BlackEnergy DDoS
Shadowserver has published their take on a recent series of DDoS attacks http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100913. The control domains, victim industries, countries affected, and command communications are all listed in the article. Not a complete analysis of the BlackEnergy bot, and bots are not a new phenomenon, but server to remind that DDoS for hire is still around, botnets are still around, and that their impact can be devastating.
Keywords: blackenergy ddos
3 comment(s)
×
Diary Archives
Comments
Are we just trying to research new malware developments and document their victims?
PS: I've personally reported the DDoS to CanCERT few weeks ago and received no response or help on the topic...
Trbmaker
Sep 14th 2010
1 decade ago
At home I use the list of China and Korea netblocks maintained at www.okean.com to blackhole those pits of spam, phish, and malware. Does anyone know of an accurate, up-to-date list of netblocks for Russia, or for all of the former S.U.? I'm not so concerned about DDoS topics at home (though I wouldn't want my systems recruited for such an attack), but there's plenty of other badness lurking where there's little or no content we'd want or even be able to read.
It's not a perfect defense, I know, and it sure wouldn't fly at work. But many are the times there is an article here about the latest malware, and I find it's hosted in China and know it's nothing I have to worry about my family stumbling into. Though I hate the idea of chopping the i'net into disconnected pieces, Johnny can't read "#%=+@" anyway.
Know of any ex-su netblock lists?
Ken
Sep 15th 2010
1 decade ago
Frank
Sep 15th 2010
1 decade ago