In Memory of FileAve.com Botnet
Good news for every one, FileAve.com is finally down since the 18 October ! In July 2010 I have written a blog post on FileAve.com a free file hosting provider notorious for spreading thousands of malwares. FileAve.com have provide 50 MB free storage and a free sub domain for each created account (ex : http://yourname.fileave.com). FileAve.com was owned and operated by “Ripside Interactive, Inc.“, located in US, and more precisely by “Smith, Scott“, since September 2008. “Ripside Interactive, Inc.” was also owner of ripway.com, another notorious malware hoster.
With the data’s contained in our Honeynet database, I can provide you the following statistics. FileAve.com and associated subdomains were linked to 94 other malware spreaders, but FileAve.com was the most important malware spreader in this botnet. These 95 malware spreaders were regularly contacted, by 1420 other source IP addresses, but not known for hosting malwares, in order to attempt to infect new potential vulnerable web servers or computers.
The median lifetime of the 95 malware spreaders were 5 days, with 6 of them how have a lifetime above 1 year, and 2 of the 6 with a lifetime above 2 years. On the 1420 other source IP addresses, 754 of them were directly connected to FileAve.com IP address.
43 of the malware spreaders were located in South Korea and 32 others were located in US. 837 distinct source IP addresses have contact the malware spreaders located in US and 309 others have contact malware spreaders located in South Korea.
The malware spreaders hosting country how has taken the longest time to shut down the malware spreaders is France, with only 2 malware spreaders located in this country but with an average lifetime of 184 days. The second country is China with 2 malware spreaders and with an average lifetime of 164 days. The third country is Thailand with 2 malware spreaders and with an average lifetime of 127 days. The fourth country is South Korea with 43 malware spreaders and with an average lifetime of 105 days.
FileAve.com botnet golden age have occur between March 2010 and September 2010, with the most active malware spreaders ratio, with the most source IP addresses and the most generated events.
If you are interested in more statistics about FileAve.com activities, I have written an PDF available here. Also I have create a geographic time map of all activities generated by the FileAve.com botnet.