Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

Reverse Deception: Organized Cyber Threat Counter-Exploitation (36 page)

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
11.53Mb size Format: txt, pdf, ePub
ads

 

Malware Domain List
   This data repository is a great resource that can be used to track cyber-criminal campaigns. It’s maintained by a group of security professionals who pool their resources together to discuss via forums. It also provides hourly updated lists of malicious domains and analysis of those malicious domains and IP addresses. Each domain or IP address has a lot of good analysis as to what crimeware family and/or group it may be associated with. When consuming this data, you need to keep in mind that the attribution of the groups lies in the URI. You need to
always
look at the URI strings in order to attribute specific activity to a group you may already be tracking. The repository is located at
www.malwaredomainlist.com
.

 

Excellent

 

Abuse.ch
   This data repository is one of the best public resources (in our professional opinion) that can be used to track specific botnet command-and-control (CnC) domains and IP addresses, criminal networks, and cyber-criminal campaigns. This group is based mostly in Europe, with contributors throughout the world working together to detect and track botnet and criminal networks.
Abuse.ch
offers not only information about the CnC activity, but also all sorts of data related to the binaries, versions, URI, history, uptime, type of server, geolocation, and whether the CnC is still online. This repository is located at
www.abuse.ch/
.

Roman Hüssy is one of the focal analysts behind
abuse.ch
and is a great asset to the international security community. He helps run multiple trackers, such as the following:

DNS Blacklist, which tracks fast-flux crimeware networks (
https://dnsbl.abuse.ch
)
ZeuS Tracker, which tracks Zeus bot-related CnC and file update sites (
https://zeustracker.abuse.ch/
)
SpyEye Tracker, which tracks SpyEye bot-related CnC and file update sites (
https://spyeyetracker.abuse.ch
)
Palevo Tracker, which is a remotely controllable worm based on Mariposa bot code (
https://palevotracker.abuse.ch/
)
AmaDa, which is a catchall that tracks anything not related to the specific crimeware families mentioned (
amada.abuse.ch
); although AmaDa was discontinued in early 2012 the online resource itself was very powerful

 

 

Excellent

 

Clean MX
   This data repository is a good resource for analyzing phishing campaigns, infector sites, and crimeware update sites. It is useful for trying to attribute infector sites to a specific group or crimeware campaign. This is a data source to help support identification of possible infection vectors. It is located at
www.clean-mx.de
.

 

Good
BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
11.53Mb size Format: txt, pdf, ePub
ads

Other books

Pieces of it All by Tracy Krimmer
Love Inn by Kim Smith
The Mysterious Cases of Mr. Pin by Mary Elise Monsell
Kolyma Tales by Shalanov, Varlan
Bitter Demons by Sarra Cannon
Fighting for the Edge by Comeaux, Jennifer
The Few by Nadia Dalbuono
Last Spy Standing by Marton, Dana
Delivered to the Aliens: Cosmic Connections by Nancey Cummings, Starr Huntress
Sand and Sin by Dani Jace