<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: russian-business-network

Is there anything in Ukraine except cyber crime?

On the Kaspersky SecureList blog there's an interesting post about recent developments for the SpyEye malware. The blogger explains how SpyEye supports a nice plugin architecture and how he examined an interesting new plugin that downloads a flash plugin for certain banking sites which can then switch on the victim's webcam and stream the data back to the crooks.

Read More

Share this:

ThreatSTOP Blocks Android Malware Drive-By

The Lookout Moble Security blog posted a story about some new Android based malware that seems to be set up as fake driver update. This drive by works the same way as classic ones do on Windows PCs (or Macs with Flashback malware) in that if an Android phone visits the infected website it is redirected a couple of times before ending up at a place where it tries to download a new "update" that users are tricked to install.

Read More

Share this:

ThreatSTOP blocks new Microsoft Ransomware

This morning I saw various reports of a new type of Ransomware, masquerading as a fake Microsoft warning that your copy of windows is invalid. I had a quick check and was unsurprised to note that ThreatSTOP subscribers were already protected.

Read More

Share this:

SonicWALL IP Reputation Fail

Since ThreatSTOP is an IP Reputation company, we naturally have a google news feed on the topic of 'IP reputation'. Today, for some reason, it provided a link to the IP reputation page of the firewall vendor SonicWALL. Naturally I had to test the page out to see how well it did. I picked the 4 addresses currently listed on our home page as being the "worst of the web":

Read More

Share this:

Don't let your computers talk to countries they aren't allowed to

Many organizations are subject to government regulations such as ITAR or OFAC that prohibit any dealings with certain foreign nations. Many others have countries that they will not do business with for reasons of corporate policy - because of rampant piracy or fraud for example. However with the Internet it isn't always where another computer is located. At least not from the domain name it reports or the place a user fills in as contact address. This means that, wittingly or unwittingly, computers in any organization may be connecting with other computers in locations that they are legally forbidden to have any communication with.

Read More

Share this:

ThreatSTOP Blocking New Facebook Malware

There is some nasty Facebook spread malware going around at the moment. F-Secure states that the malware infects users in the US and UK and applies to both Mac and PC users.

Read More

Share this:

Collateral Damage and IP Reputation

All IP reputation systems (and related filtering too for that matter) will tend to group similar things together under that assumption that if a number of them are definitely bad the rest probably are too. This isn't perfect but it generally works, as long as the system pays careful attention to corner cases to exclude any false positives.

Read More

Share this:

The Worst AS in the world

In an email discussion over the weekend (which was based in part on this post by Brian Krebs) about the distributors of malware it was noted that much of it came from one particular AS - AS49469 Sa Nova Telecom Grup SRL. As is usually the case when I get this kind of email I take a look at our database to see what we know about the subject. In this case I discovered that AS49469 is one of the 64 ASes whose IP address ranges are completely covered by one or more of our blocklists.

Read More

Share this:

Russian Business Network Penguins

As those who visit our home page may have noticed we have a section where we note the countries with the worst IP reputation. We divide it up between big countries and small ones and determine the relative badness by calculating the proportion of the country's reported IP addresses that are bad.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter