BREAKING NEWS:
Click Here: "Conficker C Analysis." March 2009.
Our Latest Threat Intelligence
The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)
Most Aggressive Malware Attack Source and Filters
Thu Jul 2 08:56:51 2009
rank = 30-day importance ranking (1 to 100) of most aggressive infection sources
| rank | hits | first | last | domain | country | filter |
|---|---|---|---|---|---|---|
| 74 | 6 | 06/09 | 07/01 | hinet.net |  |
deny ip host 61.218.193.218 any log |
| 66 | 6 | 06/09 | 07/01 | - |  |
deny ip host 24.103.188.185 any log |
| 57 | 4 | 06/19 | 07/01 | - | |
deny ip host 174.6.21.151 any log |
| 55 | 5 | 06/10 | 06/28 | hinet.net | |
deny ip host 61.218.193.250 any log |
| 48 | 4 | 06/16 | 06/26 | suscom-maine.net |  |
deny ip host 207.5.236.176 any log |
| 48 | 4 | 06/09 | 07/01 | - | |
deny ip host 24.103.196.250 any log |
| 44 | 3 | 06/24 | 06/28 | - | |
deny ip host 204.183.123.121 any log |
| 41 | 5 | 06/04 | 06/25 | - | |
deny ip host 190.26.209.14 any log |
| 41 | 3 | 06/19 | 07/01 | shawcable.net |  |
deny ip host 24.83.196.252 any log |
| 40 | 3 | 06/18 | 06/28 | - | |
deny ip host 190.55.158.145 any log |
Most Effective Malware-Related Snort Signatures
Thu Jul 2 08:57:34 2009
detects = 30-day signature detection rates based on exposure to 7732 malware infections
| detects | sidrev | author | phase | description |
|---|---|---|---|---|
| 98% | 2001683:3 | emerging threats | egg download | bleeding-edge malware windows executabl... |
| 98% | 5001684:99 | bothunter | egg download | bothunter malware windows executable (p... |
| 97% | 22466:7 | snort | inbound exploit | netbios smb-ds ipc$ unicode share access |
| 04% | 2002750:10 | snort | inbound | policy reserved ip space traffic - bogon nets 2 |
| 01% | 299913:1 | snort | inbound exploit | shellcode x86 0x90 unicode noop |
| 01% | 2538:15 | snort | inbound exploit | netbios smb ipc$ unicode share access |
| 01% | 52123:3 | snort | outbound scan | registered free attack-responses micros... |
| 01% | 31000004:99 | bothunter | egg download | bothunter scrip-based windows egg downl... |
| 01% | 292000032:99 | bothunter | inbound exploit | bothunter exploit lsa exploit |
| 01% | 22000032:6 | emerging threats | inbound exploit | bleeding-edge exploit lsa exploit |
Most Prolific BotNet Command and Control Servers and Filters
Thu Jul 2 08:55:16 2009
| rate | hits | first | last | domain | country | filter |
|---|---|---|---|---|---|---|
| 51 | 70 | 06/09 | 07/01 | eastweb.ru |  |
deny ip host 213.219.245.212 any log |
| 26 | 32 | 06/16 | 06/27 | p01ice.info | |
deny ip host 66.252.13.214 any log |
| 20 | 32 | 06/09 | 06/25 | - | |
deny ip host 114.80.101.21 any log |
| 15 | 28 | 06/10 | 06/25 | 163data.com.cn |  |
deny ip host 121.12.116.142 any log |
| 15 | 15 | 06/25 | 07/01 | cncnet.net | |
deny ip host 221.5.74.39 any log |
