Domain: malwaretech.com
Stories and comments across the archive that link to malwaretech.com.
Comments · 7
-
I told you already: OFTEN AS YOU LIKE! apk
See subject & my sources my program gets do it @ diff. intervals ALL AROUND THE CLOCK & I go 'above & beyond it' personally - how?
SECURITY SITES I WILL LIST FOR YOU (these are excellent finding all kinds of exploiters & malicious sites/servers galore for ALL types of threats):
http://blog.talosintelligence....
https://www.welivesecurity.com...
https://blog.malwarebytes.com/
https://researchcenter.paloalt...
https://www.bleepingcomputer.c...
https://securityintelligence.c...
https://www.cyren.com/blog
http://garwarner.blogspot.com/
http://www.malwaretech.com/
https://securelist.com/all/?ca...
https://www.fireeye.com/blog/t...
https://www.secureworks.com/re...
https://research.checkpoint.co...
http://blog.trendmicro.com/tre...
https://www.proofpoint.com/us/...
https://blog.comodo.com/catego...That's 25 sources in total from the security community that UPDATES all the time around the clock - my program makes easy work of consolidating all that data is all! It works (see testimonials I posted in my other replies to you from
/. peers).APK
P.S.=>
... & YOU, personally, have FULL CONTROL OF THE DATA (try that w/ addons OR a REMOTE DNS - good luck on the latter & the former? You'd best know regular expressions)... apk -
Works great (there's lists of those)... apk
Works great! There's lists of those from DGA botnets or ad networks etc. https://intel.malwaretech.com/...
https://intel.malwaretech.com/...
https://intel.malwaretech.com/..."
https://intel.malwaretech.com/...
APK
P.S.=> Addtionally hosts do FAR more than any other SINGLE "so-called 'solution'" by far & for FAR less resources consumed (PROOF->) https://meta.slashdot.org/comments.pl?sid=11284751&cid=55450477 natively (not ILLOGICALLY "Bolting on 'MoAr'" that does less & with greater complexity for room for breakdown OR exploitation)... apk
-
Works great (there's lists of those)... apk
Works great! There's lists of those from DGA botnets or ad networks etc. https://intel.malwaretech.com/...
https://intel.malwaretech.com/...
https://intel.malwaretech.com/..."
https://intel.malwaretech.com/...
APK
P.S.=> Addtionally hosts do FAR more than any other SINGLE "so-called 'solution'" by far & for FAR less resources consumed (PROOF->) https://meta.slashdot.org/comments.pl?sid=11284751&cid=55450477 natively (not ILLOGICALLY "Bolting on 'MoAr'" that does less & with greater complexity for room for breakdown OR exploitation)... apk
-
Works great (there's lists of those)... apk
Works great! There's lists of those from DGA botnets or ad networks etc. https://intel.malwaretech.com/...
https://intel.malwaretech.com/...
https://intel.malwaretech.com/..."
https://intel.malwaretech.com/...
APK
P.S.=> Addtionally hosts do FAR more than any other SINGLE "so-called 'solution'" by far & for FAR less resources consumed (PROOF->) https://meta.slashdot.org/comments.pl?sid=11284751&cid=55450477 natively (not ILLOGICALLY "Bolting on 'MoAr'" that does less & with greater complexity for room for breakdown OR exploitation)... apk
-
Works great (there's lists of those)... apk
Works great! There's lists of those from DGA botnets or ad networks etc. https://intel.malwaretech.com/...
https://intel.malwaretech.com/...
https://intel.malwaretech.com/..."
https://intel.malwaretech.com/...
APK
P.S.=> Addtionally hosts do FAR more than any other SINGLE "so-called 'solution'" by far & for FAR less resources consumed (PROOF->) https://meta.slashdot.org/comments.pl?sid=11284751&cid=55450477 natively (not ILLOGICALLY "Bolting on 'MoAr'" that does less & with greater complexity for room for breakdown OR exploitation)... apk
-
Re:It was only a matter of time...https://www.malwaretech.com/20...
The reason which was suggested is that the domain is a “kill switch” in case something goes wrong, but I now believe it to be a badly thought out anti-analysis.
In certain sandbox environments traffic is intercepted by replying to all URL lookups with an IP address belonging to the sandbox rather than the real IP address the URL points to, a side effect of this is if an unregistered domain is queried it will respond as it it were registered (which should never happen).
I believe they were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox the malware exits to prevent further analysis. This technique isn’t unprecedented and is actually used by the Necurs trojan (they will query 5 totally random domains and if they all return the same IP, it will exit); however, because WannaCrypt used a single hardcoded domain, my registartion of it caused all infections globally to believe they were inside a sandbox and exitthus we initially unintentionally prevented the spread and and further ransoming of computers infected with this malware. Of course now that we are aware of this, we will continue to host the domain to prevent any further infections from this sample.
-
Why is it?
The biggest worms, trojans, etc. all hit Windows? Rhetorical question, so no jesting or serious responses requested
:) But this one looks to be fairly sizeable. Plenty of European telecoms, and other industries hit so far today. Even read reports of FedEx's Memphis hub instructing employees to power off those PC's.Here's a map --> https://intel.malwaretech.com/.... The ironic thing is that these are far from true 0-day exploits. Patch was released for this in March. Regardless of your organization size, testing and rolling out patches shouldn't be that difficult. Given it's been a few months. This is speaking from a person who's been a cog in the wheel at larger US organizations as well as supported smaller places...