CIRA cybersecurity

Weekly web security warning: Top 10 Canadian cyber-threat blocks for Feb 3-9

Last week's top ten most blocked domains represent many of the usual suspects but under different domains it is a reminder that malware is pervasive, nasty and ever-changing.

Last week's top ten most blocked domains represent many of the usual suspects. Notably, you would be unlikely to spot any of these on your network without running scans or using a firewall. That is until it is too late.

Domain Name

Category

Threat Type

ns6.wowrack.com

BLOCK

Malware Call Home

ns5.wowrack.com

BLOCK

Malware Call Home

zws12.com

BLOCK

Mirai

vcfs6ip5h6.bid

BLOCK

Mirai

juice.losmibracala.org

BLOCK

Malware Call Home

c0i8h8ac7e.bid

BLOCK

Malware Call Home

redwassheptal.com

BLOCK

Palevo

fge9vbrzwt.bid

BLOCK

Malware Call Home

avualrhg9p.bid

BLOCK

jRAT

aqqgli3vle.bid

BLOCK

Malware Call Home

Malware Call Home

Domains used for malware post-infection communications. You want to block this stuff so it (generally) can’t work. We see this issue the majority of the time meaning that users on the network are likely infected. 

Mirai

An IoT botnet that is used primarily to launch DDoS Attacks.

Palevo

A family of worms/viruses that allows unrestricted remote access to infected computers. Spreads via the network and removable media. Depending on what it is used to execute you may see degraded system performance, crashing, software launching itself, missing files, unwanted programs on desktop.

jRAT

A cross-platform remote access Trojan, can be run on any machine installed with Java, including Windows, MacOSC, Linux, and Android. Can be used to install any number of malware variants including those that keylog. For the most part to get this you need to have Java installed AND accept the change when the application package tries to install itself. This should render infection rates low, but users are users, and this is cross-platform, so good virus protection and firewalls should be present.

In conclusion, this week is “business as usual" with no major new cybsecurity stories trending. This top ten is another reminder that malware is pervasive, nasty and ever-changing. If you have a method to block these top ten then we recommend you consider adding them to your block lists. If not, then we recommend a cloud-based DNS Firewall that can help do it for you.  

Blog navigation