Of note this week is that there are three .ru (the Russian ccTLD) domains all related to Trojan downloaders that are used to deliver payloads to machines unlucky enough to be infected. These don’t necessarily always come through a click on a bad link but can be distributed along with other software like legitimate games or other programs that are downloaded online. It is an important lesson about being careful where you download from.<\/p>\n
Top ten domains blocked last week<\/h2>\n\n\n\n\n\n\nDomain Name<\/strong><\/p>\n<\/th>\n\nThreat Type<\/strong><\/p>\n<\/th>\n<\/tr>\n<\/thead>\n\n\n\nsuperyou.zapto.org<\/p>\n<\/td>\n
\nSpybot<\/p>\n<\/td>\n<\/tr>\n
\n\n76236osm1.ru<\/p>\n<\/td>\n
\nTrojan downloaders<\/p>\n<\/td>\n<\/tr>\n
\n\ndj1.jfrmt.net<\/p>\n<\/td>\n
\nMorto<\/p>\n<\/td>\n<\/tr>\n
\n\napi-restlet.com<\/p>\n<\/td>\n
\nXavier<\/p>\n<\/td>\n<\/tr>\n
\n\ndzhacker15.no-ip.org<\/p>\n<\/td>\n
\nHworm<\/p>\n<\/td>\n<\/tr>\n
\n\nbrenz.pl<\/p>\n<\/td>\n
\nSuspected malware<\/p>\n<\/td>\n<\/tr>\n
\n\nsoplifan.ru<\/p>\n<\/td>\n
\nTrojan downloaders<\/p>\n<\/td>\n<\/tr>\n
\n\ndiplicano.ru<\/p>\n<\/td>\n
\nTrojan downloaders<\/p>\n<\/td>\n<\/tr>\n
\n\nns6.wowrack.com<\/p>\n<\/td>\n
\nMirai<\/p>\n<\/td>\n<\/tr>\n
\n\nns5.wowrack.com<\/p>\n<\/td>\n
\nMirai<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/figure>\n
Operating a public Wi-Fi network? Be aware of DNS tunnels<\/h2>\n
We took a look at DNS tunnel activity and this one is of particular interest to anyone operating a public Wi-Fi network, typically found at public spaces such as schools, municipalities and hotels. Among D-Zone DNS Firewall users with public networks, we see a high prevalance of DNS tunnel attempts. DNS tunnels can be used to go around paid Wi-Fi or login-based Wi-Fi<\/a>. Blocking these queries is therefore quite important to those operating a public Wi-Fi service.<\/p>\n\nTunnels<\/h3>\n
| \n Domain Name<\/strong><\/p>\n<\/th>\n Threat Type<\/strong><\/p>\n<\/th>\n<\/tr>\n<\/thead>\n\n superyou.zapto.org<\/p>\n<\/td>\n Spybot<\/p>\n<\/td>\n<\/tr>\n 76236osm1.ru<\/p>\n<\/td>\n Trojan downloaders<\/p>\n<\/td>\n<\/tr>\n dj1.jfrmt.net<\/p>\n<\/td>\n Morto<\/p>\n<\/td>\n<\/tr>\n api-restlet.com<\/p>\n<\/td>\n Xavier<\/p>\n<\/td>\n<\/tr>\n dzhacker15.no-ip.org<\/p>\n<\/td>\n Hworm<\/p>\n<\/td>\n<\/tr>\n brenz.pl<\/p>\n<\/td>\n Suspected malware<\/p>\n<\/td>\n<\/tr>\n soplifan.ru<\/p>\n<\/td>\n Trojan downloaders<\/p>\n<\/td>\n<\/tr>\n diplicano.ru<\/p>\n<\/td>\n Trojan downloaders<\/p>\n<\/td>\n<\/tr>\n ns6.wowrack.com<\/p>\n<\/td>\n Mirai<\/p>\n<\/td>\n<\/tr>\n ns5.wowrack.com<\/p>\n<\/td>\n Mirai<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/figure>\n We took a look at DNS tunnel activity and this one is of particular interest to anyone operating a public Wi-Fi network, typically found at public spaces such as schools, municipalities and hotels. Among D-Zone DNS Firewall users with public networks, we see a high prevalance of DNS tunnel attempts. DNS tunnels can be used to go around paid Wi-Fi or login-based Wi-Fi<\/a>. Blocking these queries is therefore quite important to those operating a public Wi-Fi service.<\/p>\n |
|---|
![\"\"](\"https:\/\/www.cira.ca\/uploads\/2018\/04\/D-zone-blog-tunnels.PNG\" "\\"\\"")