<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">


Nitol Takedown: How ThreatSTOP can help identify affected machines.

There's a lot of noise out there about "Nitol" and the takedown. What, exactly, does that mean to you?

Read More

Share this:

New and Improved Botnet Feeds

ThreatSTOP has improved our botnet block list by adding a number of C&C servers and DNS servers for botnets that have been taken down by law enforcement. This includes the conficker C&C sinkhole servers (see http://www.confickerworkinggroup.org/wiki/ ) and the IP addresses that the DNS Changer botnet used as DNS servers when redirecting DNS on infected computers (see http://dcwg.org ). These have been added to both the botnets feed and to respective expert mode feeds - sinkhole and DNS changer. We have added these feeds as a service to our subscribers to help them identify computers on their networks that are still infected by these forms of malware as by blocking these addresses on the NAT device makes it easy to identify the infected internal host from its IP address. The "research" popup for a DNS Changer IP address looks like this:

Read More

Share this:


see all


  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter