News & Insights

Reporting has been fixed and all data going out in the reports again.

The news and our networks have been full of articles and packets related to the different UDP amplification attacks that have been ongoing.  We and several other researchers have been looking at this problem for a while and while there are not any easy solutions we can at least make network owners more aware of the issues that we can see on their networks from the outside. This has led to some interesting results, most of which are not pleasant.

Shadowserver added a new set of reports to all of those who have signed up to receive information about their networks.  The report is the culmination of months of work figuring out how to reliably scan the Internet for potential Distributed Denial of Service (DDoS) amplification.

One of our core missions is to provide actionable data to network owners and researchers. Given this mission, we are constantly on the lookout for new and interesting ways to deliver our data and we are now pleased to announce that we have published a Maltego transform compatible with the Malformity Project.

At Shadowserver we have observed cyber threat actors use strategic web compromise as an avenue to infect high-value victims. There are a number of ways that a threat actor can gain administrative access to a strategically important website.

As individuals and as a group we have been collecting malware for many years. The Shadowserver Foundation repository dates back to 2005 and we collected our first million shortly after we actually started counting.

A cyber espionage threat group, frequently known as the Comment Group, has recently received a good bit of extra attention in the last few days. On February 18, 2013, Mandiant released a report detailing a substantial amount of information on the group.

You track botnets? Right, we do as well. You spent your weekends building your slick botnet trackers and some fancy web interface? Damn, we did too. But let's face the truth, DDoS is boring. What gives better sense to your day than some random crook trolling you and your monitoring infrastructure? Nothing. So here's what happened today...

Over the past seven years the Shadowserver Foundation has been successfully executing its mission to improve Internet Security by sharing information of compromised servers, malicious attackers and the spread of malware. We have been brazen in our core philosophy to share information freely and at no obligation.

In the last year, attackers engaged in cyber espionage have increasingly turned to the web to distribute their malware via drive-by exploits. The idea of distributing malware via drive-by exploits is not new at all.