Our Latest Threat Intelligence

The data on this website is supplied as is, without warranty of any kind. You may NOT redistribute this data. Use or reliance on this data is at your own risk. (If you REALLY REALLY must redistribute our stuff or get access to the live backend data, binaries, and traces, then click HERE.)

Most Aggressive Malware Attack Source and Filters

Fri May 16 12:06:52 2008

rank = 30-day importance ranking (1 to 100) of most aggressive infection sources

rank hits first last domain country filter
57 5 04/27 05/14 concepts.nl NL  deny ip host 213.197.010.057 any log
50 4 04/29 05/10 astral.ro RO  deny ip host 083.103.132.181 any log
48 3 05/14 05/15 - FR  deny ip host 212.233.194.141 any log
45 3 05/07 05/15 brasiltelecom.net.br BR  deny ip host 189.005.084.010 any log
41 3 05/07 05/09 ntelos.net US  deny ip host 206.248.231.155 any log
40 3 05/01 05/13 net2000.ch CH  deny ip host 088.085.018.069 any log
40 4 04/19 05/15 - RO  deny ip host 194.187.122.185 any log
39 3 05/06 05/09 vectranet.pl NL  deny ip host 088.156.084.113 any log
39 3 05/05 05/10 brasiltelecom.net.br BR  deny ip host 189.039.158.149 any log
39 3 05/01 05/14 apexcovantage.com UK  deny ip host 090.155.137.079 any log

show me more!

Most Effective Malware-Related Snort Signatures

Sun May 11 23:12:15 2008

detects = 30-day signature detection rates based on exposure to 10008 malware infections

detects sidrev author phase description
59% 5001684:99 bothunter egg download bothunter malware windows executable (p...
57% 2001683:3 emerging threats egg download bleeding-edge malware windows executabl...
50% 22466:7 snort inbound exploit netbios smb-ds ipc$ unicode share access
46% 299998:1 snort inbound exploit shellcode x86 inc ebx noop
46% 21390:5 snort inbound exploit registered free shellcode x86 inc ebx noop
43% 292000032:99 bothunter inbound exploit bothunter exploit lsa exploit
43% 22000032:6 emerging threats inbound exploit bleeding-edge exploit lsa exploit
40% 299913:1 snort inbound exploit shellcode x86 0x90 unicode noop
34% 3000006:99 bothunter egg download bothunter malware executable upload
23% 3000000:99 bothunter egg download bothunter http-based .exe upload on bac...

show me more!

Most Prolific BotNet Command and Control Servers and Filters

Fri May 16 12:05:07 2008

rate hits first last domain country filter
100 419 04/27 05/12 cnuninet.net CN  deny ip host 211.096.097.044 any log
100 155 05/12 05/15 - CN  deny ip host 222.177.011.165 any log
43 46 05/10 05/12 innosoft.biz KR  deny ip host 210.217.196.011 any log
36 58 04/21 05/15 fastit.net DE  deny ip host 085.114.137.060 any log
34 66 04/29 05/03 - CN  deny ip host 218.093.014.236 any log
29 66 04/16 05/14 - CS  deny ip host 217.170.244.002 any log
5 8 04/23 05/07 bulletads.com US  deny ip host 069.050.209.031 any log
5 5 05/12 05/15 herbalqc.com CN  deny ip host 222.051.025.090 any log
4 8 04/21 05/06 bulletads.com US  deny ip host 069.050.208.003 any log
2 5 04/16 05/11 webdesignpro.org CA  deny ip host 072.010.172.218 any log

show me more!

Most Observed Malware-Related DNS Names

Fri May 16 12:08:57 2008

embeds = number of malware binaries in which this DNS name was discovered
lookups = number of observed infections in which this DNS name was looked up
rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS names

rank lookups embeds first last country DNS
100 1937 149 04/27 05/15 CN  scorti1.dns2go.com
100 1898 0 04/27 05/15 CN  hail.dns2go.com
41 314 2 04/16 05/15 UA  citi-bank.ru
41 293 13 04/16 05/15 DE  proxim.ircgalaxy.pl
18 98 92 04/16 05/15 RU  moscow-advokat.ru
13 83 64 04/16 05/15 EU  siliconfireware.ru
13 0 149 04/27 05/15 US  admin.com
8 44 14 04/21 05/08 US  freee.najd.us
7 10 92 04/16 05/15 FI  london.uk.eu.undernet.org
7 73 71 04/17 05/09 XX  f.unicat.org

show me more!

Most Effective Antivirus Tools Against New Malware Binaries

Fri May 16 13:31:54 2008

detects = Antivirus system overall detection rate based on exposure to 1886 malware binaries

rank detects missed analyzed country vendor
1st 96% 74 1886 AT  Ikarus Security Software
2nd 94% 106 1886 DE  Avira
3rd 93% 118 1886 RO  BitDefender Inc
4th 93% 122 1886 US  Secure Computing
5th 90% 186 1886 CZ  Grisoft Inc
6th 89% 201 1886 IN  Quick Heal Technologies
7th 89% 203 1886 FI  F-Secure Corporation
8th 89% 206 1886 RU  Kaspersky Lab
9th 88% 217 1886 NO  Norman Inc
10th 85% 269 1886 UK  Sophos Labs

show me more!

Most Aggressively Spreading Malware Binaries

Fri May 16 12:12:31 2008

rank hits first last AV rate Binary MD5
100 1229 04/27 05/15 21 of 32 5f78ff609da4fc5e699ccf4cbac77bc1
57 196 05/05 05/15 14 of 32 a2a036466abed0cf90aa1fba6494af62
26 2617 04/16 05/15 25 of 32 7fdfe363d51e27caa1b6d490646e66f5
15 2974 04/16 05/15 26 of 32 7d99b0e9108065ad5700a899a1fe3441
14 63 04/27 05/15 20 of 32 af98fe0c947dbcfe37963d0d2619636a
11 48 04/29 05/15 12 of 32 76b4ab852ec50e9b1a959dd8139a41f5
10 1286 04/16 05/15 25 of 32 7f60162c2c0bd2cc7531e51328e98290
7 588 04/16 05/15 29 of 32 831f4ee0a7d2d1113c80033f8d6ac372
6 76 04/28 05/15 14 of 32 8f367186c33dff8d8b6033dd8b372778
5 385 04/16 05/13 29 of 32 1a2c0e6130850f8fd9b9b5309413cd00

show me more!