News & Insights

The scannings will continue until the Internet improves

March 28, 2014
The news and our networks have been full of articles and packets related to the different UDP amplification attacks that have been ongoing.  We and several other researchers have been looking at this problem for a while and while there are not any easy solutions we can at least make network owners more aware of the issues that we can see on their networks from the outside. This has led to some interesting results, most of which are not pleasant.

Surprise! You have ntp!

March 26, 2014
Shadowserver added a new set of reports to all of those who have signed up to receive information about their networks.  The report is the culmination of months of work figuring out how to reliably scan the Internet for potential Distributed Denial of Service (DDoS) amplification.

Displaying Shadowserver Data with Maltego

July 24, 2013
One of our core missions is to provide actionable data to network owners and researchers. Given this mission, we are constantly on the lookout for new and interesting ways to deliver our data and we are now pleased to announce that we have published a Maltego transform compatible with the Malformity Project.

Breaking the Kill Chain with Log Analysis

May 6, 2013
At Shadowserver we have observed cyber threat actors use strategic web compromise as an avenue to infect high-value victims. There are a number of ways that a threat actor can gain administrative access to a strategically important website.

How do you lose 30 million malicious samples?

April 7, 2013
As individuals and as a group we have been collecting malware for many years. The Shadowserver Foundation repository dates back to 2005 and we collected our first million shortly after we actually started counting.

Comment Group Cyber Espionage: Additional Information & Clarification

February 22, 2013
A cyber espionage threat group, frequently known as the Comment Group, has recently received a good bit of extra attention in the last few days. On February 18, 2013, Mandiant released a report detailing a substantial amount of information on the group.

Beware the trolls, secure your trackers

August 14, 2012
You track botnets? Right, we do as well. You spent your weekends building your slick botnet trackers and some fancy web interface? Damn, we did too. But let's face the truth, DDoS is boring. What gives better sense to your day than some random crook trolling you and your monitoring infrastructure? Nothing. So here's what happened today...

Reaffirmation of Values and Mission

May 23, 2012
Over the past seven years the Shadowserver Foundation has been successfully executing its mission to improve Internet Security by sharing information of compromised servers, malicious attackers and the spread of malware. We have been brazen in our core philosophy to share information freely and at no obligation.

Cyber Espionage & Strategic Web Compromises - Trusted Websites Serving Dangerous Results

May 15, 2012
In the last year, attackers engaged in cyber espionage have increasingly turned to the web to distribute their malware via drive-by exploits. The idea of distributing malware via drive-by exploits is not new at all.

Beware of what you download. Recent purported CEIEC document dump booby-trapped.

April 16, 2012
In recent weeks thousands documents have been released online by a hacktivist going by the online moniker of "Hardcore Charlie." These documents appear to have potentially been sourced and possibly stolen from various businesses and governments in different countries including the United States, the Philippines, Myanmar, Vietnam, and others.