Our Latest Threat Intelligence
The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)
Most Aggressive Malware Attack Source and Filters
Sat Jul 5 10:14:26 2008
rank = 30-day importance ranking (1 to 100) of most aggressive infection sources
| rank | hits | first | last | domain | country | filter |
|---|---|---|---|---|---|---|
| 55 | 4 | 06/23 | 07/04 | agent1.gz.cn | |
deny ip host 218.086.236.021 any log |
| 53 | 4 | 06/20 | 07/01 | hinet.net | |
deny ip host 202.039.210.091 any log |
| 48 | 3 | 07/02 | 07/04 | dsl.net | |
deny ip host 065.086.238.166 any log |
| 47 | 6 | 06/12 | 06/25 | bora.net | |
deny ip host 061.037.147.200 any log |
| 47 | 4 | 06/19 | 07/04 | hinet.net | |
deny ip host 061.218.193.250 any log |
| 45 | 3 | 06/27 | 07/01 | rr.com | |
deny ip host 064.183.209.202 any log |
| 45 | 3 | 06/28 | 06/30 | oninet.ne.jp | |
deny ip host 202.070.241.145 any log |
| 44 | 4 | 06/18 | 07/02 | - | |
deny ip host 065.068.019.187 any log |
| 43 | 3 | 06/27 | 06/30 | fcv.ne.jp | |
deny ip host 061.203.196.192 any log |
| 43 | 4 | 06/19 | 06/30 | metrocast.net | |
deny ip host 074.214.047.011 any log |
Most Effective Malware-Related Snort Signatures
Sat Jul 5 10:15:25 2008
detects = 30-day signature detection rates based on exposure to 15363 malware infections
| detects | sidrev | author | phase | description |
|---|---|---|---|---|
| 56% | 5001684:99 | bothunter | egg download | bothunter malware windows executable (p... |
| 49% | 22466:7 | snort | inbound exploit | netbios smb-ds ipc$ unicode share access |
| 46% | 2001683:3 | emerging threats | egg download | bleeding-edge malware windows executabl... |
| 44% | 299913:1 | snort | inbound exploit | shellcode x86 0x90 unicode noop |
| 42% | 292000032:99 | bothunter | inbound exploit | bothunter exploit lsa exploit |
| 42% | 22000032:6 | emerging threats | inbound exploit | bleeding-edge exploit lsa exploit |
| 40% | 299998:1 | snort | inbound exploit | shellcode x86 inc ebx noop |
| 40% | 21390:5 | snort | inbound exploit | registered free shellcode x86 inc ebx noop |
| 30% | 3000006:99 | bothunter | egg download | bothunter malware executable upload |
| 19% | 52123:3 | snort | outbound scan | registered free attack-responses micros... |
Most Prolific BotNet Command and Control Servers and Filters
Sat Jul 5 10:12:12 2008
| rate | hits | first | last | domain | country | filter |
|---|---|---|---|---|---|---|
| 100 | 110 | 06/27 | 07/04 | comcast.net | |
deny ip host 069.247.147.113 any log |
| 86 | 104 | 06/05 | 07/04 | - | |
deny ip host 217.170.244.002 any log |
| 72 | 74 | 06/28 | 07/04 | romlox.net | |
deny ip host 210.245.211.011 any log |
| 32 | 45 | 06/08 | 07/03 | monkey.hosting.ua | |
deny ip host 194.054.090.246 any log |
| 18 | 38 | 06/06 | 07/03 | awknet.com | |
deny ip host 069.042.216.090 any log |
| 14 | 21 | 06/06 | 07/02 | webdesignpro.org | |
deny ip host 072.010.172.218 any log |
