Our Latest Threat Intelligence
The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)
Most Aggressive Malware Attack Source and Filters
Fri May 16 12:06:52 2008
rank = 30-day importance ranking (1 to 100) of most aggressive infection sources
| rank | hits | first | last | domain | country | filter |
|---|---|---|---|---|---|---|
| 57 | 5 | 04/27 | 05/14 | concepts.nl |  |
deny ip host 213.197.010.057 any log |
| 50 | 4 | 04/29 | 05/10 | astral.ro |  |
deny ip host 083.103.132.181 any log |
| 48 | 3 | 05/14 | 05/15 | - |  |
deny ip host 212.233.194.141 any log |
| 45 | 3 | 05/07 | 05/15 | brasiltelecom.net.br |  |
deny ip host 189.005.084.010 any log |
| 41 | 3 | 05/07 | 05/09 | ntelos.net |  |
deny ip host 206.248.231.155 any log |
| 40 | 3 | 05/01 | 05/13 | net2000.ch |  |
deny ip host 088.085.018.069 any log |
| 40 | 4 | 04/19 | 05/15 | - | |
deny ip host 194.187.122.185 any log |
| 39 | 3 | 05/06 | 05/09 | vectranet.pl | |
deny ip host 088.156.084.113 any log |
| 39 | 3 | 05/05 | 05/10 | brasiltelecom.net.br | |
deny ip host 189.039.158.149 any log |
| 39 | 3 | 05/01 | 05/14 | apexcovantage.com |  |
deny ip host 090.155.137.079 any log |
Most Effective Malware-Related Snort Signatures
Sun May 11 23:12:15 2008
detects = 30-day signature detection rates based on exposure to 10008 malware infections
| detects | sidrev | author | phase | description |
|---|---|---|---|---|
| 59% | 5001684:99 | bothunter | egg download | bothunter malware windows executable (p... |
| 57% | 2001683:3 | emerging threats | egg download | bleeding-edge malware windows executabl... |
| 50% | 22466:7 | snort | inbound exploit | netbios smb-ds ipc$ unicode share access |
| 46% | 299998:1 | snort | inbound exploit | shellcode x86 inc ebx noop |
| 46% | 21390:5 | snort | inbound exploit | registered free shellcode x86 inc ebx noop |
| 43% | 292000032:99 | bothunter | inbound exploit | bothunter exploit lsa exploit |
| 43% | 22000032:6 | emerging threats | inbound exploit | bleeding-edge exploit lsa exploit |
| 40% | 299913:1 | snort | inbound exploit | shellcode x86 0x90 unicode noop |
| 34% | 3000006:99 | bothunter | egg download | bothunter malware executable upload |
| 23% | 3000000:99 | bothunter | egg download | bothunter http-based .exe upload on bac... |
Most Prolific BotNet Command and Control Servers and Filters
Fri May 16 12:05:07 2008
| rate | hits | first | last | domain | country | filter |
|---|---|---|---|---|---|---|
| 100 | 419 | 04/27 | 05/12 | cnuninet.net |  |
deny ip host 211.096.097.044 any log |
| 100 | 155 | 05/12 | 05/15 | - | |
deny ip host 222.177.011.165 any log |
| 43 | 46 | 05/10 | 05/12 | innosoft.biz |  |
deny ip host 210.217.196.011 any log |
| 36 | 58 | 04/21 | 05/15 | fastit.net |  |
deny ip host 085.114.137.060 any log |
| 34 | 66 | 04/29 | 05/03 | - | |
deny ip host 218.093.014.236 any log |
| 29 | 66 | 04/16 | 05/14 | - |  |
