Category: Botnets

EXE Storm Of the Year

Last week I got a weird piece of malware, one that didn’t quite look familiar. A quick round of dynamic and static analysis showed that it was indeed new, and it turns out it was the malware known as the Storm Worm. AV detection, late […]

Read more

Security Limitations of Dialup

Most of the security discussions that I have involving infected hosts on the Internet tend to be focused around broadband users. It’s true: DSL, Cable modem and other high speed access technologies have given miscreants who own bot armies unbelievable amounts of bandwidth with which […]

Read more

Tracking Moving Objects

A few images from the past few workdays of my life, and some explanation: To the left is a tag cloud associated with vulnerabilities. These are pouring into an ASERT-internal application we use to track activity in news and vuln reports, as well as malware […]

Read more

DDoS Attacks from Nowhere

Over the weekend Ed Vielmetti pointed out to me that Zooomr had been under a DDoS attack as they were preparing to roll out their 2.0 site. As discussed on their blog, the Zooomr guys describe what’s going on (well, in very limited detail): Well […]

Read more

Nugache: TCP port 8 Bot

Over this past weekend, ASERT received samples of the Nugache bot and analyzed them Monday morning. Nugache has been noticed because it appears to employ P2P to communicate rather than a more traditional IRC channel. People have been discussing it as a Waste-based protocol, the […]

Read more

Botnet Tracking, Minute by Minute

We’ve been tracking botnets for some time now; it’s a great way to directly monitor malicious activity. The graph above relates to a botnet I’m currently tracking. It’s seeing a lot of churn – something on the order of thousands of new IP addresses every […]

Read more