| 14 | 20 | 06/10 | 07/01 | dion.ne.jp |  |
deny ip host 61.120.62.28 any log |
| 9 | 9 | 06/26 | 07/01 | 163data.com.cn | |
deny ip host 218.93.205.24 any log |
| 7 | 11 | 06/09 | 06/30 | synflood.ws | |
deny ip host 67.43.236.66 any log |
| 3 | 4 | 06/17 | 06/30 | xs4all.nl |  |
deny ip host 83.68.16.6 any log |
| 2 | 4 | 06/11 | 06/22 | - |  |
deny ip host 82.98.86.170 any log |
Most Observed Malware-Related DNS Names
Thu Jul 2 08:58:10 2009
embeds = number of malware binaries in which this DNS name was discovered
lookups = number of observed infections in which this DNS name was looked up
rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS names
| rank | lookups | embeds | first | last | country | DNS |
|---|---|---|---|---|---|---|
| 52 | 140 | 242 | 06/19 | 06/30 | |
m.drd3h.com |
| 24 | 0 | 242 | 06/19 | 06/30 |  |
cilevb.com |
| 20 | 122 | 0 | 06/02 | 07/01 | |
citi-bank.ru |
| 13 | 74 | 6 | 06/02 | 07/01 | |
proxim.ircgalaxy.pl |
| 12 | 0 | 121 | 06/19 | 06/30 |  |
vuln.st |
| 11 | 63 | 0 | 06/10 | 07/01 | |
brenz.pl |
| 9 | 52 | 0 | 06/10 | 07/01 | |
lometr.pl |
| 7 | 35 | 20 | 06/09 | 06/30 | |
moscow-advokat.ru |
| 7 | 35 | 27 | 06/04 | 07/01 | |
siliconfireware.ru |
| 6 | 33 | 0 | 06/11 | 06/29 | |
goasi.cn |
Most Effective Antivirus Tools Against New Malware Binaries
Thu Jul 2 09:01:53 2009
detects = Antivirus system overall detection rate based on exposure to 535 malware binaries
| rank | detects | missed | analyzed | country | vendor |
|---|---|---|---|---|---|
| 1st | 86% | 75 | 535 |  |
Sophos Labs |
| 2nd | 84% | 85 | 535 |  |
Grisoft Inc |
| 3rd | 83% | 87 | 535 | |
Microsoft Corporation |
| 4th | 83% | 90 | 535 | |
Avira |
| 5th | 82% | 96 | 535 |  |
Frisk Software International |
| 6th | 81% | 101 | 535 | |
Authentium |
| 7th | 80% | 104 | 535 |  |
Ikarus Security Software |
| 8th | 79% | 110 | 535 | |
Trend Micro |
| 9th | 77% | 119 | 535 |  |
BitDefender Inc |
| 10th | 77% | 123 | 535 | |
Symantec Corporation |
Most Aggressively Spreading Malware Binaries
Thu Jul 2 09:02:25 2009
| rank | hits | first | last | AV rate | Binary MD5 |
|---|---|---|---|---|---|
| 63 | 06/02 | 07/01 | 3 of 32 | d9cb288f317124a0e63e3405ed290765 | |
| 53 | 06/06 | 07/01 | 33 0 of 32 | 53bfe15e9143d86b276d73fdcaf66265 | |
| 17 | 06/02 | 07/01 | 3 of 32 | dc331fb79112a1d334b667c4eeb15cb7 | |
| 8 | 06/02 | 07/01 | 7 of 32 | 7587773eea6bc417aaab068715c9391b | |
| 5 | 06/19 | 06/27 | 40 of 32 | 8128405d8c32a75bab02a1f0d125d11c | |
| 5 | 06/02 | 07/01 | 2 of 32 | d60e538e721c30a0ea946404330f324a | |
| 5 | 06/19 | 06/30 | 38 of 32 | 3490e2ea159616cc59e5ad904ca11857 | |
| 4 | 06/19 | 06/29 | 30 of 32 | 1a6c7da5357152ef34cadf2a5bd17bfa | |
| 4 | 06/19 | 06/27 | 40 of 32 | 013a5ba10e3fc8a039b045530381d957 | |
| 3 | 06/11 | 06/29 | 29 of 32 | 1a2c0e6130850f8fd9b9b5309413cd00 |