[LINK] Net's 'bad neighbourhoods' mapped

[Nicholas English]

or 'These are the people in your neighborhood ...'

** Net's 'bad neighbourhoods' mapped **
Half of all spam and scam emails come from 20 of the world's 42,000
internet service providers (ISPs), finds a survey that locates the net's
'bad neighbourhoods'.

http://www.bbc.co.uk/news/technology-21798829
<snip>

Net's 'bad neighbourhoods' mapped

About 50% of all junk mail on the net emerges from just 20 internet service
providers (ISPs), a study has found.

The survey of more than 42,000 ISPs tried to map the net's "bad
neighbourhoods" to help pinpoint sources of malicious mail.

The survey by a researcher in the Netherlands found that, in many cases,
ISPs specialise in particular threats such as spam and phishing.

Methods to thwart attacks and predict targets also emerged from the study.

The large-scale study was carried out to help fine-tune computer security
tools that scrutinise the net addresses of email and other messages to help
them work out if they are junk or legitimate. Such tools could make better
choices if they were armed with historical information about the types of
traffic that emerge from particular networks.

In his analysis Giovane Cesar Moreira Moura who studied at the University
of Twente found that some networks could be classed as "bad neighbourhoods"
because, just like in the real world, they were places where malicious
activity was more likely.

Of the 42,201 ISPs studied about 50% of all junk mail, phishing attacks and
other malicious messages came from just 20 networks, he found. Many of
these networks were concentrated in India, Vietnam and Brazil. On the net's
most crime-ridden network - Spectranet in Nigeria - 62% of all the
addresses controlled by that ISP were seen to be sending out spam.

Networks involved in malicious activity also tended to specialise in one
particular sort of malicious message or attack, he discovered. For
instance, the majority of phishing attacks came from ISPs based in the US.
By contrast, spammers tend to favour Asian ISPs. Indian ISP BSNL topped the
list of spam sources in the study.

Analysis tools

Mr Moreira Moura pointed out that malicious traffic coming from one network
did not reveal its ultimate source. Many cybercriminals route spam and
other traffic through hijacked PCs or send it across compromised corporate
networks that join the net via an ISP.

The data gathered for the study is helping to create analysis tools that
will do a better job of assessing whether traffic coming from sources never
seen before is good or bad. In the same way that people avoid walking
through parts of towns and cities known to be dangerous, security tools can
start to filter traffic from ISPs known as historical sources of malicious
messages.

"If security engineers want to reduce the incidence of attacks on the
internet, they should start by tackling networks where attacks are more
frequently originated," he wrote the in the research paper.
</snip>

** Disclaimer **
The BBC is not responsible for the content of this e-mail, and anything
written in this e-mail does not necessarily reflect the BBC's views or
opinions. Please note that neither the e-mail address nor name of the
sender have been verified.


Nicholas English

Sent from A phone 7-)