BREAKING NEWS:


Click Here: "Conficker C Analysis." March 2009.


Our Latest Threat Intelligence

The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)

Most Aggressive Malware Attack Source and Filters

Thu Jul 2 08:56:51 2009

rank = 30-day importance ranking (1 to 100) of most aggressive infection sources

rank hits first last domain country filter
74 6 06/09 07/01 hinet.net TW  deny ip host 61.218.193.218 any log
66 6 06/09 07/01 - -  deny ip host 24.103.188.185 any log
57 4 06/19 07/01 - -  deny ip host 174.6.21.151 any log
55 5 06/10 06/28 hinet.net TW  deny ip host 61.218.193.250 any log
48 4 06/16 06/26 suscom-maine.net US  deny ip host 207.5.236.176 any log
48 4 06/09 07/01 - -  deny ip host 24.103.196.250 any log
44 3 06/24 06/28 - US  deny ip host 204.183.123.121 any log
41 5 06/04 06/25 - -  deny ip host 190.26.209.14 any log
41 3 06/19 07/01 shawcable.net CA  deny ip host 24.83.196.252 any log
40 3 06/18 06/28 - -  deny ip host 190.55.158.145 any log

show me more!

Most Effective Malware-Related Snort Signatures

Thu Jul 2 08:57:34 2009

detects = 30-day signature detection rates based on exposure to 7732 malware infections

detects sidrev author phase description
98% 2001683:3 emerging threats egg download bleeding-edge malware windows executabl...
98% 5001684:99 bothunter egg download bothunter malware windows executable (p...
97% 22466:7 snort inbound exploit netbios smb-ds ipc$ unicode share access
04% 2002750:10 snort inbound policy reserved ip space traffic - bogon nets 2
01% 299913:1 snort inbound exploit shellcode x86 0x90 unicode noop
01% 2538:15 snort inbound exploit netbios smb ipc$ unicode share access
01% 52123:3 snort outbound scan registered free attack-responses micros...
01% 31000004:99 bothunter egg download bothunter scrip-based windows egg downl...
01% 292000032:99 bothunter inbound exploit bothunter exploit lsa exploit
01% 22000032:6 emerging threats inbound exploit bleeding-edge exploit lsa exploit

show me more!

Most Prolific BotNet Command and Control Servers and Filters

Thu Jul 2 08:55:16 2009

rate hits first last domain country filter
51 70 06/09 07/01 eastweb.ru RU  deny ip host 213.219.245.212 any log
26 32 06/16 06/27 p01ice.info US  deny ip host 66.252.13.214 any log
20 32 06/09 06/25 - -  deny ip host 114.80.101.21 any log
15 28 06/10 06/25 163data.com.cn CN  deny ip host 121.12.116.142 any log
15 15 06/25 07/01 cncnet.net CN  deny ip host 221.5.74.39 any log
14 20 06/10 07/01 dion.ne.jp JP  deny ip host 61.120.62.28 any log
9 9 06/26 07/01 163data.com.cn CN  deny ip host 218.93.205.24 any log
7 11 06/09 06/30 synflood.ws CA  deny ip host 67.43.236.66 any log
3 4 06/17 06/30 xs4all.nl NL  deny ip host 83.68.16.6 any log
2 4 06/11 06/22 - DE  deny ip host 82.98.86.170 any log

show me more!

Most Observed Malware-Related DNS Names

Thu Jul 2 08:58:10 2009

embeds = number of malware binaries in which this DNS name was discovered
lookups = number of observed infections in which this DNS name was looked up
rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS names

rank lookups embeds first last country DNS
52 140 242 06/19 06/30 RU  m.drd3h.com
24 0 242 06/19 06/30 XX  cilevb.com
20 122 0 06/02 07/01 RU  citi-bank.ru
13 74 6 06/02 07/01 CN  proxim.ircgalaxy.pl
12 0 121 06/19 06/30 SE  vuln.st
11 63 0 06/10 07/01 CN  brenz.pl
9 52 0 06/10 07/01 CN  lometr.pl
7 35 20 06/09 06/30 XX  moscow-advokat.ru
7 35 27 06/04 07/01 DE  siliconfireware.ru
6 33 0 06/11 06/29 CN  goasi.cn

show me more!

Most Effective Antivirus Tools Against New Malware Binaries

Thu Jul 2 09:01:53 2009

detects = Antivirus system overall detection rate based on exposure to 535 malware binaries

rank detects missed analyzed country vendor
1st 86% 75 535 UK  Sophos Labs
2nd 84% 85 535 CZ  Grisoft Inc
3rd 83% 87 535 US  Microsoft Corporation
4th 83% 90 535 DE  Avira
5th 82% 96 535 IS  Frisk Software International
6th 81% 101 535 US  Authentium
7th 80% 104 535 AT  Ikarus Security Software
8th 79% 110 535 US  Trend Micro
9th 77% 119 535 RO  BitDefender Inc
10th 77% 123 535 US  Symantec Corporation

show me more!

Most Aggressively Spreading Malware Binaries

Thu Jul 2 09:02:25 2009

rank hits first last AV rate Binary MD5
63 06/02 07/01 3 of 32 d9cb288f317124a0e63e3405ed290765
53 06/06 07/01 33 0 of 32 53bfe15e9143d86b276d73fdcaf66265
17 06/02 07/01 3 of 32 dc331fb79112a1d334b667c4eeb15cb7
8 06/02 07/01 7 of 32 7587773eea6bc417aaab068715c9391b
5 06/19 06/27 40 of 32 8128405d8c32a75bab02a1f0d125d11c
5 06/02 07/01 2 of 32 d60e538e721c30a0ea946404330f324a
5 06/19 06/30 38 of 32 3490e2ea159616cc59e5ad904ca11857
4 06/19 06/29 30 of 32 1a6c7da5357152ef34cadf2a5bd17bfa
4 06/19 06/27 40 of 32 013a5ba10e3fc8a039b045530381d957
3 06/11 06/29 29 of 32 1a2c0e6130850f8fd9b9b5309413cd00

show me more!