Some nice resources on what to do if your site was hacked:
- Additional resources: hacked sites (StopBadware)
- Hacked Site Recovery (Google)
- FAQ: Malware and Hacked Sites (Google)
- Webmaster help for Hacked Sites (Google)
If you find a nice (noncommercial preferred) resources, let us know and we’ll add it to our list
If anyone is familiar with fail2ban/regex and is willing to donate a bit of time, please contact us at 123malware88domains88-at-gmail.com (remove all numbers)
According to abuse.ch, cybercriminals are moving from .ru to .su (.su is the Top Level Domain for the Soviet Union, which no longer exists)
Abuse.ch recommends examining your gateway logs, and if you don’t see any legit .su domains being hit/used in your company, just simply block .su.
Top 50 Bad Hosts & Networks Q4 2011
The final quarter of 2011 saw AS47583 Hosting Media move up to #1 Bad Host, having been well known in the Top 10 for some time. The Lithuanian-based host was found to be supporting some of the worst types of threats including several botnet-related activities such as Zeus as well as C&smp;C servers, exploit servers, phishing servers, malware and badware.
HostExploit analyzed all 39,796 publicly-advertised Autonomous Systems (including web hosts, commercial networks and registrars) with the results represented in a number of ways. Also included are features on the latest threats such as smartphone infections and the “Dirt Jumper” DDoS botnet.
We’ll be examining domains living on AS47583 and other Bad Hosts and adding them to our blocklist, but you should perform your own research and add them as appropriate.
A research paper using our data:
EFFORT: Efficient and Effective Bot Malware Detection – http://faculty.cs.tamu.edu/guofei/paper/Shin_Infocom12_EFFORT.pdf
Again, we encourage research using our data, but please let us know so we can reference it here.
From Dynamoo‘s Blog:
“but there is still not a legitimate site in sight. Most of the bad sites are currently on 184.108.40.206 but you should block access to 220.127.116.11/22 (18.104.22.168 - 22.214.171.124) if you can, because this range of IP addresses is nothing but trouble.”
Malware forces Atlanta area hospitals to stop accepting patients
Two medical centers lose computer systems for four days, source of infection unknown
Accuvant LABS just published a “Browser Security Comparison” , but also see .
The data from this site was one of the URL Blocklists used in Accuvant’s study.
We encourage research using this and other blocklists, but please let us know when the article is published.