Skip to main content
  • Cybersecurity

Weekly web security warning – a busy weekend

Every week, we examine the top trends in malicious activity we have seen in Canada using data obtained through CIRA's D-Zone DNS Firewall.
By Rob Williamson
Marketing Manager

Every week, we examine the top trends in malicious activity we have seen in Canada using data obtained through CIRA’s D-Zone DNS Firewall.

This week’s big winner was a spambot using a random character .ru domain and unlike past weeks, the pattern was different. On the weekend, typically the usual number of blocked domains falls as users tend to be more offline, at least from the networked computers. However this week, there was a huge spike in the number of unique domains blocked that peaked at just over 4,900 on Saturday, May 5th. We aren’t charting this here, but traffic returned to more normal quieter weekend patterns on the 6th.

In terms of the rest of the top blocked domains, we see a couple of non-resolving domains like buysellstops.com and underpants.online that are using WHOIS privacy. We also see the usual cadre of randomized domains.

Domain

Threat

xdqzpbcgrvkj.ru

Spambot

76236osm1.ru

Trojan downloaders

buysellstops.com

Malware Call Home

superyou.zapto.org

Spybot

e51091eec8b619d50e44c8c29b7a0ee8.com

Malware Call Home

ns6.wowrack.com

Mirai

ns5.wowrack.com

Mirai

0x3h32haer.underpants.online

Malware Call Home

dj1.jfrmt.net

Morto

soplifan.ru

Trojan downloaders

And finally, we noted a spike in DNS amplification traffic this week that peaked on May 3rd.These are queries designed to get a response that is larger than the query and generally used for DDoS attacks on a third party.

 

On our end, we rate limit responses to these types of queries to sink them before they can cause slowdowns to ours, or the targets systems.

About the author
Rob Williamson

Rob brings over 20 years of experience in the technology industry writing, presenting and blogging on subjects as varied as software development tools, silicon reverse engineering, cyber-security and the DNS. An avid product marketer who takes the time to speak to IT professionals with the information and details they need for their jobs.

Loading…