Entries filed under 'Botnet'

Threat Research Blog

FireEye posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. These blog posts cover everything from exploits and vulnerabilities, to advanced malware and targeted attacks.


    Grum CnCs—Just a few more to go

    By Atif Mushtaq
    This post was updated on July 17, 2012, at 3:15 PM. Last week, I wrote an article covering various aspects of a large spam botnet named Grum. This article mainly covered the current command and control (CnC) coordinates of this botnet. The intention behind this article was not only to share this information for a general awareness, but also to invite the research community to come forward to take down this spam Read more...


    Killing the Beast - Part 5

    By Atif Mushtaq
    Back in 2009, I started writing a series of articles called "Killing the Beast." These articles were primarily focused on the command and control (CnC) coordinates of popular spam botnets. These articles not only provided readers greater visibility into these spam botnets, but also served as the basis for two botnet takedowns. So far, four articles under this series have been published. After a long time, I have decided to write the Read more...


    More Flame/sKyWIper CNC Behavior Uncovered

    By Ali Islam
    When news of the Flame/SkyWiper malware hit the headlines last month, the world went into a frenzy. Flame was immediately hailed as the world’s most sophisticated malware. While security researchers will surely be talking about Flame for years to come, FireEye has since made another discovery regarding Flame’s command and control (CNC) behavior: it appears that the Flamer/sKyWIper malware’s callback has recently changed.Specifically, we have evidence that the malware is likely proxy-aware Read more...


    Stories About Botnets - Part 1

    By Atif Mushtaq
    The malware threat landscape is changing very fast. New and improved malware are hitting the attack surface on a daily basis. No wonder advanced malware like to operate in stealth mode. They try to change their behaviors, shapes and patterns as much as they can do to fool their enemies. Not only do we need a signature-less technology to handle such malware, but we also need a news resource continuously talking about Read more...


    Using Honeypots to Sniff and Snuff out Botnets, part 2

    By Alex Lanstein
      This is a continuation of my previous posting on botnets that propagate through remotely exploitable vulnerabilities.       I suggest you read the first posting to understand how the data below is gathered.  That being said, let's examine another one of my honeynets: The first thing you'll notice is there is a particular worm that first tries to connect to a random IP and port with a random GET request Read more...