While finding malware on your network is always an unwelcome surprise, this week’s top 10 blocks from D-Zone DNS Firewall are not really surprising at all.
While finding malware on your network is always an unwelcome surprise, this week’s top 10 blocks from D-Zone DNS Firewall are not really surprising at all.
We continue to see the Mirai botnet on wowrack.com name servers lead the list by query count. A Google search indicates that wowrack is a managed server hosting and cloud provider and seeing this type of issue on an ns address is not something we would expect to persist.
Rounding out the top 10 we see a similar number of malware call home attempts as we see in most weeks, the continuing threat from Palevo, plus a return of jRAT, or Java Based Remote Access Trojans. These are particularly problematic as they are constantly evolving and run in a browser and can execute a malware payload download.
And finally, a new entrant is a WPAD proxy hijack that can expose users online accounts through man-in-the-middle style attacks.
Domain Name |
Category |
Threat Type |
ns6.wowrack.com |
BLOCK |
Mirai |
ns5.wowrack.com |
BLOCK |
Mirai |
superyou.zapto.org |
BLOCK |
Spybot |
pixeldgarui.xyz |
BLOCK |
Malware Call Home |
zws12.com |
BLOCK |
Malware Call Home |
redwassheptal.com |
BLOCK |
Malware Call Home |
wpad.domain.name |
BLOCK |
WPAD proxy hijack |
doingtracks.duckdns.org |
BLOCK |
jRAT |
sandra.prichaonica.com |
BLOCK |
Palevo |
l33t.brand-clothes.net |
BLOCK |
Palevo |
Rob brings over 20 years of experience in the technology industry writing, presenting and blogging on subjects as varied as software development tools, silicon reverse engineering, cyber-security and the DNS. An avid product marketer who takes the time to speak to IT professionals with the information and details they need for their jobs.