Over the last seven days, we have seen a big change to the top 10 blocked domains of the week. Specifically for the first time a country-code TLD is featured – in this case .us.
Over the last seven days, we have seen a big change to the top 10 domains blocked by D-Zone DNS Firewall. Specifically for the first time a country-code TLD is featured – in this case .us. Country codes are not seen as frequently among blocked domains as they generally enforce stricter identification and ownership rules.
A quick review of WHOIS shows that these .us domains are all registered to the same registrant. This suggests that their servers may have been compromised OR that it is intentional. In the latter case we would think that the registrant is perhaps a pseudonym. Without speculating too much, what matters is that this particular set of domains is getting blocked for botnet activity that we still need to understand better and so we have categorized it as, “Other Botnet” which refers to malware/botnet activity that we have not yet definitively associated with a specific, well-studied malware/botnet type.
The other notable change this week is the first appearance of Morto—and it tops the list. That said, this isn’t the threat that you may think it is. Morto is an oldie that spreads via remote desktop protocol (RDP) between windows machines with weak passwords. The URL is a more traditional (seemingly) randomly generated domain name. What this means is that this URL is not a threat that the typical IT manager needs to worry about. The very high query count we are seeing is the result of one IP address with (likely) multiple infections on their network. In this case, they are not a direct D-Zone DNS Firewall customer but benefit from its blocking because they are with an ISP that is using the DNS firewall to help keep malware off their network (and protect their customers).
Domain Name |
Category |
Threat Type |
---|---|---|
dj1.jfrmt.net |
BLOCK |
Morto |
gpreport.us |
BLOCK |
Other Botnet |
domain-extension.us |
BLOCK |
Other Botnet |
superyou.zapto.org |
BLOCK |
Spybot |
sandmining.us |
BLOCK |
Other Botnet |
pricedeals.us |
BLOCK |
Other Botnet |
desertsand.us |
BLOCK |
Other Botnet |
wine-gift.us |
BLOCK |
Other Botnet |
issuetracking.us |
BLOCK |
Other Botnet |
valuescale.us |
BLOCK |
Other Botnet |
Rob a acquis plus de 20 ans d’expérience de la rédaction, de la présentation et du blogage à l’intention de l’industrie des technologies. Il aborde des thèmes aussi variés que les outils de développement de logiciels, l’ingénierie inverse de Silicon, la cybersécurité et le DNS. De fait, Rob est un spécialiste du marketing passionné qui s’adresse aux professionnelles et aux professionnels des TI en leur donnant les renseignements et les précisions dont ils ont besoin pour s’acquitter de leurs tâches.