid controls to avoid the upload of malware but the validation of millions of files every day is an enormous task, and a resource-taxing for limited budgets. And while the incidence of malware on these sites is a very small fraction of all files hosted by these services, it only takes one malware infection to cause damage to your company, encrypt your files for a ransom or secretly steal financial and proprietary information.
The management of this risk is why threat intelligence and malware protection mechanisms are so important today. Recent studies show that 99% of the surveyed companies employ some type of anti-spam systems. Certainly most, if not all of them, have firewalls in place, and anti-virus software installed and updated on endpoints. But all of that is not enough and malicious email messages, files and links continue to successfully make their journey to unsuspecting victims, infecting them with malware and ransomware.
Although blocking access to well known domains may cause issues (and generate lots of complaints!), particularly for the end users of security departments or the customers of managed service providers and cloud security brokers, it is equally important to acknowledge the dangers that may reside on them. Managing access without impacting productivity or customer satisfaction is just one of the many challenges facing security professionals today. To help our enterprise customers with this task, we’ve created customized feeds correlating various IOC data, allowing them to identify legitimate risks at a more granular, i.e. less restrictive, level. If you have specific data needs, contact us to inquire about how we can help your organization.