Malware

Malware / Featured Blogs

An Unnatural .Bond: A Study of a ‘Megacluster’ of Malware Domains

Jul 23, 2024

A recent news story, following research from security provider Infoblox, highlighted the case of the 'Revolver Rabbit' cybercriminal gang, who have registered more than half-a-million domains to be used for the distribution of information-stealing malware. The gang make use of automated algorithms to register their domains, but unlike the long, pseudo-random ('high entropy') domain names frequently associated with such tools, the Revolver Rabbit domains instead tend to consist of hyphen-separated dictionary words (presumably so as to obfuscate their true purpose), with a string of digits at the end.

Damaging Malware Uncovered in the Google Play Store

Nov 16, 2023

Android users can choose from 3.718 million applications in the Google Play Store. When installing applications, the majority of consumers trust Google to keep their devices safe from hackers. However, the reality is different. Just back in May 2023, researchers discovered over 101 infected applications in the Android store. Many of these apps counted over 400 million downloads.

Challenges in Measuring DNS Abuse

Nov 02, 2023

From the creation of DNSAI Compass ("Compass"), we knew that measuring DNS Abuse1 would be difficult and that it would be beneficial to anticipate the challenges we would encounter. With more than a year of published reports, we are sharing insights into one of the obstacles we have faced. One of our core principles is transparency and we've worked hard to provide this with our methodology.

DNSAI Compass: Six Months of Measuring Phishing and Malware

Feb 16, 2023

The DNS Abuse Institute recently published our sixth monthly report for our project to measure DNS Abuse: DNSAI Compass ('Compass'). Compass is an initiative of the DNS Abuse Institute to measure the use of the DNS for phishing and malware. The intention is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement.

Endpoint Rollbacks & Data Shadow Copies

Oct 10, 2021

Recently I was asked by a customer how they can easily set up rollback capabilities on the endpoints in their corporate network. They had seen the marketing hype by various security technology providers that their products included rollback capabilities they could utilize if/when one of their workstations or servers was infected by malware. Having gotten this question more than once, I thought it would be a good subject to share with a broader audience.

Trusted Notifiers and the Future of DNS Abuse

Apr 27, 2021

Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse. This theme has been rising in prominence every year since 2018, and 2021 appears to be the tipping point, in which consensus has built around the idea that more can be accomplished in terms of reducing the impact of rogue actors using the Internet for malicious purposes.

What Are the Connected Assets of Confirmed Fake FBI Domains?

Jan 05, 2021

Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020.

Malware Detection Provider Gets Important Victory Allowing It to Flag Unwanted Driver Installer

Mar 29, 2020

Despite a recent Ninth Circuit decision denying immunity to malware detection software for targeting competitor's software, court holds that Section 230 protected Malwarebytes from liability for designating software driver program as potentially unwanted program. Plaintiff provided software that works in real-time in the background of the operating system to optimize processing and locate and install missing and outdated software drivers.

The Digital Decade – A Look Ahead

Jan 14, 2020

As 2019 wrapped up, we took some time to reflect on some of the most impactful digital developments of the past decade and how they helped change our digital lives, including: the rise of mobile and tablet usage; the importance of mobile apps; the explosion of social media and online gaming; cloud computing; domain names, brand protection and the impact of GDP. Now that we've passed the New Year, it's time to look forward.

A Dangerous, Norm-Destroying Attack

Mar 26, 2019

Kim Zetter has a new story out describing a very serious attack. In fact, the implications are about as bad as possible. The attack has been dubbed ShadowHammer by Kaspersky Lab, which discovered it. Briefly, some crew of attackers -- I suspect an intelligence agency; more on that below -- has managed to abuse ASUS' update channel and private signing key to distribute bogus patches.

Industry Updates

Four Steps to Mitigate Subdomain Hijacking

  • By CSC
  • Aug 06, 2024

Hunting for TimbreStealer Malware Artifacts in the DNS

A Peek at the PikaBot Infrastructure

A Log4Shell Malware Campaign in the DNS Spotlight

Unveiling Stealthy WailingCrab Aided by DNS Intelligence

DNS Abuse and Redirection: Enough for a New JS Malware to Hide Behind?

Decoy Dog, Too Sly to Leave DNS Traces?

A DNS Deep Dive Into Malware Crypting

A DNS Deep Dive: That VPN Service May Be OpcJacker in Disguise

SocGholish IoCs and Artifacts: Tricking Users to Download Malware

Malware Persistence versus Early Detection: AutoIT and Dridex IoC Expansion Analysis

A Call for Help May Lead to Malware: BazarCall IoC Analysis and Expansion

Eternity’s LilithBot, Soon Available to Regular Internet Users?

Alleviating BlackEnergy-Enabled DDoS Attacks

GALLIUM APT Group and Other Threat Actors in Disguise

View More