Most of the readers here know that I am not a fan of over Policing and abuse of power…etc. However, the internet isn’t under just any one jurisdiction (although just about most people think the USA is that).

There are a lot more sites out there now then ever scanning and posting malicious sites and content for security teams to block and analyze as well as be added into your anti-virus on true positives. The majority of executables (like posted below) are from e-mail malspam that includes a maco based attachment that when opened and the macro runs, it connects to these sites to download and install the Malware without you none the wiser.

Another one of our sites connects to these links and downloads the samples in a cyber range and publishes the traffic and any other information pertinent to it to help with writing snort rules, etc.

Look at the image below from vxvault, today is the 12th and I am able to download files that were posted and scanned published from about ten days ago and sometimes up to and beyond 30 days.  If the malware is Hosted on a hacked website the service provider and webmaster will usually be notified and the account suspended or file removed within a few hours or days – the FBI also can under court order seize any TLD that is US owned, problem solved quickly then right?

What happens when the malware is hosted in a 3rd world country? What if it is hosted by the crimeware actors themselves knowing that there is no extradite law and their government has bigger problems to worry about?