CertPolska published an updated
detailed technical report with new statistics were made from 20
different botnets sinkholed by its servers.
All of them used domains registered through Domain Silver, Inc. These are not all of the botnets that used Domain Silver as the registrar, but only ones that were sinkholed as of 23rd of July 2013. The botnet malware included ZeuS ICE IX, Citadel, Andromeda/Gamarue and Dorkbot/NgrBot. Among them is also the Citadel plitfi botnet which is takedown.
Highlights from the gathered data are:
All of them used domains registered through Domain Silver, Inc. These are not all of the botnets that used Domain Silver as the registrar, but only ones that were sinkholed as of 23rd of July 2013. The botnet malware included ZeuS ICE IX, Citadel, Andromeda/Gamarue and Dorkbot/NgrBot. Among them is also the Citadel plitfi botnet which is takedown.
Highlights from the gathered data are:
- 101 831 unique IP addresses connected to our sinkhole on one day.
- Connections were made from 191 different countries, however most of the connections were made from Europe.
- Some botnets used geographical profiling in order to capture victims in a specific countries.
No comments:
Post a Comment