| 3 | 6 | 06/09 | 07/02 | synflood.ws | |
deny ip host 067.043.236.098 any log |
| 3 | 4 | 06/19 | 06/29 | synflood.ws | |
deny ip host 067.043.236.066 any log |
| 2 | 4 | 06/20 | 06/20 | netsolutions.org | |
deny ip host 069.065.040.234 any log |
| 1 | 3 | 06/20 | 06/25 | webdesignpro.org | |
deny ip host 072.010.172.211 any log |
Most Observed Malware-Related DNS Names
Sat Jul 5 10:37:23 2008
embeds = number of malware binaries in which this DNS name was discovered
lookups = number of observed infections in which this DNS name was looked up
rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS names
| rank | lookups | embeds | first | last | country | DNS |
|---|---|---|---|---|---|---|
| 100 | 808 | 0 | 06/27 | 07/04 | |
chat-shqip.org |
| 100 | 726 | 0 | 06/27 | 07/04 | |
w3bs.chat-shqip.org |
| 100 | 693 | 1 | 06/05 | 07/04 | |
proxim.ircgalaxy.pl |
| 100 | 715 | 0 | 06/17 | 07/04 | |
download.microsoft.com |
| 46 | 308 | 0 | 06/05 | 07/04 | |
citi-bank.ru |
| 21 | 107 | 90 | 06/05 | 07/04 | |
siliconfireware.ru |
| 21 | 108 | 0 | 06/11 | 07/04 | |
proxima.ircgalaxy.pl |
| 20 | 99 | 78 | 06/05 | 07/04 | |
moscow-advokat.ru |
| 13 | 58 | 0 | 06/28 | 07/02 | |
ksn.a1001186.wrs.mcboo.com |
| 13 | 56 | 0 | 06/28 | 07/02 | |
dl2.teenpassage.com |
Most Effective Antivirus Tools Against New Malware Binaries
Sat Jul 5 10:48:11 2008
detects = Antivirus system overall detection rate based on exposure to 2665 malware binaries
| rank | detects | missed | analyzed | country | vendor |
|---|---|---|---|---|---|
| 1st | 96% | 87 | 2665 | |
Avira |
| 2nd | 96% | 100 | 2665 | |
Secure Computing |
| 3rd | 94% | 137 | 2665 | |
Ikarus Security Software |
| 4th | 93% | 170 | 2665 | |
BitDefender Inc |
| 5th | 92% | 194 | 2665 | |
F-Secure Corporation |
| 6th | 91% | 224 | 2665 | |
Grisoft Inc |
| 7th | 89% | 291 | 2665 | |
Sophos Labs |
| 8th | 88% | 299 | 2665 | |
ALWIL Software |
| 9th | 88% | 302 | 2665 | |
Norman Inc |
| 10th | 88% | 302 | 2665 | |
Kaspersky Lab |
Most Aggressively Spreading Malware Binaries
Sat Jul 5 11:00:54 2008
| rank | hits | first | last | AV rate | Binary MD5 |
|---|---|---|---|---|---|
| 89 | 390 | 06/17 | 07/04 | 33 0 of 32 | 53bfe15e9143d86b276d73fdcaf66265 |
| 66 | 218 | 06/27 | 07/02 | 20 of 32 | 17739a55ad0d6523bc71bf759b619287 |
| 55 | 181 | 06/27 | 07/02 | 26 of 32 | ca15c09536fc96ba9b8fc94dd9313a0f |
| 52 | 2839 | 06/05 | 07/04 | 25 of 32 | 7fdfe363d51e27caa1b6d490646e66f5 |
| 45 | 150 | 06/27 | 07/02 | 10 of 32 | d2c26e07fdce66134f43cfc65b97e18a |
| 22 | 3137 | 06/05 | 07/04 | 26 of 32 | 7d99b0e9108065ad5700a899a1fe3441 |
| 18 | 104 | 06/11 | 07/03 | 31 of 32 | 741e3b03b3ff6e464a5a61e7d1875f7f |
| 15 | 161 | 06/14 | 06/15 | 23 of 32 | 0f143d385626dd46f3e35de3ebf4fe5e |
| 12 | 1380 | 06/05 | 07/03 | 25 of 32 | 7f60162c2c0bd2cc7531e51328e98290 |
| 11 | 1096 | 06/05 | 07/03 | 29 of 32 | a12cab51ef99e98305668d189d0db147 |

