![[ Team Cymru Community Services ]](/images/csnav/community_on.png)
![[ Team Cymru Commercial Services ]](/images/csnav/commercial_off.png)
![[ Dragon Research Group ]](/images/csnav/drg_off.png)
Team Cymru News Archives
The news items below previously appeared on the Team Cymru home page, but we feel they are still relevant and interesting to our readers, so they are archived here for your reading pleasure.
To receive e-mail announcements of Team Cymru news, you can subscribe to our announcements mailing list. Simply send an e-mail to cymru-announce-subscribe@cymru.com from the address you wish to subscribe from, and you'll always be up-to-date on the latest and greatest Team Cymru news!
New Paper: The PPI Model in the Underground Economy
[17 MAY 2010] The Team Cymru Business Intelligence Team is proud to announce the release of the second in a series of "Underground Economy Briefs". This edition details the "Pay-Per-Install" market, where botherders have traditionally sought money by allowing others to install software on their infected networks. We look at the business model and examine some of the tensions and trends we've seen there recently.
You can read the full whitepaper and see an interview with one of the authors as part of this week's episode of the Who and Why Show.
New Paper: Fake ID in the Underground Economy
[26 APR 2010] Our Business Intelligence Team has just published the first in a series of "Underground Economy Briefs". This first one details changes in the counterfeit identification document trade in the Underground Economy entitled "The Future of Passports and Money Movement in the Underground Economy." Its a fascinating and unique analysis of how the market for this material continues to evolve in conjunction with new and emerging e-payment systems.
You can read it here and additionally see our latest Who and Why Show episode where we interview one of the authors here.
New Bogon Insight: Fullbogon Feed
[09 APR 2010] Team Cymru today launches a significant addition to one of our most popular and important community services: The "fullbogon feed" is more granular than the traditional bogon feeds, including a wider variety of non-routable prefixes as well as unallocated prefixes. The fullbogon feed also provides IPv6 bogon prefixes in addition to the traditional IPv4 prefixes.
It is offered at no cost to the community and the original feed is not going anywhere so you can stick with it if you wish.
See an overview in the 46th episode of Team Cymru's 'The Who and Why Show', as well as a more general overview of the bogon project in episode 12. Check out the Bogon Reference pages for full details on this and all of our bogon insight!
New Paper on DDoS Basics
[22 MAR 2010] Team Cymru has just published a briefing paper and accompanying videos on DDoS attacks. The paper explains the assorted motivations behind attacks, types of attacks and related countermeasures in very basic terms. You can find the paper here in our Whitepapers Reading Room.
We are also currently halfway through a series of 4 movies which detail the same information with short animations. You can watch the movies on our YouTube Channel.
New Analysis of Infected Systems in African Nations
[16 MAR 2010] Team Cymru's latest whitepaper analyzes and discusses the distribution of infected computer systems within African countries in recent months. Two time-lapse movies are also available in connection with this paper:
- November 2009 (693kB MPEG-4 movie)
- February 2010 (3.9MB Quicktime movie)
Team Cymru Launches RSS Screensaver
[26 OCT 2009] Team Cymru has released a free RSS screensaver designed to give everyone key information regarding cyber crime activity. It runs on Mac OS X and displays two separate news feeds of important IT Security stories as well as a rotating globe showing a map of currently infected computers. This map is automatically updated from our global insight every day.
For a short video showing the screensaver in action as well as detailed instructions for installation and setup, please see Team Cymru's YouTube channel. For more information and download and installation instructions, please see the RSS Feed Screensaver page and the press release.
New Tool to Help Police Investigators
[16 NOV 2009] Team Cymru's Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) has been providing police from 31 different countries with information on botnet command and control servers within their jurisdictions for over a year. Team Cymru is proud to announce today that it has been massively expanded to include phishing sites and malware download locations, making it the largest free repository of data for law enforcement of its kind.
To see the tool in action, visit the BATTLE services page and the Team Cymru YouTube Channel. Police officers can e-mail outreach@cymru.com for details of the application process to get a BATTLE account. You may also view the press release for more details.
Team Cymru Renews Partnership with Microsoft for Malware Intelligence
[15 SEP 2009] Team Cymru is pleased to announce the renewal of our agreement with Microsoft to deliver malware and phishing intelligence that will continue to enhance Internet Explorer's ability to protect its customers from online threats.
