News & Insights

Avalanche year two, this time with Andromeda

December 4, 2017
On December 1st last year, the successful takedown of the long-running criminal Avalanche double fast flux platform was announced by a consortium of international public and private partners, including The Shadowserver Foundation. One year saw another milestone, with the addition of Andromeda-related domains being added to the set of Avalanche domains to be seized/blocked in a second round of LE action. This takes us to 842,000 malicious domains and another 2+ million unique infected victim IP addresses hitting the sinkholes per day and requiring remediation.
Moving servers through hallway

And the Song Remains the Same

November 15, 2017
As you may remember, we recently moved data center. It took us a little longer than expected to bring everything back up. But it is all back up now. Tired but happy team!

Oops, We’re Doing it Again

October 13, 2017
Well, I hope everyone remembers last year when we moved successfully.  At that time we acquired a larger space and started the arduous process of negotiations on what will really happen to the new space and how the move will take place.

Kelihos.E Botnet - Law Enforcement Takedown

April 12, 2017
On Monday April 10th 2017, The US Department of Justice (DOJ) announced a successful operation to take down the Kelihos Botnet and arrest the suspected botnet operator.

Avalanche – Law Enforcement Take Down

December 1, 2016
For the past 18 months, The Shadowserver Foundation has been quietly working to support international Law Enforcement agencies in the coordinated take down of the criminal operated Avalanche malware delivery platform.

Data Center Move Completed, Without Any Catastrophes!

October 25, 2016
As we had previously stated, we are moving.  Or I should say we have moved.  It was a huge amount of effort by many of the team members.  A big thanks goes out to them all for the work, long hours, and back breaking exercise that no geek enjoys.

From Four Guys and a Garage to Something Nice

October 19, 2016
Well, as many of you know, we have always been kind of the underground heroes of the Internet.  We have scraped by with used gear, volunteers, and parts that fail often.  We have told stories about our failures and the tribulations of being a non-profit.  While none of that has really changed, we have finally gotten something nice.

Shadowserver Datacenter Move

October 7, 2016
After many years in our current datacenter, we've outgrown the space. We have found a new datacenter space nearby and have slowly been moving into it. We've reached a point where we have to shut everything down for a week to finish the migration.

ISAKMP Scanning and Potential Vulnerabilities

September 20, 2016
As many of you are aware, we scan the Internet on a daily basis for many different protocols.  We have added several new ones over time mostly depending on our own time available to engineer a scan for that protocol.  Occasionally, we add one that is more topical and addresses a recent vulnerability or issue that needs to be focused on sooner rather than later.  ISAKMP falls into that category.

Of Data Sharing and Statistics Being Removed

June 9, 2016
As most of you may know The Shadowserver Foundation is a non-profit organization in both the US and in the EU.  We survive through donations, sponsorships, as well as project work to expand out what we are able to do.  We share our data for no cost with the direct network owners.  From our last few posts you can get an idea of how many drives we go through and the possible cost to maintain all the work that we have been doing.  We do not ask for credit, only the occasional support.