OpenDNS Labs Releases CRITs Service Module

Automated intelligence makes everyone’s lives easier. In the spirit of automated intelligence, OpenDNS Labs is pleased to announce the release of the OpenDNS service for the newly open sourced Collaborative Research Into Threats (CRITs) tool by MITRE.

CRITs is an open source tool that brings digital investigation workflows to the masses. With a web front end backed by MongoDB, CRITs provides a central platform for analyzing malware, pcaps, emails, domains and most other artifacts related to an incident. One very powerful feature of ...

Gameover ZeuS Switches From P2P to DGA

Though Operation Tovar succeeded in temporarily cutting communication between Gameover ZeuS (GoZeus) and its command and control infrastructure, it appears now that GoZeus has migrated from using peer-to-peer communications to domain generation algorithms (DGAs).

According to research by our friends over at Malcovery, a “new trojan based heavily on the GameOver Zeus binary…was distributed as the attachment to three spam email templates.” In the report, several domains were identified as being the destination of the infected malware’s communications. The most active of the DGAs ...

Do you have a security blind spot?

There has been some press recently on what professionals are calling the “DNS Blind Spot”. The basic message is that of all the security tools, products, and technologies deployed, visibility into the DNS layer is the one that is most under-utilized. With the growing sophistication and frequency of threats, DNS provides an incredible opportunity to monitor, alert, and prevent some of the most nefarious threats from getting in – and contain them from getting out.

To get a sense of just how ...

The Security Internship

Note from Andrew Hay: This is a post written by OpenDNS Security Labs interns Kevin Bottomley and Skyler Hawthorne on their experiences working at OpenDNS.

Although neither of us have been working at OpenDNS for very long, the experience thus far has been very rewarding. We work at a company that serves as a gateway to the Internet for 50 million users daily that allows us to bring in our ideas and concepts, and implement them into the OpenDNS infrastructure.


The culture ...

From Dedicated to Compromised Domains: The Shift in Adversaries’ MO to Deliver Exploit Kit Attacks

Earlier this year, we covered results of a 5-month study (November 2013 to February 2014) on tracking Nuclear Exploit kit domains from a hosting IP infrastructure perspective [1]. We discussed the evasive methods of the bad actors, their abuse of hosting providers, and we elaborated on methods to predictively identify and block IP infrastructures set up by adversaries to deliver Exploit kit attacks. Since then, several elements have changed in the MO of bad actors.

In this blog, we discuss some ...