Tag: botnet
-
VB2017 paper: Beyond lexical and PDNS: using signals on graphs to uncover online threats at scale
Malicious Internet traffic, such as botnet C&C traffic, is easily recognized if it uses known bad domain names, or known bad IP addresses. This is why botnets constantly change the domain names, and often also the IP addresses they use, thus trying to stay one step ahead of the defenders. Enter big data: infected devices…
-
Ebury and Mayhem server malware families still active
Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…
-
Ebury and Mayhem server malware families still active
Whether it is to send spam or to redirect web traffic to malicious payloads, compromised ( Linux ) web servers are the glue in many a malware campaign. Two such networks of compromised servers – about which VB has published papers in the past – have recently received updates. The paper ‘Operation Windigo’ ( pdf ) was…
-
Despite the profitability of ransomware there is a good reason why mining malware is thriving
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather disappointed: using malware to mine for cryptocurrencies is about as basic as it gets. It is the digital equivalent of breaking into someone’s house,…
-
Despite the profitability of ransomware there is a good reason why mining malware is thriving
When, a few years ago, a friend and I were analysing a rather large botnet and we saw some network traffic indicating that it was engaged in Bitcoin mining, we felt rather disappointed: using malware to mine for cryptocurrencies is about as basic as it gets. It is the digital equivalent of breaking into someone’s house,…
-
Massive data breach confirms what you already knew: you are getting spam
The security community spends a lot of time and effort researching the infrastructure used by spammers to send billions of unwanted and often malicious emails every day – but there is something else spammers need in order to send you their emails: your email address. Security researcher Benoît Ancel’s recent discovery of various databases used by…
-
Massive data breach confirms what you already knew: you are getting spam
The security community spends a lot of time and effort researching the infrastructure used by spammers to send billions of unwanted and often malicious emails every day – but there is something else spammers need in order to send you their emails: your email address. Security researcher Benoît Ancel’s recent discovery of various databases used by…
-
WireX DDoS botnet takedown shows the best side of the security industry
It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many people who really care about making the world a more secure place. We have seen many examples of researchers from competitor companies…
-
WireX DDoS botnet takedown shows the best side of the security industry
It is easy to be cynical about the security industry and its tendency to make ever bigger mountains out of molehills, but behind a thin layer of marketing, there are a great many people who really care about making the world a more secure place. We have seen many examples of researchers from competitor companies…
-
Mostly blocked, but still good enough: Necurs sending pump-and-dump spam
Over the past few days, the Necurs spam botnet has increased its activity, sending large amounts of pump-and-dump spam, in which a cheap stock is pushed with the aim of making a profit for those behind the campaign. The Dynamoo blog lists examples of the various emails sent, while Cisco ‘s Talos group provides some…