In Part 1 of “Clustering Zeus Command and Control Servers” I focused on clustering Zeus command and control servers based on three criteria: IP addresses, domain names, and email addresses used to register domain names. Using data drawn from ZeusTracker and MalwareDomainList, I observed that while a wide variety of criminals may set up disparate [...]
Tag Archives: Palantir
Clustering Zeus Command and Control Servers
October 14, 2010 – 11:16 am
Recently, more than 150 individuals around the world have been arrested on bank fraud related charges after using the Zeus malware to acquire credentials that enabled the criminals to steal more than $70 million dollars. Those arrested include five Ukrainian individuals that are believed to be the masterminds behind the operation. Brian Krebs notes that [...]
SecDev & GhostNet
September 29, 2009 – 9:49 pm
The SecDev Group, along with the Information Warfare Monitor published “Tracking GhostNet: Investigating a Cyber Espionage Network,” a report released in March 2009 (www.tracking-ghost.net), which made extensive use of Palantir to analyze data obtained through technical and human-based sources. We discovered a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% [...]
Hello world!
September 29, 2009 – 8:47 pm
Welcome to the SecDev.cyber Blog. The SecDev.cyber Blog features analysis of real data using Palantir, trends and incites into current cyber attacks and guest posts from subject matter experts.