News & Insights

Operation Eversion was the takedown of the highly sophisticated Boaxxe/Kovter botnet based "3ve" (pronounced "Eve") ad fraud network by the DoJ/FBI, Google, WhiteOps and other industry partners. Sinkhole data is available from Shadowserver.

RiskIQ/Flashpoint whitepaper released detailing the inner workings of Magecart's digital credit card skimming e-commerce site injection operations. Sinkhole data is available from Shadowserver.

VPNFilter is a multi-stage modular malware platform designed to infect small office and home office (SOHO) routers and other network devices, believed to be connected to APT28. It was sinkholed under court order by the FBI, with infected device data being made available via Shadowserver's free daily network reports.

On December 1st last year, the successful takedown of the long-running criminal Avalanche double fast flux platform was announced by a consortium of international public and private partners, including The Shadowserver Foundation. One year saw another milestone, with the addition of Andromeda-related domains being added to the set of Avalanche domains to be seized/blocked in a second round of LE action. This takes us to 842,000 malicious domains and another 2+ million unique infected victim IP addresses hitting the sinkholes per day and requiring remediation.

As you may remember, we recently moved data center. It took us a little longer than expected to bring everything back up. But it is all back up now. Tired but happy team!

Well, I hope everyone remembers last year when we moved successfully.  At that time we acquired a larger space and started the arduous process of negotiations on what will really happen to the new space and how the move will take place.

On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator.

For the past 18 months, The Shadowserver Foundation has been quietly working to support international Law Enforcement agencies in the coordinated take down of the criminal operated Avalanche malware delivery platform.

As we had previously stated, we are moving.  Or I should say we have moved.  It was a huge amount of effort by many of the team members.  A big thanks goes out to them all for the work, long hours, and back breaking exercise that no geek enjoys.

Well, as many of you know, we have always been kind of the underground heroes of the Internet.  We have scraped by with used gear, volunteers, and parts that fail often.  We have told stories about our failures and the tribulations of being a non-profit.  While none of that has really changed, we have finally gotten something nice.