ANNOUNCEMENT
What's Next For Us: www.BLADE-DEFENDER.org
ATTENTION GRADUATE STUDENTS
SRI is seeking graduate student research interns for Summer 2010. For more details, click here.
Our Latest Threat Intelligence
The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)
Most Aggressive Malware Attack Source and Filters
Fri Mar 22 08:17:44 2013
rank = 30-day importance ranking (1 to 100) of most aggressive infection sources
rank | hits | first | last | domain | country | filter |
---|---|---|---|---|---|---|
13 | 1 | 03/14 | 03/14 | quickhost.nl | deny ip host 80.84.248.77 any log | |
9 | 1 | 03/08 | 03/08 | - | deny ip host 201.186.129.37 any log | |
8 | 1 | 03/07 | 03/07 | firstffc.com | deny ip host 213.230.19.253 any log | |
6 | 1 | 03/05 | 03/05 | mol.go.th | deny ip host 122.155.167.93 any log | |
5 | 1 | 03/03 | 03/03 | covad.net | deny ip host 67.100.108.242 any log | |
3 | 1 | 02/27 | 02/27 | mol.go.th | deny ip host 122.155.167.90 any log | |
2 | 1 | 02/26 | 02/26 | localhost | deny ip host 222.255.132.125 any log | |
2 | 1 | 02/25 | 02/25 | - | deny ip host 42.112.16.150 any log | |
2 | 1 | 02/25 | 02/25 | - | deny ip host 14.140.160.20 any log | |
2 | 1 | 02/25 | 02/25 | maxis.net.my | deny ip host 58.71.149.26 any log |
show me more!
Most Effective Malware-Related Snort Signatures
Fri Mar 22 08:17:47 2013
detects = 30-day signature detection rates based on exposure to 5894 malware infections
detects | sidrev | author | phase | description |
---|---|---|---|---|
27% | 22466:7 | snort | inbound exploit | netbios smb-ds ipc$ unicode share access |
26% | 2002750:10 | snort | inbound | policy reserved ip space traffic - bogon nets 2 |
18% | 299913:1 | snort | inbound exploit | shellcode x86 0x90 unicode noop |
17% | 2001683:3 | emerging threats | egg download | bleeding-edge malware windows executabl... |
17% | 5001684:99 | bothunter | egg download | bothunter malware windows executable (p... |
15% | 292000032:99 | bothunter | inbound exploit | bothunter exploit lsa exploit |
15% | 22000032:6 | emerging threats | inbound exploit | bleeding-edge exploit lsa exploit |
14% | 3000003:99 | bothunter | egg download | bothunter http-based .exe upload on bac... |
14% | 3000000:99 | bothunter | egg download | bothunter http-based .exe upload on bac... |
11% | 2002749:4 | snort | inbound | policy reserved ip space traffic - bogon nets 1 |
show me more!
Most Prolific BotNet Command and Control Servers and Filters
Fri Mar 22 08:17:32 2013
show me more!
Most Observed Malware-Related DNS Names
Fri Mar 22 08:17:56 2013
embeds = number of malware binaries in which this DNS name was discovered
lookups = number of observed infections in which this DNS name was looked up
rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS names
rank | lookups | embeds | first | last | country | DNS |
---|---|---|---|---|---|---|
0 | 33 | 0 | 02/20 | 02/24 | www.starman.ee | |
0 | 32 | 0 | 02/20 | 02/24 | www.online.if.ee | |
0 | 19 | 0 | 02/20 | 02/24 | www.if.ee | |
0 | 4 | 0 | 02/20 | 02/21 | qexukrfrxfd.net | |
0 | 4 | 0 | 02/20 | 02/21 | lphocxwrt.org | |
0 | 3 | 0 | 02/20 | 02/24 | trafficconverter.biz | |
0 | 2 | 0 | 02/23 | 02/24 | qlukhgmtajy.info | |
0 | 2 | 0 | 02/23 | 02/24 | ctoeioqy.info | |
0 | 2 | 0 | 02/23 | 02/24 | qesaschyloy.net | |
0 | 2 | 0 | 02/23 | 02/24 | uhsntu.com |
show me more!
Most Aggressively Spreading Malware Binaries
Fri Mar 22 08:18:31 2013
rank | hits | first | last | AV rate | Binary MD5 |
---|---|---|---|---|---|
0 | 02/23 | 03/14 | 3 of 32 | d9cb288f317124a0e63e3405ed290765 | |
0 | 02/21 | 03/05 | 2 of 32 | 223d8089f8ee82f8b05266baecaac61e | |
0 | 03/08 | 03/08 | 3 of 32 | 917c085aca2534af20a547ff1104af43 | |
0 | 02/25 | 02/26 | 5 of 32 | 741c93f3c1c7e0d88b464ab6a095e406 | |
show me more!