Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday 23 May 2012

File hosts + Malware

Over the years, we've seen file hosting being abused to house malicious payloads that are either downloaded by a "dropper", or are used in the likes of drive-by attacks.

One of the most common ones abused today, is of course, dropbox.com. However, over the past 24 months, I formed a fantastic relationship with them that has proven extremely effective in getting the malware removed extremely quickly. One of the methods criminals such as those at hackforums.net, are using to get past this, is by setting up their own dedicated file hosts. Just some off the top of my head include;

filehold.net
litetb.com
dlandexe.com
exehost.net
wss-coding.com
zalil.ru
botz.in
rghost.net
dox.abv.bg
ge.tt
downloadexecute.com

I've been successful in getting a few suspended, and others not so successful (yet), thanks in part, to lack of co-operation from the likes of eNom, NameCheap and CloudFlare etc. Some that have been suspended, such as filehold.net, have re-appeared elsewhere and re-suspended, and as of 24-48 hours ago, re-appeared yet again.

The latest to be suspended, is dlandexe.com, which kept allowing and encouraging, malicious files to be uploaded (not surprising, the owner of the site is an active member of a blackhat forum).

The blackhat scanners these use to check if their file is detected, includes;

chk4me.com
elementscanner.net
my-avscan.net
metascan.org
scan4you.net

If you've not already got a block on the above file hosts, I'd strongly recommend you do so. Other sites they're using, aside from dropbox.com, include;

sharesend.com
kiwi6.com
zippyshare.com
drop.st
filetolink.com
freewayhost.net
largedocument.com
mediafire.com
jumbofiles.com

3 comments:

Mike Peters said...

Hi,

Love what you're doing with HPHosts!

I represent FileToLink.com

We have a strict policy against users abusing our service to distribute malware, adware, viruses and copyrighted material.

Abuse complaints are handled immediately and the offending users are blocked for eternity.

We are in this for the long-haul.

Feel free to reach out to me directly or use the abuse link on our homepage to report abuse.

FileToLink is powered by real people, with a single goal - to create the world's best file sharing service.

Recently, we've begun taking extreme measures to ensure all uploads and downloads are done by registered users. Over the next few weeks, we will continue these efforts, to a point where we have documentation for every file exchange - requiring users to register before they can use our service.

Thanks again for your cooperation and feel free to reach out to us anytime!

MysteryFCM said...

Good to hear from you, and thank you.

Thank you also for indirectly bringing my attention to the horrid formatting Blogspot decided the post should be in.

Mike Peters said...

:-)

It's not that bad. It's readable.

Although I have to say we are feeling a lot of love to Tumblr lately.

If you're considering switching, definitely check them out!