Malware Activity: Key Statistics
January 1,2023 - March 31,2023
We analyzed URLs, domain names, and IP addresses that have been reported for malware. These and other metadata — e.g., registration data, DNS zone data, and malware typing provided by the feed - allow us to determine what malware was most prevalent, where malware was served from or distributed, and what resources criminals used to pursue their attacks.
Indicators of compromise allow us to distinguish hostnames delegated from domains that were purposely registered for malware campaigns from hostnames assigned to compromised web sites that were delegated from domain names for legitimate purposes.
Each reporting period, we group or classify malware according to the primary or original purpose the malware serves. The Malware Terminology page explains our classification in detail.
In many cases the identification of a malware in reports that we ingest is definitive, but the malware report lacks the information necessary to confidently classify the malware. For the purposes of analysis and reporting, these cases are represented as “uncategorized”. We include counts of uncategorized malware in our TLD, Registrar and Hosting Networks rankings.
| Measurement | Count |
|---|---|
| Total number of malware reports collected from feeds this quarter | 2,026,863 |
| Total number of malware records produced from malware reports | 1,169,853 |
| Endpoint malware records (targets user-attended devices) | 68,473 |
| Internet of Things (IoT) malware records (targets sensors, wearables, appliances...) | 82,440 |
| Malicious IP address malware records (Traffic Injectors and Attackware) | 420,977 |
| Uncategorized malware (Verified as malware but not classified) | 597,963 |
| Unique domain names reported for serving up malware | 32,606 |
| Top-level Domains (TLDs) where we observed malware hosting | 362 |
| Registrars that had gTLD domains under management reported for serving malware | 369 |
| Hosting Networks (ASNs) where we observed malware hosting or distribution | 17,529 |
| Unique IPv4 addresses reported as serving or distributing malware | 980,457 |
| Quarterly Update: Key Statistics |
Quarterly Update: Top Level Domains |
Quarterly Update: Registrars |
Quarterly Update: Hosting Networks |
| Quarter over Quarter: Key Statistics |