Feed

61 Domains – Blackhole Exploit Kit Suspended

Posted on June 29th, 2013 in Domain News,General Security by dglosser

Malware Must Die reports the suspension of 61 Domains Associated with the Blackhold Exploit kit.  Great News!

If you are tracking domains in your sinkhole, you may wish to add these domains to your own sinkhole.

Resources for Hacked Sites

Posted on May 22nd, 2013 in General Security,Off Topic by dglosser

Some nice resources on what to do if your site was hacked:

If you find a nice (noncommercial preferred) resources, let us know and we’ll add it to our list

 

Regex/fail2ban guru wanted

Posted on August 5th, 2012 in General Security by dglosser

If anyone is familiar with fail2ban/regex and is willing to donate a bit of time,  please contact us at 123malware88domains88-at-gmail.com (remove all numbers)

 

 

Abuse.ch: Cybercriminals Moving Over To TLD .su

Posted on January 29th, 2012 in General Security by dglosser

According to abuse.ch,  cybercriminals are moving from .ru to .su (.su is the Top Level Domain for the Soviet Union, which no longer exists)

Abuse.ch recommends examining your gateway logs, and  if you don’t see any legit .su domains being hit/used in your company,  just simply block .su.

HostExploit – Q4 2011 Top 50 Bad Hosts and Networks

Posted on January 24th, 2012 in General Security by dglosser

Top 50 Bad Hosts & Networks Q4 2011

HostExploit is pleased to present the Q4 2011 report on the Top 50 Bad Hosts and Networks, in collaboration with Russian security company Group-IB.

The final quarter of 2011 saw AS47583 Hosting Media move up to #1 Bad Host, having been well known in the Top 10 for some time. The Lithuanian-based host was found to be supporting some of the worst types of threats including several botnet-related activities such as Zeus as well as C&smp;C servers, exploit servers, phishing servers, malware and badware.

HostExploit analyzed all 39,796 publicly-advertised Autonomous Systems (including web hosts, commercial networks and registrars) with the results represented in a number of ways. Also included are features on the latest threats such as smartphone infections and the “Dirt Jumper” DDoS botnet.


We’ll be examining  domains living on AS47583 and other Bad Hosts and adding them to our blocklist,  but you should perform your own research and add them as appropriate.

EFFORT: Efficient and Effective Bot Malware Detection

Posted on January 20th, 2012 in General Security by dglosser

A research paper using our data:

EFFORT: Efficient and Effective Bot Malware Detection – http://faculty.cs.tamu.edu/guofei/paper/Shin_Infocom12_EFFORT.pdf

Again, we encourage research using our data, but please let us know so we can reference it here.

Evil Network: AS48691 (194.28.112.0/22)

Posted on January 3rd, 2012 in Domain News,General Security by dglosser

Evidence:

From Dynamoo‘s Blog:

“but there is still not a legitimate site in sight. Most of the bad sites are currently on 194.28.114.102 but you should block access to 194.28.112.0/22 (194.28.112.0 - 194.28.115.255) if you can, because this range of IP addresses is nothing but trouble.”

Malware forces Atlanta area hospitals to stop accepting patients

Posted on December 21st, 2011 in General Security by dglosser

http://www.tecca.com/news/2011/12/19/malware-atlanta-hospitals/

Malware forces Atlanta area hospitals to stop accepting patients

Two medical centers lose computer systems for four days, source of infection unknown

Browser Wars

Posted on December 19th, 2011 in General Security by dglosser

Accuvant LABS just published a “Browser Security Comparison”  [1], but also see [2].

The data from this site was one of the URL Blocklists used in Accuvant’s study.
We encourage research using this and other blocklists,  but please let us know when the article is published.

[1] http://www.accuvant.com/sites/default/files/images/webbrowserresearch_v1_0.pdf

[2]http://www.nsslabs.com/assets/noreg-reports/2011/The%20Browser%20Wars%20Just%20Got%20Ugly.pdf