deny ip host 217.170.244.002 any log |
| 5 | 8 | 04/23 | 05/07 | bulletads.com | |
deny ip host 069.050.209.031 any log |
| 5 | 5 | 05/12 | 05/15 | herbalqc.com | |
deny ip host 222.051.025.090 any log |
| 4 | 8 | 04/21 | 05/06 | bulletads.com | |
deny ip host 069.050.208.003 any log |
| 2 | 5 | 04/16 | 05/11 | webdesignpro.org |  |
deny ip host 072.010.172.218 any log |
Most Observed Malware-Related DNS Names
Fri May 16 12:08:57 2008
embeds = number of malware binaries in which this DNS name was discovered
lookups = number of observed infections in which this DNS name was looked up
rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS names
| rank | lookups | embeds | first | last | country | DNS |
|---|---|---|---|---|---|---|
| 100 | 1937 | 149 | 04/27 | 05/15 | |
scorti1.dns2go.com |
| 100 | 1898 | 0 | 04/27 | 05/15 | |
hail.dns2go.com |
| 41 | 314 | 2 | 04/16 | 05/15 |  |
citi-bank.ru |
| 41 | 293 | 13 | 04/16 | 05/15 | |
proxim.ircgalaxy.pl |
| 18 | 98 | 92 | 04/16 | 05/15 |  |
moscow-advokat.ru |
| 13 | 83 | 64 | 04/16 | 05/15 |  |
siliconfireware.ru |
| 13 | 0 | 149 | 04/27 | 05/15 | |
admin.com |
| 8 | 44 | 14 | 04/21 | 05/08 | |
freee.najd.us |
| 7 | 10 | 92 | 04/16 | 05/15 |  |
london.uk.eu.undernet.org |
| 7 | 73 | 71 | 04/17 | 05/09 |  |
f.unicat.org |
Most Effective Antivirus Tools Against New Malware Binaries
Fri May 16 13:31:54 2008
detects = Antivirus system overall detection rate based on exposure to 1886 malware binaries
| rank | detects | missed | analyzed | country | vendor |
|---|---|---|---|---|---|
| 1st | 96% | 74 | 1886 |  |
Ikarus Security Software |
| 2nd | 94% | 106 | 1886 | |
Avira |
| 3rd | 93% | 118 | 1886 | |
BitDefender Inc |
| 4th | 93% | 122 | 1886 | |
Secure Computing |
| 5th | 90% | 186 | 1886 |  |
Grisoft Inc |
| 6th | 89% | 201 | 1886 |  |
Quick Heal Technologies |
| 7th | 89% | 203 | 1886 | |
F-Secure Corporation |
| 8th | 89% | 206 | 1886 | |
Kaspersky Lab |
| 9th | 88% | 217 | 1886 |  |
Norman Inc |
| 10th | 85% | 269 | 1886 | |
Sophos Labs |
Most Aggressively Spreading Malware Binaries
Fri May 16 12:12:31 2008
| rank | hits | first | last | AV rate | Binary MD5 |
|---|---|---|---|---|---|
| 100 | 1229 | 04/27 | 05/15 | 21 of 32 | 5f78ff609da4fc5e699ccf4cbac77bc1 |
| 57 | 196 | 05/05 | 05/15 | 14 of 32 | a2a036466abed0cf90aa1fba6494af62 |
| 26 | 2617 | 04/16 | 05/15 | 25 of 32 | 7fdfe363d51e27caa1b6d490646e66f5 |
| 15 | 2974 | 04/16 | 05/15 | 26 of 32 | 7d99b0e9108065ad5700a899a1fe3441 |
| 14 | 63 | 04/27 | 05/15 | 20 of 32 | af98fe0c947dbcfe37963d0d2619636a |
| 11 | 48 | 04/29 | 05/15 | 12 of 32 | 76b4ab852ec50e9b1a959dd8139a41f5 |
| 10 | 1286 | 04/16 | 05/15 | 25 of 32 | 7f60162c2c0bd2cc7531e51328e98290 |
| 7 | 588 | 04/16 | 05/15 | 29 of 32 | 831f4ee0a7d2d1113c80033f8d6ac372 |
| 6 | 76 | 04/28 | 05/15 | 14 of 32 | 8f367186c33dff8d8b6033dd8b372778 |
| 5 | 385 | 04/16 | 05/13 | 29 of 32 | 1a2c0e6130850f8fd9b9b5309413cd00 |