Operation Kelihos: Presented at BotConf 2013

Nearly two weeks ago, the picturesque city of Nantes hosted “The First Botnet Fighting Conference” - BotConf’13 - on Dec 5th and 6th. This was a great event where researchers from the security industry, academia and law enforcement presented and discussed the latest findings and initiatives in fighting botnets and prosecuting the criminals behind them.

Our Presentation:

As security researcher from Umbrella Labs at OpenDNS, and a member of MalwareMustDie, I was pleased to be part of the event. I teamed up with ...

BotConf & BayThreat 2013

This past week was a busy one for the OpenDNS Security Team, as four researchers presented three talks at two separate security events.

First, Dhia hosted a session at BotConf 2013, in Nantes, France (stay tuned for his recap!). Thibault, Frank and Ping finished out the week at Baythreat, a bay area security event now in its fourth year. As always, it was great to interact with other members of the security community! We’d like to share a brief recap of ...

Visualizing Attack Data: 2013 Review

According to Wikipedia, Visualization is any technique for creating images, diagrams, or animations to communicate a message. Visualization through imagery has been an effective way to communicate both abstract and concrete ideas since the dawn of man.

Due to the massive amount of data we are dealing with today, visualization is dramatically increasing in importance. By putting large amounts of data into visualizations, we can utilize our most powerful sixth sense to understand the data and turn it into information. By adding ...

Using HyperLogLog to Detect Malware Faster Than Ever

Previously, we introduced our real-time API, and Senior Research Scientist Ping Yan recently blogged about how she used it to find Black Friday scams.

The data feed, described in the post mentioned above, is constantly consumed by multiple processors or stream interpreters. In this blog post, we will focus on one processor dedicated to spotting a specific category of suspicious IP addresses.

It is uncommon for an IP address to suddenly have many new domain names map to it, where there was ...