Team Cymru's contribution to Microsoft's Internet Explorer automates the way users are protected by regularly updating a highly vetted list of locations confirmed to be distributing malware and phishing of various types.
"We have worked hard to become recognized in the area of top quality, near real time malware analysis and intelligence," said Jeff Vosburg, Chief Operating Officer at Team Cymru. "We are pleased that Microsoft understands the threat and has chosen to renew their sponsorship in order to protect their customers' online experience."
Further details can be found in the full press release.
Team Cymru Launches "Million Resolvers Project"
[20 JUL 2009] Team Cymru has launched the "Million Resolvers Project" to reduce the number of DNS Servers that can be used in DNS Amplification attacks.
Simply email us at info@cymru.com if you'd like us to send you a list of your publicly accessible DNS servers that are capable of participating in one of these attacks. This information, coupled with the reference links below will hopefully help alert you to any potential open resolvers in your network, and provide some tips on how to fix them.
See the latest "Who and Why Show" which explains the problem at http://www.youtube.com/teamcymru. Read the new white paper on this topic at http://www.team-cymru.org/ReadingRoom/Whitepapers/. Read more details of the project at http://www.team-cymru.org/Services/Resolvers/.
Team Cymru Research Secures Tax Exempt Status
[29 JUN 2009] Team Cymru is immensely proud to announce that Team Cymru Research NFP has today been formally designated a US Federal 501(c)3 non-profit organization.
Team Cymru's CEO, Rob Thomas stated "This is both a testament to, and an acknowledgment of, the long term contribution that our organization continues to make to the community and the Internet worldwide. The tax implications for our partners are significant, this new status will enable donations to go further and the good work we do together to impact more folks in meaningful ways."
Partners from around the world have been contributing with donations of time, money, bandwidth, data and equipment. They have been working in true partnership to help us focus on what is important.
Our wide global perspective, coupled with this new tax exempt status, makes Team Cymru the only place to come to for the insight our partners need to protect what matters to them.
WebMHR provides HTTP interface to Malware Hash Registry
[15 JUN 2009] Since its launch, the Malware Hash Registry has become very popular amoung security researchers and others interested in checking the hashes of binaries running on their systems. Today we are pleased to announce WebMHR, a web-based interface to the Malware Hash Registry. WebMHR provides the same MHR data you're used to seeing, now queryable via your web browser! See more details and demonstration in Episode 3 of "The Who and Why Show" on YouTube.
Team Cymru launches "The Who and Why Show" on YouTube
[01 JUN 2009] Team Cymru is pleased to announce the debut of "The Who and Why Show", a short weekly video show on YouTube. Each week we'll be posting a new episode where we will speak with subject-matter experts on various aspects of the Underground Economy. If there is any topic that you'd like to see us cover, please feel free to suggest it by e-mailing us at show@cymru.com.
How much is your identity worth? Team Cymru featured in this month's New Scientist
[20 MAY 2009] Team Cymru has been working with Jim Giles of New Scientist Magazine on an article involving the IRC channels and HTTP message boards used by criminals to trade compromised credit cards and other account details. His piece, "How much is your identity worth?", explains what he discovered with our help in a well-rounded and non-technical way. You can also pick up issue 2709 of the print magazine (23 May 2009).
Internet Malicious Activity World Map
[23 MAR 2009] We are pleased to add a new visualization to our stable of offerings, the Internet Malicious Activity World Map. This map highlights areas across the globe where we have seen malicious activity taking place, based on our wide range of data sources. In addition to the static map, a small version of which is shown above, we provide an animated movie showing the activity over the past 30 days. Both the static images and the movie are updated every day, so you'll always have the latest information at your fingertips. For more details, and to download the latest movie, check out the Internet Malicious Activity Maps page.
Tweet Tweet! Team Cymru is on Twitter!
[16 MAR 2009] You can now follow Team Cymru on Twitter for short daily updates of relevance to us and the wider Internet security community. We will mainly be tweeting news items of interest with brief commentary, announcements of new Team Cymru services and insights, and interesting trends noticable in our monitoring efforts. If you're not already on Twitter, you can create a free account, or simply follow our RSS feed with your RSS reader of choice!
In the current edition of the Cymru Quarterly...
