While finding malware on your network is always an unwelcome surprise, this week’s top 10 blocks from D-Zone DNS Firewall are not really surprising at all.<\/p>\n
<\/p>\n
While finding malware on your network is always an unwelcome surprise, this week’s top 10 blocks from D-Zone DNS Firewall are not really surprising at all.<\/p>\n
We continue to see the Mirai botnet on wowrack.com name servers lead the list by query count. A Google search indicates that wowrack is a managed server hosting and cloud provider and seeing this type of issue on an ns address is not something we would expect to persist.<\/p>\n
Rounding out the top 10 we see a similar number of malware call home attempts as we see in most weeks, the continuing threat from Palevo, plus a return of jRAT, or Java Based Remote Access Trojans. These are particularly problematic as they are constantly evolving and run in a browser and can execute a malware payload download.<\/p>\n
And finally, a new entrant is a WPAD proxy hijack that can expose users online accounts through man-in-the-middle style attacks.<\/p>\n
| \n Domain Name<\/strong><\/p>\n<\/td>\n Category<\/strong><\/p>\n<\/td>\n Threat Type<\/strong><\/p>\n<\/td>\n<\/tr>\n ns6.wowrack.com<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n Mirai<\/p>\n<\/td>\n<\/tr>\n ns5.wowrack.com<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n Mirai<\/p>\n<\/td>\n<\/tr>\n superyou.zapto.org<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n pixeldgarui.xyz<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n Malware Call Home<\/p>\n<\/td>\n<\/tr>\n zws12.com<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n Malware Call Home<\/p>\n<\/td>\n<\/tr>\n redwassheptal.com<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n Malware Call Home<\/p>\n<\/td>\n<\/tr>\n wpad.domain.name<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n WPAD proxy hijack<\/p>\n<\/td>\n<\/tr>\n doingtracks.duckdns.org<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n jRAT<\/p>\n<\/td>\n<\/tr>\n sandra.prichaonica.com<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n Palevo<\/p>\n<\/td>\n<\/tr>\n l33t.brand-clothes.net<\/p>\n<\/td>\n BLOCK<\/p>\n<\/td>\n Palevo<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":" While finding malware on your network is always an unwelcome surprise, this week’s top 10 blocks from D-Zone DNS Firewall are not really surprising at all.<\/p>\n","protected":false},"featured_media":1949,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"ngg_post_thumbnail":0,"slim_seo":{"title":"Weekly web security warning: Mirai leads the way - CIRA","description":"While finding malware on your network is always an unwelcome surprise, this week's top 10 blocks from D-Zone DNS Firewall are not really surprising at all. Whil"},"footnotes":""},"topic":[28],"class_list":["post-42132","cira_news","type-cira_news","status-publish","has-post-thumbnail","hentry","cira_news_type-cira-news-type-blog","cira_topic-cira-topic-cybersecurity","cira_author-rob-williamson"],"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/news\/42132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/news"}],"about":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/wp\/v2\/types\/cira_news"}],"version-history":[{"count":0,"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/news\/42132\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/wp\/v2\/media\/1949"}],"wp:attachment":[{"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/wp\/v2\/media?parent=42132"}],"wp:term":[{"taxonomy":"cira_topic","embeddable":true,"href":"https:\/\/stg-saas.cira.ca\/en\/wp-json\/cira\/v1\/topic?post=42132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} |