malware

Reflection on Detection of Encrypted Malware Traffic

July 29, 2021

The Internet has become an indispensable part of our lives, and it is of vital importance to work out how to guarantee the security of users’ sensitive information and privacy in cyberspace. Most of the Internet traffic is encrypted with Transport Layer Security (TLS), which cannot guarantee absolute security. Malware has been seen to use […]

Analysis of the SBIDIOT IoT Malware

May 21, 2021

Produced by: Yuchen PAN Introduction Recently, an IoT malware sample dubbed SBIDIOT is found to engage in malicious activities, mainly distributed denial of service (DDoS) attacks. So far, very few incidents of this malware have been discovered by VirusTotal and cybersecurity communities. Though some IoT botnets focus on cryptocurrency mining or fraud activities, SBIDIOT-related botnets […]

‘FreakOut’ Malware Analysis – FreakOut Samples

malware

March 16, 2021

Produced by: NSFOCUS Security Labs FreakOut samples appearing in the campaign were a typical IRC bot Trojan program written in Python. The Trojan program would connect to IRC channels in hardcoded C&C and act as instructed by C&C to collect information, launch DDoS attacks, interact with shells, and conduct ARP sniffing attacks. Also, it carried […]

‘FreakOut’ Malware Analysis – Groups Behind FreakOut

malware

March 15, 2021

Produced by: NSFOCUS Security Labs In early January 2021, NSFOCUS Security Labs captured an unknown malicious program called “out.py” via its real-time data platform, which is usually spread with the domain name “gxbrowser.net”. NSFOCUS Security Labs conducted an in-depth research on the samples and payloads of the malware and compared the malware with NSFOCUS threat […]

Technical Analysis Report on Rowdy, A New Type of IoT Malware Exploiting STBs

October 19, 2017

In August 2017, NSFOCUS’s DDoS situation awareness platform detected anoma-lous bandwidth usage over a customer’s network, which, upon analysis, was confirmed to be a distributed denial-of-service (DDoS) attack. The attack was characterized by different types of traffic, including TCP flood, HTTP flood, and DNS flood. Tracing source IP addresses, we found that the attack had […]

DDoS attacks – more than just disruption?

December 21, 2015

Track:  General Security

Author: Vann Abernethy, Field CTO, NSFOCUS

DDoS attacks

Distributed Denial-of-Service (DDoS) attacks have been around for decades and have been increasing in popularity due to the relative ease in carrying one out.  Traditionally, the purpose of these attacks has been to make a site or service unavailable to its intended users for some duration via either flood-type attacks or application-layer attacks (which are smaller, but just as effective) that overwhelm the target’s network or systems. (more…)