News & Insights

In the Service of National CERT’s (revisited)

April 2, 2019
Shadowserver recently achieved the significant milestone of having our 100th National CERT/CSIRT sign up for our free daily network reports, so we though that this would be a good moment to provide an update on our global network remediation coverage.

Mirai Botnet #14: 1 Million German customers disrupted, Liberia taken off line and now the culprit has been convicted

January 12, 2019
The huge Mirai Botnet #14 IoT botnet attacks were successfully stopped and sinkholed by the German BKA and The Shadowserver Foundation, and the actor behind them was identified, arrested and prosecuted in both Germany (with the BKA) and the UK (with the NCA). Sentencing details were made public in the UK today.

One Billion Binaries

December 10, 2018
Breaking news: Shadowserver's malware repository now exceeds the One Billion Binaries milestone (and, spoiler alert - not everyone in the team is as excited by this news as some of us). We provide a little bit of history about the growth of our malware collection, and the some of the challenges we continue to face.

Avalanche 1,2,3…

December 2, 2018
Year 3 of our ongoing Avalanche operations with international law enforcement continue to provide protection for over 2 million unique IP addresses per day against 20+ different strains of malware, including the Andromeda dropper from year two. This has required an unprecedented blocking/seizing of over 2.4 million malicious domain names to date. Sinkhole data continues to be available to subscribers via our free daily network reports.

3ve Takedown / Operation Eversion

November 27, 2018
Operation Eversion was the takedown of the highly sophisticated Boaxxe/Kovter botnet based "3ve" (pronounced "Eve") ad fraud network by the DoJ/FBI, Google, WhiteOps and other industry partners. Sinkhole data is available from Shadowserver.

Sinkholing Magecart digital credit card skimmers from compromised e-commerce sites

November 13, 2018
RiskIQ/Flashpoint whitepaper released detailing the inner workings of Magecart's digital credit card skimming e-commerce site injection operations. Sinkhole data is available from Shadowserver.

VPNFilter - FBI Sinkholing

May 23, 2018
VPNFilter is a multi-stage modular malware platform designed to infect small office and home office (SOHO) routers and other network devices, believed to be connected to APT28. It was sinkholed under court order by the FBI, with infected device data being made available via Shadowserver's free daily network reports.

Avalanche year two, this time with Andromeda

December 4, 2017
On December 1st last year, the successful takedown of the long-running criminal Avalanche double fast flux platform was announced by a consortium of international public and private partners, including The Shadowserver Foundation. One year saw another milestone, with the addition of Andromeda-related domains being added to the set of Avalanche domains to be seized/blocked in a second round of LE action. This takes us to 842,000 malicious domains and another 2+ million unique infected victim IP addresses hitting the sinkholes per day and requiring remediation.
Moving servers through hallway

And the Song Remains the Same

November 15, 2017
As you may remember, we recently moved data center. It took us a little longer than expected to bring everything back up. But it is all back up now. Tired but happy team!

Oops, We’re Doing it Again

October 13, 2017
Well, I hope everyone remembers last year when we moved successfully.  At that time we acquired a larger space and started the arduous process of negotiations on what will really happen to the new space and how the move will take place.