Last week’s top ten most blocked domains represent many of the usual suspects but under different domains it is a reminder that malware is pervasive, nasty and ever-changing.
Last week’s top ten most blocked domains represent many of the usual suspects. Notably, you would be unlikely to spot any of these on your network without running scans or using a firewall. That is until it is too late.
Domain Name |
Category |
Threat Type |
ns6.wowrack.com |
BLOCK |
Malware Call Home |
ns5.wowrack.com |
BLOCK |
Malware Call Home |
zws12.com |
BLOCK |
Mirai |
vcfs6ip5h6.bid |
BLOCK |
Mirai |
juice.losmibracala.org |
BLOCK |
Malware Call Home |
c0i8h8ac7e.bid |
BLOCK |
Malware Call Home |
redwassheptal.com |
BLOCK |
Palevo |
fge9vbrzwt.bid |
BLOCK |
Malware Call Home |
avualrhg9p.bid |
BLOCK |
jRAT |
aqqgli3vle.bid |
BLOCK |
Malware Call Home |
Malware Call Home
Domains used for malware post-infection communications. You want to block this stuff so it (generally) can’t work. We see this issue the majority of the time meaning that users on the network are likely infected.
Mirai
An IoT botnet that is used primarily to launch DDoS Attacks.
Palevo
A family of worms/viruses that allows unrestricted remote access to infected computers. Spreads via the network and removable media. Depending on what it is used to execute you may see degraded system performance, crashing, software launching itself, missing files, unwanted programs on desktop.
jRAT
A cross-platform remote access Trojan, can be run on any machine installed with Java, including Windows, MacOSC, Linux, and Android. Can be used to install any number of malware variants including those that keylog. For the most part to get this you need to have Java installed AND accept the change when the application package tries to install itself. This should render infection rates low, but users are users, and this is cross-platform, so good virus protection and firewalls should be present.
In conclusion, this week is “business as usual” with no major new cybsecurity stories trending. This top ten is another reminder that malware is pervasive, nasty and ever-changing. If you have a method to block these top ten then we recommend you consider adding them to your block lists. If not, then we recommend a cloud-based DNS Firewall that can help do it for you.
Rob a acquis plus de 20 ans d’expérience de la rédaction, de la présentation et du blogage à l’intention de l’industrie des technologies. Il aborde des thèmes aussi variés que les outils de développement de logiciels, l’ingénierie inverse de Silicon, la cybersécurité et le DNS. De fait, Rob est un spécialiste du marketing passionné qui s’adresse aux professionnelles et aux professionnels des TI en leur donnant les renseignements et les précisions dont ils ont besoin pour s’acquitter de leurs tâches.