Interfree.it Botnet Activities

Interfree.it is an Internet Service provider how give to his users a free email and a free web site hosting space. Interfree.it is also providing a free sub domain for each created account (ex : http://yourname.interfree.it).

Since the start of our Honey Net in Feb. 2009 we have directly observe that some malware scripts where located on Interfree.it and participate actively to a bonnet construction and propagation.

Interfree.it server, how is hosting the major botnet script, has the IP 213.158.72.68. Since Feb. 2009 to end Jun 2010, Interfree.it botnet is composed of few different malware hosters, has generate 2 807 events and 169 attackers have call the botnet files located on the hosters servers.

Italy, US and Russia are the countries how are the most participating to the botnet activity in term of events. Italia and US are the countries how are hosting part of the botnet since more than 100 days. Interfree.it botnet could be considered as a small botnet.

May 2010 was the more active month in term of events, May 2010 the month with the most distinct attackers and March 2010 the month with the most detected hosters.

Since April 2010 we can see that the activity of the botnet is increasing.

Interesting point the FileAve.com, the Kortech.cn and the Interfree.it Botnet are linked together between some few hosters. Just check the available Afterglow visualization of the interaction between the two botnets.

I have generate some stats and graphs, with all the associated raw datas how are available here.