Media Coverage

Shadowserver in the news

Security Firm Detects 57M Attempts to Exploit 2-Year-Old Router Firmware Backdoor

Bleeping Computer, November 21, 2016

The case of the Netis router firmware backdoor shows you that even if a company puts out a patch to resolve security issues, the problem lingers on for years, as users fail to update their devices, or the patch itself fails to properly fix the issue. A more accurate statistics for the number of compromised Netis routers is provided by The Shadowserver Foundation, which claims to have identified over 15,000 hacked Netis routers, which is more than enough to build powerful DDoS botnets and bring down websites.

Hackers hacking hackers to knacker white hat cracker trackers

The Register, April 14, 2016

ACSC2016 Malware writers are selling each other out to white hats and hacking through each other’s infrastructure to frame rivals, Shadowserver’s Richard Perlotto says.

Malware developers hide in plain sight in online sandboxes

Tech Republic, February 10, 2016

Malware analysis using online sandboxes is another example of technology designed to assist good guys that ends up helping bad guys as much if not more. A group of researchers from Eurecom, Symantec Research Labs, and Universita’ degli Studi di Milano decided to investigate databases from several malware analysis services — some containing millions of samples.

iOS Malware XcodeGhost affecting Hong Kong

HKCERT, November 17, 2015

In the Sep-2015, a security researcher discovered iOS malware XcodeGhost in official Apple Store. Over hundred applications were affected, including “WeChat”, “TTPod”, “Di Di”, “Hexin Financial” common application and “Angry Birds 2” famous game. Apple officially announced, the infected app were under the removal process in the App Store. The affected apps’ developers would update their apps and submit to the App Store again. There is still a risk of data leakage if users does not remove or update the affected apps. HKCERT analyzed the data from the Shadowserver. We discovered that average 14,147 unique IPs per day still made connection to the C2 server of XcodeGhost in the first week of October. This figure is about 30 times of other botnets infection.

FBI teams up with hackers to bust bank robbing botnet

CNN, October 15, 2015

American and British police have managed to stop a massive hacking operation that infected computers worldwide, stealing at least $10 million from the United States alone.

EC3 in cooperative action to target Dridex banking malware

SC Magazine, October 14, 2015

EC3, NCA, FBI and a range of other bodies have targeted the Dridex banking malware, including using a sinkhole operation to sever communications between infected botnets and their controlling cyber-criminals.

FBI teams up with hackers to bust bank robbing botnet

CNN, October 14, 2015

On Tuesday, U.S. prosecutors announced a victory in the war on malware. American and British police have managed to stop a massive hacking operation that infected computers worldwide, stealing at least $10 million from the United States alone. Law enforcement — with the help of several cybersecurity firms — took control of a network of machines that distributed malicious software known as “Bugat,” “Cridex” or “Dridex.”

FBI and UK cops smash Dridex high-stakes bank-raiding botnet

ZDNet, October 14, 2015

Joint efforts by law-enforcement agencies in the US and UK have crippled an eastern European gang behind the bank credential-stealing botnet known as Dridex.

FBI takes down Dridex botnet, seizes servers, arrests suspect

The Register, October 14, 2015

The FBI has teamed up with security vendors to disrupt the operations of Dridex banking Trojan. Multiple command-and-control (C&C) servers used by the Dridex Trojan have been taken down and seized in a co-ordinated action after the FBI obtained court orders. The take-down operation is geared towards crippling the malware’s control network, which is used to upload stolen information to crooks behind the network as well as pushing instructions and software configuration to zombie nodes on the botnet. Attack traffic is being re-routed towards sinkholes under the control of an organisation called The Shadowserver Foundation.

Cops Knock Down Dridex Malware That Earned 'Evil Corp' Cybercriminals At Least $50 Million

Forbes, October 13, 2015

A strain of malware called Dridex has been making Eastern European cybercriminals a significant amount of money in recent years. But a spanner has been thrust into their machinations by a global law enforcement action announced today that saw one significant arrest and an attempt to dismantle the crook’s infrastructure.