<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: botnet

Infographic: The Most Infamous Botnets of the 21st Century

Botnets are a unique type of threat. The colossal power that networks of millions of compromised computers can reach allows botnets to do a lot of damage, from generating and stealing large sums of money to deploying dangerous attacks. Last year saw a 71.5% increase in botnets as opposed to 2018, further showing that botnets are a worthwhile business for attackers, and a prevalent threat to watch out for.

These malicious networks have been around since the very end of the 90’s, rapidly evolving and becoming more advanced, year by year. Our new infographic examines the most prevalent, well-known botnets from the beginning of the century up until today, shedding light on the diverse landscape and evolution of this fascinating threat.

Read More

Share this:

What Is a Botnet? Common Architecture, Purpose & Attack Types

What Is a Botnet?

A botnet is a distributed network consisting of many compromised internet-connected devices, which are controlled by a centralized botmaster, and are utilized to perform synchronized tasks. Each infected machine is called a bot, and together their power is used to carry out various attacks. Botnets are usually created via malware infections, which gain persistence on the machines and “recruit” them to the botnet. Some of these malware variants can even self-propagate through networks, infecting many devices via one network entry point. The bandwidth amount “taken” from each bot is relatively small, so that the victim will not realize that their device is being exploited, but when thousands or even millions of machines are simultaneously instructed to perform a joint, targeted attack, the damage can be immense.

Although we are used to thinking of botnets as a collection of computers, these networks can be comprised of various types of devices – personal computers, laptops, mobile devices, smart watches, security cameras, and smart house appliances.

Read More

Share this:

Torii: The New IoT Botnet You Might Need to Start Worrying About

An extremely sophisticated IoT botnet has recently been discovered and dubbed “Torii.” One of Torii malware’s many advanced capabilities is running on just about every type of smartphone, computer and tablet, with over 100 malware variants supporting over 15 different architectures.

Read More

Share this:

Nitol Takedown: How ThreatSTOP can help identify affected machines.

There's a lot of noise out there about "Nitol" and the takedown. What, exactly, does that mean to you?

Read More

Share this:

Criminals don't follow the rules

If you are a criminal and trying to steal things then breaking the law in other ways is unlikely to concern you. To me such a statement seems obvious, but apparently it isn’t – and I’m not just talking about cyber-criminals here.

Read More

Share this:

Is there anything in Ukraine except cyber crime?

On the Kaspersky SecureList blog there's an interesting post about recent developments for the SpyEye malware. The blogger explains how SpyEye supports a nice plugin architecture and how he examined an interesting new plugin that downloads a flash plugin for certain banking sites which can then switch on the victim's webcam and stream the data back to the crooks.

Read More

Share this:

New and Improved Botnet Feeds

ThreatSTOP has improved our botnet block list by adding a number of C&C servers and DNS servers for botnets that have been taken down by law enforcement. This includes the conficker C&C sinkhole servers (see http://www.confickerworkinggroup.org/wiki/ ) and the IP addresses that the DNS Changer botnet used as DNS servers when redirecting DNS on infected computers (see http://dcwg.org ). These have been added to both the botnets feed and to respective expert mode feeds - sinkhole and DNS changer. We have added these feeds as a service to our subscribers to help them identify computers on their networks that are still infected by these forms of malware as by blocking these addresses on the NAT device makes it easy to identify the infected internal host from its IP address. The "research" popup for a DNS Changer IP address looks like this:

Read More

Share this:

The mobile to cloud security challenge

ThreatSTOP is spending the week up in San Francisco at RSA. We will be on the Vyatta booth, #452, showcasing our joint solution for the protection and centralized management of virtual and cloud firewalls.

Read More

Share this:

ThreatSTOP releases new reporting features

This weekend we have put our new log-parsing and reporting code into production. The new code significantly increases our speed of log parsing (by about two orders of magnitude) and it provides a lot more help to help our users research what particular blocked threats were caused by. As product manager I am very pleased to say that it is a massive improvement over the previous stuff but, for our existing users, there are a couple of niggles.

Read More

Share this:

Krueger Wholesale Florist Uses ThreatSTOP to Block Botnets

Krueger Wholesale Florist, a Wisconsin-based distributor of fresh cut flowers, green plants and supplies to customers across a nine states, has deployed an EdgeWave iPrism Web Security solution to four separate locations with hundreds of employees.  One of the key reasons for EdgeWave's win was ThreatSTOP, whose botnet blocklist is integrated into the iPrism.  This is often the case with EdgeWave, Simwood and other partners, where ThreatSTOP provides a key differentiator and value unavailable anywhere else.

Read More

Share this:

Home Page

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter