[ Team Cymru Community Services ] [ Team Cymru Commercial Services ] [ Dragon Research Group ]
Thanks @ChrisTheDJ @INQ for the mention! http://t.co/aBB8rzCnZx #SOHO #router http://t.co/aBB8rzCnZx | CAREERS: @teamcymru is looking for you! #Linux #SysAdmin http://t.co/rLFg0hOWvC http://t.co/rLFg0hOWvC | Prosecutors Trace $13.4M in Bitcoins From the Silk Road to Ulbricht's Laptop #hacking http://t.co/sbjvQpwqIm | What really is the most secure iOS messaging app? #privacy http://t.co/8vCY2SPrEr | Vivaldi, a New Browser Launched by Former Opera CEO http://t.co/yZLtn9yojO http://t.co/yZLtn9yojO | iTunes Connect let developers log into stranger's accounts #cybercrime http://t.co/55MVsyhIpb http://t.co/55MVsyhIpb | Singapore Forms New #Cyber Security Agency http://t.co/Ph679E1Hlr http://t.co/Ph679E1Hlr | did Anonymous knock out Xbox Live yesterday http://t.co/feVDkYs9MF http://t.co/feVDkYs9MF | ZynOS firmware in your router? DNS hijacking of D-Link, TP-Link Technologies and ZTE hardware http://t.co/0OmL3XogO7 http://t.co/0OmL3XogO7 | World's largest #DDoS attack from last month reached 400Gbps, says Arbor Networks #infosec http://t.co/vXl8nszfR8 http://t.co/vXl8nszfR8 | another United website #infosec breach lets fliers see each others' private data http://t.co/B1nYrRFWrr http://t.co/B1nYrRFWrr | Great Firewall of China Mis-Configuration raised suspicion of a #DDoS attack that wasn't http://t.co/VOHJ5QA3yk http://t.co/VOHJ5QA3yk | #BOTNET UPDATE: 5 NEW families just added to our BARS feed. We help you stop anything http://t.co/swqV3KUvlM #malware http://t.co/swqV3KUvlM | Apple "finally kneels before the great firewall of China" and agrees to their security audits http://t.co/MtoASYXkKL http://t.co/MtoASYXkKL | CAREERS @teamcymru looking for you! Knowledgeable about #malware #bootkit #md5 #cybersecurity? http://t.co/71hRNfVOYW http://t.co/71hRNfVOYW | Multiple vulnerabilities in the FreeBSD kernel code, #patch to 10.1-RELENG or related http://t.co/IzdeiUfiEH | #infosec tool: SmartSniff v2.16 - Capture TCP/IP packets on your network adapter http://t.co/WLCUO2uqXj http://t.co/WLCUO2uqXj | House takes first steps on Federal Data Breach Law, businesses urge limits citing 'over notification' of #breaches http://t.co/jtTcBGTZjE | Malicious #malware Macros Used with Empty Microsoft Word Document http://t.co/uQX3LtagJc | 5 new #botnet families added to our commercial #threatintelligence feed. Which ones? Just ask http://t.co/CjYUe00P4z http://t.co/CjYUe00P4z | Over a Decade and Still Running: Targeted Attack Tool Vtask runs in VB and Hides Windows Tasks http://t.co/uUBt8BC2jN http://t.co/uUBt8BC2jN | Thunderstrike Patch Slated for Inclusion in New OS X Build Yosemite 10.10.2 http://t.co/PzAC9Vq43C http://t.co/PzAC9Vq43C | Tubrosa #Trojan inflates views count artificially on YouTube, uses PGP to foil verification http://t.co/TxcGehX7rB http://t.co/TxcGehX7rB | We added 5 new #botnet families in 2015 while the OTHER GUYS nap! http://t.co/CjYUe00P4z #threatintelligence http://t.co/CjYUe00P4z | AT&T short codes exposes users to #phishing #cybercrime scams http://t.co/jzhw0MUSPP http://t.co/jzhw0MUSPP | #DDoSing Facebook? our @stevesantorelli tells Reuters it's 'not entirely impossible, but would be monumentally hard' http://t.co/tJNKuTDghD | #Kashmir #hacktivism prompts doxing of Indian President, kids plus addresses and passwords http://t.co/xPJJ1FoHQ3 http://t.co/xPJJ1FoHQ3 | Bitcoin news website Coinfire and its Twitter account hacked http://t.co/w9HI6VTJSi http://t.co/w9HI6VTJSi | Russian Dating Site Topface Hacked for 20 Million User Names http://t.co/nIZ9v0FwwH
Team Cymru in the UK: TC-UK INTERNET SECURITY YouTube RSS Feed Twitter

Recent Data

[ Data Page 1 ] [ Data Page 2 ] [ Data Page 3 ] [ Data Page 4 ] [ Data Page 5 ]

Overall Malicious Activity, Top 10 Countries

This chart lists the top 10 countries seen contributing to malicious activity online in the last 24 hours, as a percentage relative to total malicious activity in the same period. IP geolocation isn't perfect, so this data isn't exact, but we believe it should be roughly representative of the current global picture.

View all available monitoring graphs

Bot Activity, Top 10 Countries

This chart lists the top 10 countries seen contributing to botnet activity online in the last 24 hours, as a percentage relative to total malicious activity in the same period. IP geolocation isn't perfect, so this data isn't exact, but we believe it should be representative of the current global picture.

View all available monitoring graphs

Sampled DNS Request Rate (hourly)

Our insight into Internet traffic around the globe allows us to sample and estimate trends in Domain Name System (DNS) requests, one of the key pieces of Internet infrastructure. This chart provides a glimpse into that sampled rate over the course of seven days, aggregated hourly, for both TCP and UDP DNS requests (though the TCP request rate is so low as to be virtually impossible to see).

View all available monitoring graphs

Sampled Internet Traffic Rate (daily)

We receive sampled and generalized information about Internet traffic flow rates from many partners, and this chart reflects those rates over the past 30 days, aggregated daily. This is by no means the "full speed" of the Internet, but a way of seeing trends and patterns within the overall mix of traffic.

View all available monitoring graphs

Internet Malicious Activity Maps

Internet Malicious Activity Hilbert Map The map to the left shows network locations of malicious activity on the Internet within the past 30 days, plotted using a Hilbert curve. Check out our Internet Malicious Activity Maps page for full details and a larger view of this and other maps.

Recent Releases

Our contribution to Operation Ghost Click

[17 NOV 2011] On 09 November 2011, US law enforcement released details of a major series of arrests as part of Operation Ghost Click. Team Cymru is proud to have been able to add details of victim computers that were part of this criminal infrastructure into one of our daily feeds of data that is provided at no cost to providers around the world. These lists of affected IP addresses enable network managers to identify and remediate computers infected by malware that are taking part in criminal activities.

This has a direct impact on people: it disrupts criminals and improves the lives of legitimate Internet users everywhere; we're honored to have been able to contribute to this effort. Our great thanks to all who contributed to this team effort.

Details of the case and our commentary can be found in this darkreading.com article. Images of the data we provided to our partners can be found via Twitter here and here.


Unexpected and unsubstantiated blog post

[25 OCT 2011] A recent blog post appeared to draw the unsubstantiated conclusion that more than 760 organizations were compromised with some of the same resources used to hit RSA earlier this year. Team Cymru was one of the organizations named in the posting.

We have no evidence of compromise related to incidents at RSA or anywhere else. The source of the report, and those who revealed and posted it, didn't take the time to contact us, or to share incident details with us. Thus we are unable to investigate further. We hope that those who gathered this data will responsibly disclose it to the potential victims.

Please note that without more details on the methodology used to determine the list of organizations, and a scientific review of the same, it's not safe to assume that an entry on the list means either "victim" or "false positive". We've seen no data or methodology description that would support either case.


New Underground Insight: A Criminal Perspective on Exploit Packs

[05 MAY 2011] The Team Cymru Business Intelligence Team is pleased to announce the release of their latest paper, entitled "A Criminal Perspective on Exploit Packs". This paper chronicles the genesis and historical eveolution of the Browser Exploit Pack (BEP). We discuss our research into the installation and usage of 40 different packs. Most notably, the paper discusses dishonor among coding thieves and the entrenched practice of "statistics shaving". Finally, we examine the monetization, code protection, and overall effectiveness of the various packs. For full details, check out the whitepaper, and don't forget to look at the rest of our whitepapers as well!


Team Cymru moving to Florida

[04 MAY 2011] Team Cymru today announced that they are relocating their headquarters staff from Chicago, Illinois, to Central Florida over the summer. The majority of our Chicago staff will move and are excited at the prospect of continuing to use our insight to improve lives, but from a significantly warmer location.

We do not forsee any disruption to our community or commercial feeds and services during this transition and we will continue to update our partners with news as appropriate. If you have any questions or concerns in the meantime, please e-mail outreach@cymru.com and we will be happy to discuss them with you!


View older news items in our news archives.

Friends of Team Cymru  
  CSIRT-MU DomainSponsor Dyn, Inc. F-Secure  
  FIRST GoDaddy.com Interoute Communications Oversee.net GOVCERT-LU  
  REN-ISAC Savvis Communications Support Intelligence Tata Communications Verizon Business INTECO CERT  
 

Team Cymru Community Services