News & Insights

Of Scannings and Statistics

August 22, 2014
We have been engaged in scanning of the internet for its better health for over a year (we started with a few, then grew to a dozen).  The decreases in abusable systems has dropped significantly in several areas.  We have also had an inadvertent effect of identifying networking misconfiguration on many networks which has helped improve the stability and security of those organizations.

Gameover Zeus & Cryptolocker

June 8, 2014
On Monday June 2nd 2014, the US Department of Justice announced an ongoing operation to take down the infamous Gameover Zeus and CryptoLocker cybercrimal botnet infrastructures. "Operation Tovar" is a joint effort between international law enforcement agencies, such as the FBI, UK NCA and Europol/EC3, plus multiple private partners.

A bit too much DNS Data in Open Resolver Report from 2014-05-22

May 23, 2014
While this has been communicated via e-mail to most of our report recipients, we wanted to make a quick note on our blog regarding the Open Resolver report that recently went out dated 2014-05-22. Please disregard the DNS openresolver data from this data. It lists all DNS servers, not only the ones that are open resolvers.

Houston, we have a problem

March 29, 2014
Reporting has been fixed and all data going out in the reports again.

The scannings will continue until the Internet improves

March 28, 2014
The news and our networks have been full of articles and packets related to the different UDP amplification attacks that have been ongoing.  We and several other researchers have been looking at this problem for a while and while there are not any easy solutions we can at least make network owners more aware of the issues that we can see on their networks from the outside. This has led to some interesting results, most of which are not pleasant.

Surprise! You have ntp!

March 26, 2014
Shadowserver added a new set of reports to all of those who have signed up to receive information about their networks.  The report is the culmination of months of work figuring out how to reliably scan the Internet for potential Distributed Denial of Service (DDoS) amplification.

Displaying Shadowserver Data with Maltego

July 24, 2013
One of our core missions is to provide actionable data to network owners and researchers. Given this mission, we are constantly on the lookout for new and interesting ways to deliver our data and we are now pleased to announce that we have published a Maltego transform compatible with the Malformity Project.

Breaking the Kill Chain with Log Analysis

May 6, 2013
At Shadowserver we have observed cyber threat actors use strategic web compromise as an avenue to infect high-value victims. There are a number of ways that a threat actor can gain administrative access to a strategically important website.

How do you lose 30 million malicious samples?

April 7, 2013
As individuals and as a group we have been collecting malware for many years. The Shadowserver Foundation repository dates back to 2005 and we collected our first million shortly after we actually started counting.

Comment Group Cyber Espionage: Additional Information & Clarification

February 22, 2013
A cyber espionage threat group, frequently known as the Comment Group, has recently received a good bit of extra attention in the last few days. On February 18, 2013, Mandiant released a report detailing a substantial amount of information on the group.