Media Coverage

Shadowserver in the news

Chinese Nitol botnet host back up after Microsoft settles lawsuit

The Register, October 4, 2012

Microsoft has reached a settlement with the Chinese site linked to the Nitol DDoS botnet. The emerging Nitol botnet was hosted by the 3322.org domain. In order to stem the threat, Microsoft filed a suit to take control of the 70,000 malicious subdomains hosted on 3322.org, gaining control of the domain in mid September.

Virgin Media to warn malware-infected customers

The Register, August 16, 2010

Virgin Media subscribers whose computers are part of a botnet can expect a letter warning them to tighten up their security, under a new initiative based on data collected by independent malware trackers. The UK’s third-largest ISP will match lists of compromised IP addresses collected by the Shadowserver Foundation, among others, to its customer records.

The Enemy Within

The Atlantic, June 15, 2010

When the Conficker computer “worm” was unleashed on the world in November 2008, cyber-security experts didn’t know what to make of it. It infiltrated millions of computers around the globe. It constantly checks in with its unknown creators. It uses an encryption code so sophisticated that only a very few people could have deployed it. For the first time ever, the cyber-security elites of the world have joined forces in a high-tech game of cops and robbers, trying to find Conficker’s creators and defeat them. The cops are failing. And now the worm lies there, waiting …

Shadowserver Foundation: Unsung heroes in the botnet wars

Tech Republic, April 19, 2010

There is a group of security professionals that volunteer their time — lots of time — to rid the Internet of cybercrime. Discover how they are making a difference.

Shadows In The Cloud

Forbes, April 6, 2010

Today the IWM and the Shadowserver Foundation have released a report “Shadows in the Cloud: An investigation into cyber espionage 2.0” (mirror) in which we document another targeted malware network. (NYT coverage here).

Microsoft Recruited Top Notch Guns for Waledac Takedown

PC World, February 25, 2010

Four days ago, top-notch computer security researchers launched an assault on Waledac, a highly sophisticated botnet responsible for spreading spam and malicious software. As of Thursday, more than 60,000 PCs worldwide that have been infected with malicious code are now under the control of researchers, marking the effort one of the most highly successful coordinated against organized cybercrime.

Shadowserver to take over as Mega-D botnet herder

Network World, November 17, 2009
An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour. The infected computers are part of a botnet called Ozdok or Mega-D, which at one time was sending out around 4 percent of the world’s spam messages. Last week, security vendor FireEye launched a drive to dismantle the botnet. But FireEye has now handed control of those bots over to Shadowserver, a volunteer-run organization that tracks botnets.

Botnet Hunters

CIO, November 17, 2009

By day, Andre DiMino is a professional digital forensic analyst. By night, he serves as director of an organization known as Shadowserver Foundation, a group of volunteers dedicated to sleuthing out cybercriminals and shutting them down. Here’s his story.

A Robot Network Seeks to Enlist Your Computer

New York Times, October 12, 2008

REDMOND, Wash. — In a windowless room on Microsoft’s campus here, T. J. Campana, a cybercrime investigator, connects an unprotected computer running an early version of Windows XP to the Internet. In about 30 seconds the computer is “owned.”

Before the Gunfire, Cyberattacks

New York Times, August 12, 2008

Weeks before bombs started falling on Georgia, a security researcher in suburban Massachusetts was watching an attack against the country in cyberspace. Researchers at Shadowserver, a volunteer group that tracks malicious network activity, reported that the Web site of the Georgian president, Mikheil Saakashvili, had been rendered inoperable for 24 hours by multiple D.D.O.S. attacks. They said the command and control server that directed the attack was based in the United States and had come online several weeks before it began the assault.