Every week, we examine the top trends in malicious activity we have seen in Canada using data obtained through CIRA’s D-Zone DNS Firewall.
The top blocked domains this week is a virtual carbon-copy of last week’s list. If you’re unfamiliar with some of the threat types, you can read their definitions in last week’s post.
Of note this week is that there are three .ru (the Russian ccTLD) domains all related to Trojan downloaders that are used to deliver payloads to machines unlucky enough to be infected. These don’t necessarily always come through a click on a bad link but can be distributed along with other software like legitimate games or other programs that are downloaded online. It is an important lesson about being careful where you download from.
Top ten domains blocked last week
Domain Name |
Threat Type |
---|---|
superyou.zapto.org |
Spybot |
76236osm1.ru |
Trojan downloaders |
dj1.jfrmt.net |
Morto |
api-restlet.com |
Xavier |
dzhacker15.no-ip.org |
Hworm |
brenz.pl |
Suspected malware |
soplifan.ru |
Trojan downloaders |
diplicano.ru |
Trojan downloaders |
ns6.wowrack.com |
Mirai |
ns5.wowrack.com |
Mirai |
Operating a public Wi-Fi network? Be aware of DNS tunnels
We took a look at DNS tunnel activity and this one is of particular interest to anyone operating a public Wi-Fi network, typically found at public spaces such as schools, municipalities and hotels. Among D-Zone DNS Firewall users with public networks, we see a high prevalance of DNS tunnel attempts. DNS tunnels can be used to go around paid Wi-Fi or login-based Wi-Fi. Blocking these queries is therefore quite important to those operating a public Wi-Fi service.
Learn more about D-Zone DNS Firewall.
Rob brings over 20 years of experience in the technology industry writing, presenting and blogging on subjects as varied as software development tools, silicon reverse engineering, cyber-security and the DNS. An avid product marketer who takes the time to speak to IT professionals with the information and details they need for their jobs.