Reverse Deception: Organized Cyber Threat Counter-Exploitation (36 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation

4.42Mb size Format: txt, pdf, ePub

Malware Domain List
This data repository is a great resource that can be used to track cyber-criminal campaigns. It’s maintained by a group of security professionals who pool their resources together to discuss via forums. It also provides hourly updated lists of malicious domains and analysis of those malicious domains and IP addresses. Each domain or IP address has a lot of good analysis as to what crimeware family and/or group it may be associated with. When consuming this data, you need to keep in mind that the attribution of the groups lies in the URI. You need to
always
look at the URI strings in order to attribute specific activity to a group you may already be tracking. The repository is located at
www.malwaredomainlist.com
.

Excellent

Abuse.ch
This data repository is one of the best public resources (in our professional opinion) that can be used to track specific botnet command-and-control (CnC) domains and IP addresses, criminal networks, and cyber-criminal campaigns. This group is based mostly in Europe, with contributors throughout the world working together to detect and track botnet and criminal networks.
Abuse.ch
offers not only information about the CnC activity, but also all sorts of data related to the binaries, versions, URI, history, uptime, type of server, geolocation, and whether the CnC is still online. This repository is located at
www.abuse.ch/
.

Roman Hüssy is one of the focal analysts behind
abuse.ch
and is a great asset to the international security community. He helps run multiple trackers, such as the following:

DNS Blacklist, which tracks fast-flux crimeware networks (
https://dnsbl.abuse.ch
)

ZeuS Tracker, which tracks Zeus bot-related CnC and file update sites (
https://zeustracker.abuse.ch/
)

SpyEye Tracker, which tracks SpyEye bot-related CnC and file update sites (
https://spyeyetracker.abuse.ch
)

Palevo Tracker, which is a remotely controllable worm based on Mariposa bot code (
https://palevotracker.abuse.ch/
)

AmaDa, which is a catchall that tracks anything not related to the specific crimeware families mentioned (
amada.abuse.ch
); although AmaDa was discontinued in early 2012 the online resource itself was very powerful

Excellent

Clean MX
This data repository is a good resource for analyzing phishing campaigns, infector sites, and crimeware update sites. It is useful for trying to attribute infector sites to a specific group or crimeware campaign. This is a data source to help support identification of possible infection vectors. It is located at
www.clean-mx.de
.

Good

Other books

More of Me by Samantha Chase

To Wed A Viscount by Adrienne Basso

Second Chances: Novella One by Jo Briggs

Other Places 3: Detours by P. S. Power

Sandra Madden by The Forbidden Bride

A Stranger's Kiss by Rosemary Smith

To Kingdom Come by Robert J. Mrazek

The Fountainhead by Ayn Rand

Chasing Glory by Galbraith, DeeAnna

My Scandalous Viscount by Gaelen Foley