Reverse Deception: Organized Cyber Threat Counter-Exploitation (36 page)

Read Reverse Deception: Organized Cyber Threat Counter-Exploitation Online

Authors: Sean Bodmer

Tags: #General, #security, #Computers

BOOK: Reverse Deception: Organized Cyber Threat Counter-Exploitation
7.67Mb size Format: txt, pdf, ePub

 

Malware Domain List
   This data repository is a great resource that can be used to track cyber-criminal campaigns. It’s maintained by a group of security professionals who pool their resources together to discuss via forums. It also provides hourly updated lists of malicious domains and analysis of those malicious domains and IP addresses. Each domain or IP address has a lot of good analysis as to what crimeware family and/or group it may be associated with. When consuming this data, you need to keep in mind that the attribution of the groups lies in the URI. You need to
always
look at the URI strings in order to attribute specific activity to a group you may already be tracking. The repository is located at
www.malwaredomainlist.com
.

 

Excellent

 

Abuse.ch
   This data repository is one of the best public resources (in our professional opinion) that can be used to track specific botnet command-and-control (CnC) domains and IP addresses, criminal networks, and cyber-criminal campaigns. This group is based mostly in Europe, with contributors throughout the world working together to detect and track botnet and criminal networks.
Abuse.ch
offers not only information about the CnC activity, but also all sorts of data related to the binaries, versions, URI, history, uptime, type of server, geolocation, and whether the CnC is still online. This repository is located at
www.abuse.ch/
.

Roman Hüssy is one of the focal analysts behind
abuse.ch
and is a great asset to the international security community. He helps run multiple trackers, such as the following:

DNS Blacklist, which tracks fast-flux crimeware networks (
https://dnsbl.abuse.ch
)
ZeuS Tracker, which tracks Zeus bot-related CnC and file update sites (
https://zeustracker.abuse.ch/
)
SpyEye Tracker, which tracks SpyEye bot-related CnC and file update sites (
https://spyeyetracker.abuse.ch
)
Palevo Tracker, which is a remotely controllable worm based on Mariposa bot code (
https://palevotracker.abuse.ch/
)
AmaDa, which is a catchall that tracks anything not related to the specific crimeware families mentioned (
amada.abuse.ch
); although AmaDa was discontinued in early 2012 the online resource itself was very powerful

 

 

Excellent

 

Clean MX
   This data repository is a good resource for analyzing phishing campaigns, infector sites, and crimeware update sites. It is useful for trying to attribute infector sites to a specific group or crimeware campaign. This is a data source to help support identification of possible infection vectors. It is located at
www.clean-mx.de
.

 

Good

Other books

A Fool's Gold Christmas by Susan Mallery
Meant to Be by Jessica James
Freddie Mercury by Peter Freestone
Operation Hellfire by Michael G. Thomas
Pecking Order by Chris Simms
Hunted by Sophie McKenzie
Men Times Three by Edwards, Bonnie