BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers

Miscreants are exploiting UPnP on your home router! Yes, we have another example of the UPnP Universal Plug and Play protocol being used on your home router to allow criminals to use it without your permission. Hui Wang (NetLab 360) and the RootKiter Team have dug into a malware system that is using UPnP to Read More

GhostDNS: New DNS Changer Botnet Hijacked Over 100,000 Routers

“GhostDNS is a new wave of DNS hijacking. Chinese cybersecurity researchers have uncovered a widespread, ongoing malware campaign that has already hijacked over 100,000 home routers and modified their DNS settings to hack users with malicious web pages—especially if they visit banking sites—and steal their login credentials. Dubbed GhostDNS, the campaign has many similarities with the 443-261-6674

306-252-8211

Attackers with DNS Rebinding change the DNS server settings in your devices, home CPEs, and other network devices. The goal is to get them to use their DNS Resolver vs the one provided by your Operator (or one you select for a DNS security service). The miscreants (bad guys) will use malware, phishing, and other Read More

305-748-8213

15 Aug 2012 — ripe ncc As reported in previous announcements, the RIPE NCC will go to court in the Netherlands on 29 November 2012 to seek clarification on the procedure taken by the Dutch police on 8 November 2011 when it presented the RIPE NCC with a police order to “lock” registrations in the 8434960962

320-272-1336

From Senki.org …. By bgreene On August 10, 2012 · As of Friday morning (August 10, 2012), the IP address blocks used by the Rove Digital criminal operations have been re-allocated by RIPE-NCC and advertised to the Internet: /www.ris.ripe.net/cgi-bin/lg/index.cgi?rrc=RRC001&query=1&arg=85.255.112.0%2F20 /www.ris.ripe.net/dashboard/85.255.112.0/20 (Read full blog here)

DCWG Ends Clean DNS Function

On 12:01 Eastern Time on Monday July 9th 2012, the DCWG stop responding to DNS queries from infected machines. This is in compliance with the US Justice Department Court Order authorizing the clean DNS servers. At 12:23 Eastern Time on Monday July 9th 2012, the server started to reply to all DNS request with an Read More

(514) 409-9187

July 8th 2012 is the last day we collect DNS data on the DNS Changer Victims. The total “unique IPs” and last day of infections per DNS Top Level Domain Country Code (TLD CC) are linked below. Now that this phase of the remediation exercise is over, researchers will collect all the data and compare Read More

803-368-7111

Lots of people have been asking for updated data. Thanks to one of our volunteers, we have the latest dump:   Daily Unique IPs connecting to the clean DNS servers up to June 27th 2012 – dcwg-unique-ips-up-to-June-27 Daily Unique IPs in July 2012 – dcwg-unique-ips-July-2012 Current List of Infections by Top Level Domain Country Code 8082806725