<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: botnet

Torii: The New IoT Botnet You Might Need to Start Worrying About

An extremely sophisticated IoT botnet has recently been discovered and dubbed “Torii.” One of Torii malware’s many advanced capabilities is running on just about every type of smartphone, computer and tablet, with over 100 malware variants supporting over 15 different architectures.

Read More

Share this:

Nitol Takedown: How ThreatSTOP can help identify affected machines.

There's a lot of noise out there about "Nitol" and the takedown. What, exactly, does that mean to you?

Read More

Share this:

Criminals don't follow the rules

If you are a criminal and trying to steal things then breaking the law in other ways is unlikely to concern you. To me such a statement seems obvious, but apparently it isn’t – and I’m not just talking about cyber-criminals here.

Read More

Share this:

Is there anything in Ukraine except cyber crime?

On the Kaspersky SecureList blog there's an interesting post about recent developments for the SpyEye malware. The blogger explains how SpyEye supports a nice plugin architecture and how he examined an interesting new plugin that downloads a flash plugin for certain banking sites which can then switch on the victim's webcam and stream the data back to the crooks.

Read More

Share this:

New and Improved Botnet Feeds

ThreatSTOP has improved our botnet block list by adding a number of C&C servers and DNS servers for botnets that have been taken down by law enforcement. This includes the conficker C&C sinkhole servers (see http://www.confickerworkinggroup.org/wiki/ ) and the IP addresses that the DNS Changer botnet used as DNS servers when redirecting DNS on infected computers (see http://dcwg.org ). These have been added to both the botnets feed and to respective expert mode feeds - sinkhole and DNS changer. We have added these feeds as a service to our subscribers to help them identify computers on their networks that are still infected by these forms of malware as by blocking these addresses on the NAT device makes it easy to identify the infected internal host from its IP address. The "research" popup for a DNS Changer IP address looks like this:

Read More

Share this:

The mobile to cloud security challenge

ThreatSTOP is spending the week up in San Francisco at RSA. We will be on the Vyatta booth, #452, showcasing our joint solution for the protection and centralized management of virtual and cloud firewalls.

Read More

Share this:

ThreatSTOP releases new reporting features

This weekend we have put our new log-parsing and reporting code into production. The new code significantly increases our speed of log parsing (by about two orders of magnitude) and it provides a lot more help to help our users research what particular blocked threats were caused by. As product manager I am very pleased to say that it is a massive improvement over the previous stuff but, for our existing users, there are a couple of niggles.

Read More

Share this:

Krueger Wholesale Florist Uses ThreatSTOP to Block Botnets

Krueger Wholesale Florist, a Wisconsin-based distributor of fresh cut flowers, green plants and supplies to customers across a nine states, has deployed an EdgeWave iPrism Web Security solution to four separate locations with hundreds of employees.  One of the key reasons for EdgeWave's win was ThreatSTOP, whose botnet blocklist is integrated into the iPrism.  This is often the case with EdgeWave, Simwood and other partners, where ThreatSTOP provides a key differentiator and value unavailable anywhere else.

Read More

Share this:

Academic Freedom Need Not Mean Botnet Infections

ThreatSTOP has a number of universities and places of higher education as clients and, it turns out, there's a good reason for this. That reason is 'Academic Freedom' and the possibly unintended consequences of that on computers and networks.

Read More

Share this:

The ineffectiveness of AV

Over at ZDnet Ed Bott has a report on the ineffectiveness of anti-vrus tools against current malware where he notes that many AV vendors only detect it a day or two after it has been distributed and that by then a new variant that they don't detect has also been sent out. In the IT security space, this is not exactly new news. In fact here at ThreatSTOP, we've been using similar statistics in our sales pitch for about a year now and in fact the AV vendors themselves admit they have a problem. If you ask them in private that is.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter