ANNOUNCEMENT


What's Next For Us: www.BLADE-DEFENDER.org





ATTENTION GRADUATE STUDENTS


SRI is seeking graduate student research interns for Summer 2010. For more details, click here.






Our Latest Threat Intelligence

The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)

Most Aggressive Malware Attack Source and Filters

Sat Sep 4 09:02:38 2010

rank = 30-day importance ranking (1 to 100) of most aggressive infection sources

rank hits first last domain country filter
58 4 08/26 09/03 rr.com US  deny ip host 173.170.223.26 any log
53 4 08/23 09/01 rr.com US  deny ip host 69.193.78.147 any log
52 5 08/17 08/29 rr.com US  deny ip host 69.193.68.239 any log
52 5 08/09 08/27 - -  deny ip host 184.74.74.202 any log
48 3 09/02 09/03 jws.com UK  deny ip host 109.86.115.152 any log
46 4 08/19 08/31 hinet.net TW  deny ip host 59.120.228.224 any log
46 5 08/05 08/28 sbcglobal.net US  deny ip host 75.37.173.251 any log
46 4 08/18 09/01 - LV  deny ip host 194.19.234.252 any log
44 4 08/19 09/03 hinet.net TW  deny ip host 60.250.199.56 any log
43 3 08/23 09/03 shawcable.net CA  deny ip host 174.6.21.151 any log

show me more!

Most Effective Malware-Related Snort Signatures

Sat Sep 4 09:02:46 2010

detects = 30-day signature detection rates based on exposure to 7978 malware infections

detects sidrev author phase description
56% 299913:1 snort inbound exploit shellcode x86 0x90 unicode noop
35% 52123:3 snort outbound scan registered free attack-responses micros...
31% 3001441:1 snort egg download tftp get .exe from external source
31% 1444:3 snort egg download tftp get from external source
31% 2008120:1 emerging threats egg download policy outbound tftp read request
30% 5001684:99 bothunter egg download bothunter malware windows executable (p...
30% 2001683:3 emerging threats egg download bleeding-edge malware windows executabl...
28% 22466:7 snort inbound exploit netbios smb-ds ipc$ unicode share access
21% 2002750:10 snort inbound policy reserved ip space traffic - bogon nets 2
21% 3000003:99 bothunter egg download bothunter http-based .exe upload on bac...

show me more!

Most Prolific BotNet Command and Control Servers and Filters

Sat Sep 4 09:02:21 2010

rate hits first last domain country filter
34 63 08/05 09/03 - NA  deny ip host 213.155.0.224 any log
19 26 08/09 09/02 host7x24.com FR  deny ip host 62.193.249.122 any log
14 20 08/05 09/02 163data.com.cn CN  deny ip host 60.190.222.139 any log
4 9 08/05 09/03 greatnet.de DE  deny ip host 83.133.119.206 any log
1 2 08/27 08/27 - KR  deny ip host 210.127.253.90 any log
1 2 08/22 08/25 verizon.net US  deny ip host 70.107.249.167 any log
1 1 09/03 09/03 web.okusados.cl CL  deny ip host 164.77.252.196 any log

show me more!

Most Observed Malware-Related DNS Names

Sat Sep 4 09:08:31 2010

embeds = number of malware binaries in which this DNS name was discovered
lookups = number of observed infections in which this DNS name was looked up
rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS names

rank lookups embeds first last country DNS
55 314 0 08/05 09/03 DE  citi-bank.ru
5 29 0 08/09 09/02 JP  cx10man.weedns.com
4 37 0 08/05 09/03 LV  ad.ghura.pl
3 25 0 08/05 09/03 DE  proxim.ircgalaxy.pl
3 15 8 08/09 09/02 XX  siliconfireware.ru
2 14 0 08/05 09/03 XX  www.vouchercodes.com
2 12 0 08/18 09/03 US  gg.arrancar.org
2 11 0 08/18 09/02 XX  sb.perfectexe.com
2 9 6 08/18 08/30 XX  moscow-advokat.ru
2 11 0 08/17 09/03 XX  www.pirateparty.in.ua

show me more!

Most Aggressively Spreading Malware Binaries

Sat Sep 4 09:13:04 2010

rank hits first last AV rate Binary MD5
33 08/27 09/03 0 of 32 d41d8cd98f00b204e9800998ecf8427e
14 08/05 08/26 33 0 of 32 53bfe15e9143d86b276d73fdcaf66265
9 08/05 08/26 26 of 32 7d99b0e9108065ad5700a899a1fe3441
4 08/27 09/03 2 0 of 32 ca832de942ad18471ca9a38ffe3cf7a9
3 08/27 09/01 2 0 of 32 9ba1f1416a20fd97cdd2fcd9b45c08a9
2 08/17 08/26 31 of 32 741e3b03b3ff6e464a5a61e7d1875f7f
2 08/27 09/03 0 0 of 32 c9b4b7f0b994b5f2322b03140a5170da
2 08/05 08/26 3 of 32 d9cb288f317124a0e63e3405ed290765
1 08/05 08/23 32 of 32 b502f83a7c9b237018a9e24485af2b79
1 08/09 08/26 39 of 32 d8040f84d47c7ab0476b8f624098b29b

show me more!