[10 MAR 2009] "... Increasingly physical world crime and online crime have come together, enabling each other and at times dependent on each other. Skimmers are a continued criminal enterprise, pulling credit card details from ATM machines and stores worldwide. Those credentials are often recovered through a wireless link, and then sold in forums and chat rooms online. The physical world crime feeds the virtual world crime, and the talents of the hackers are used to build better skimmers and enable quicker access to those stolen credentials. It's not all keystroke loggers and other malware." Read more...
Team Cymru Announcement Mailing List
[26 FEB 2009] To make it easier for you to keep up with all of the invaluable tools and services that we're working on, we are pleased to make available an announcements e-mail list, where we will detail our new projects, tools, and insight as they are released. This will be the first place that anything new from Team Cymru will be detailed. You can join this mailing list at no cost by simply sending an e-mail to cymru-announce-subscribe@cymru.com from the address you'd like subscribed to the list. E-mail addresses will not be used for any purpose other than sending announcements, and will never be sold or disclosed to any third parties, and you may unsubscribe from the mailing list at any time - instructions will be provided in the subscription confirmation you will receive.
Team Cymru Makes a Middle East Push
[18 FEB 2009] In February 2009 Team Cymru made a big splash at Meftec 2009, the fifth edition of the annual banking and financial technology event in Bahrain. You can read more in these articles:
- Network security firm planning Mideast push - Gulf Daily News
- Team Cymru opens ME base - Trade Arabia
BIN Feed Launches
[08 DEC 2008] Team Cymru is pleased to announce a new service for global financial institutions. The BIN (Bank Identification Number) Feed provides vetted global financial institutions with no-cost access to a near-real-time list of potentially compromised bank and credit card accounts that appear to be their customers, via a secure web portal. To read more about this feed and for information on how financial institutions can sign up, check out the BIN Feed page.
Team Cymru Partners with Sunbelt Software
[18 NOV 2008] Clearwater, FL -- November 18, 2008 Sunbelt Software, a leading provider of Windows security and management software, today announced a new partnership with Team Cymru, an Internet security research firm, to deliver information and network security tools to aid cyber security professionals in the ongoing arms race against malware authors.
Team Cymru's malware analysis and aggregation capability now incorporates analyses powered by Sunbelts CWSandbox, the leading automated malware behavior analysis tool on the market, and Threat Track, Sunbelts malware data feeds.
Download the full press release for more details.
Team Cymru on BBC Radio
[10 NOV 2008] On Sunday November 9th 2008, Steve Santorelli from Team Cymru's outreach team took part in a BBC Radio program on "Cyber Terrorism", with a particular focus on botnets in the context of the recent cyber attacks on Georgia and Estonia. You can listen to an archive of the program and read our supporting write-up for more information.
Malware Hash Registry
[27 OCT 2008] Team Cymru is proud to announce our latest public service, the Malware Hash Registry. This service allows anyone to query for the MD5 or SHA-1 hash of a file to see if our malware analysis system has classified that file as malware, when it was first seen, and an approximate anti-virus detection rate. For more information, check out the Malware Hash Registry page!
BATTLE
[23 OCT 2008] Team Cymru is proud to announce a new portal that we are launching to assist Law Enforcement Officers (LEOs) worldwide. The Botnet Analysis and Tactical Tool for Law Enforcement (BATTLE) displays IRC and HTTP botnet data on an interactive world map in near real time. For more information and details of how LEOs can apply for access to this tool, check out the BATTLE page.
IRC C&C Map
[09 OCT 2008] The latest visualization of our Internet security research data, our IRC C&C Map shows the locations of Internet Relay Chat (IRC) Command and Control (C&C) servers on a world map, updated frequently with the latest data from our sophisticated monitoring systems. This map really brings home that online crime is a truly global problem - check it out!
Team Cymru has some interesting friends!
[17 MAY 2008] Terry Pudwell, Executive Chairman of compliance, configuration assurance and log management software vendor Assuria Ltd also happens to be an experienced racing driver, and Team Cymru were delighted to find their logo appearing on the side of Terry's 200mph Stealth B6 GT race car at a recent race at the fabulous Mugello Race Circuit in Italy. Trouble is, you couldn't easily see the logo at those kinds of speeds, so maybe we'll try to get him to put a bigger one on next time!
Malicious Activity Movies
[06 MAY 2008] As part of our Internet security research, we often run across interesting patterns and transitions. We have captured several of them and made them available as malicious activity movies, showing geographic movement and changes over time in several areas of interest. Check them out!
