Author: Jose Nazario

Measuring Botnet Populations

The following is excerpted from a talk I gave at the 2012 APCERT meeting in Bali, Indonesia in March, 2012. The topic was on botnet population measurements, something that we’ve been doing for many years and has grown in importance. What do we mean when […]

Read more

Skunkx DDoS Bot Analysis

Lest you think all of the DDoS bots we focus on come only from China, we found one that appears to be from the US. We’re calling this bot “Skunkx”. We have not yet seen the bot’s attacks in the wild, however, and so we […]

Read more

IPv6 DNS Statistics

Recently I started collecting IPv6 DNS traffic in a passive DNS monitor. For those not familiar, passive DNS replication was pioneered by Florian Weirmer and is described as: a technology which constructs zone replicas without cooperation from zone administrators, based on captured name server responses. […]

Read more

LEET 2010 Coming Up

This year I again had the pleasure of serving on the LEET program committee, which let me view some excellent research from people around the world. This year’s submissions were very high quality, and this year’s LEET workshop looks to be a very valuable day […]

Read more

Trojan.Heloag Downloader Analysis

Trojan.Heloag is a Trojan horse designed to manage the installation of other malware on the infected PC. This malcode gives complete control to the attacker and enables them to install arbitrary malcode on the PC. This one appeared in our zoo recently and after reading […]

Read more