Jose Nazario

Dirt Jumper DDoS Bot Increasingly Popular

We’ve profiled the Dirt Jumper DDoS bot before and shown its evolution over the years. We then took this analysis into our zoo to see which DDoS bot families are growing in popularity with attackers. The marketplace has opened up significantly (see Curt’s excellent overview of DDoS tools and services) in recent years, and with […]

Measuring Botnet Populations

The following is excerpted from a talk I gave at the 2012 APCERT meeting in Bali, Indonesia in March, 2012. The topic was on botnet population measurements, something that we’ve been doing for many years and has grown in importance. What do we mean when we talk about measuring botnet populations? We are trying to […]

DDoS Attacks in Russia Added to Protests

2011, and now 2012, appear to be years of major populist protests regarding political processes around the world. Russia is no different. News reports of protests in the streets of Moscow have been increasing, with protesters demanding election reforms and fairness. It is in this backdrop that we’re seeing DDoS attacks against some websites. A […]

Skunkx DDoS Bot Analysis

Lest you think all of the DDoS bots we focus on come only from China, we found one that appears to be from the US. We’re calling this bot “Skunkx”. We have not yet seen the bot’s attacks in the wild, however, and so we do not know its favored victim profiles. We also do […]

Critical Voices DDoSed in Malaysia (and elsewhere)

More political attacks seen around the world, this time in Malaysia. Voices that appear to be critical to the Malaysian government have had their websites, used for communicating with the outside world, attacked in a flurry of DDoS attacks. We’ve been investigating these and have sent information to the CERT team in Malaysia for assistance […]

IPv6 DNS Statistics

Recently I started collecting IPv6 DNS traffic in a passive DNS monitor. For those not familiar, passive DNS replication was pioneered by Florian Weirmer and is described as: a technology which constructs zone replicas without cooperation from zone administrators, based on captured name server responses. In short, you watch what recursive DNS servers get back […]

LEET 2010 Coming Up

This year I again had the pleasure of serving on the LEET program committee, which let me view some excellent research from people around the world. This year’s submissions were very high quality, and this year’s LEET workshop looks to be a very valuable day for researchers in the field. Join us at the 3rd […]

Trojan.Heloag Downloader Analysis

Trojan.Heloag is a Trojan horse designed to manage the installation of other malware on the infected PC. This malcode gives complete control to the attacker and enables them to install arbitrary malcode on the PC. This one appeared in our zoo recently and after reading in an AV writeup about a possible DDoS capability within […]