[ Team Cymru Community Services ] [ Team Cymru Commercial Services ] [ Dragon Research Group ]
Startup's "power fingerprinting" approach catches stealthy #malware within milliseconds in DOE test (spotted Stuxnet) http://t.co/JsP3stAL2R | B.A.R.S. Feed is like four slices of #threatintelligence pie http://t.co/tBMTcSmaeM #NationalPieDay #botnet #malware http://t.co/tBMTcSmaeM | Madonna hacking suspect arrested by Israeli police #cybercrime #lawenforcement http://t.co/wICLC7CJvO http://t.co/wICLC7CJvO | pair of #Regin APT #Malware platform modules disclosed: 1 a lateral movement and 1 a backdoor http://t.co/NRxlgT2OWC http://t.co/NRxlgT2OWC | Free Coffee isn't the only perk of being our new #Malware Analyst! #Infosec #Careers http://t.co/20PjGtIMYH http://t.co/20PjGtIMYH | New RATs Emerge from Leaked #Njw0rm Source Code malware #cybercrime http://t.co/thm26nNESJ http://t.co/thm26nNESJ | #wordpress user? PageLines and Platform Themes Affected by Serious Security Flaws #infosec http://t.co/LsBEtnmgdt http://t.co/LsBEtnmgdt | Protect yourself from an avg of 7,000 #malware URLs PER DAY: our commercial #threatintel feeds http://t.co/CjYUe00P4z http://t.co/CjYUe00P4z | NOW HIRING: #SystemsEngineering #cybersecurity #malware http://t.co/20PjGtIMYH http://t.co/20PjGtIMYH | Fort Lauderdale City Spends $430,000 on Cyber Security After Anonymous Attack http://t.co/SL4gvc6gTv http://t.co/SL4gvc6gTv | Critroni/Curve-Tor-Bitcoin (CTB) Locker Ransomware Includes Freemium Feature, Extends Deadline http://t.co/FuJNKYai5G http://t.co/FuJNKYai5G | Exploit for Flash (v16.0.0.257) Zero Day Appears in Angler Exploit Kit http://t.co/P6KUgY5Sep http://t.co/P6KUgY5Sep | we're honored to be presenting today on our no cost community services at #UKNOF30 in London #infosec #malware http://t.co/tAAs4hc5uV | NOW HIRING #UK #malware analysts and other #infosec #careers ... join our round table! http://t.co/ZRNVegvllV http://t.co/ZRNVegvllV | Over 130 in depth security events resolved last year. Here's how.. http://t.co/0iGiP77kRA #datasecurity #DDoS http://t.co/0iGiP77kRA | What #cybersecurity issues are making you do this? Let us know! http://t.co/0iGiP77kRA #malware #threatintelligence http://t.co/0iGiP77kRA | 1-15 January 2015 Cyber Attacks Timeline from @paulsparrows, we *love* these summaries http://t.co/qeSaey29T7 | ONE in A HUNDRED reported bugs exploited, says Cisco (so...don't worry, be happy?) http://t.co/tII0Y217NH http://t.co/tII0Y217NH | Oracle fixing 167 vulnerabilities, including serious E-Business Suite flaw http://t.co/ZWXcZAUZWJ | Ubuntu Patches Several Security Flaws #infosec #hacking #cybercrime http://t.co/kp1BtGrh1r http://t.co/kp1BtGrh1r | Syrian Electronic Army hacks twitter Account of French Newspaper Le Monde http://t.co/pfYm1LW3yO http://t.co/pfYm1LW3yO | Access our ENTIRE database over 100 million samples http://t.co/VtIWGwPu9y #malwarehawk #malware #malwareanalysis http://t.co/VtIWGwPu9y | Thanks @SecMiddleEast for the mention! http://t.co/DWnP96cQhN We have tools to mitigate #DDoS https://t.co/Snu5f2XYAE http://t.co/DWnP96cQhN | PlugX #Malware Found in Official Releases of League of Legends, FIFA Online 3 http://t.co/yVRy5gAHhC http://t.co/yVRy5gAHhC | 48 hrs for the #infosec fix that shouldn't have been necessary, for API Flaw in Verizon email http://t.co/8Dc6viLLeu http://t.co/8Dc6viLLeu | VLC has a Billion downloads, now it looks like v 2.1.5 had *two* 0-days in it's codec library http://t.co/nzYi9tXFXa http://t.co/nzYi9tXFXa | #infosec #hacking CMD-line Tool to Sniff and Capture HTTP/FTP/POP3/SMTP/IMAP passwords http://t.co/f6qLkjQQAy http://t.co/f6qLkjQQAy | NOW HIRING #UK #malware analysts and other #infosec #careers ... join our round table! http://t.co/ZRNVegvllV http://t.co/ZRNVegvllV | all about ENISA's "Guide on actionable information for security incident response" #infosec http://t.co/n4zs7glUoU | NYT reports that the U.S. penetrated North Korean networks 2 years ago with South Korean help, via Chinese networks http://t.co/u2ccYSFOUb
Team Cymru in the UK: TC-UK INTERNET SECURITY YouTube RSS Feed Twitter

Recent Data

[ Data Page 1 ] [ Data Page 2 ] [ Data Page 3 ] [ Data Page 4 ] [ Data Page 5 ]

IP Protocol Trends

Our global view of Internet traffic provides many useful insights, one of which is the relative prevalance of various IP protocols. This chart shows the most commonly seen IP protocols, and their relative popularity in sampled network traffic over the past 30 days. Note that the Y axis is scaled logarithmically, so even small differences on the chart reflect significant differences in usage levels.

View all available monitoring graphs

Sampled DNS Request Rate (daily)

Our insight into Internet traffic around the globe allows us to sample and estimate trends in Domain Name System (DNS) requests, one of the key pieces of Internet infrastructure. This chart provides a glimpse into that sampled rate over the past 30 days, aggregated daily, for both TCP and UDP DNS requests (though the TCP request rate is so low it is difficult to discern).

View all available monitoring graphs

Top 10 UDP Ports (logarithmic scale)

This chart shows the top 10 UDP ports seen in sampled global Internet traffic in our most recent hourly data sample. This chart is on a logarithmic scale, so the difference between the top port (usually UDP/53) and the bottom port may be more significant than it appears to the naked eye.

View all available monitoring graphs

Underground Economy Activity

This chart shows a very general sampled indicator of the average number of messages per hour seen each day in various underground economy forums for the past 30 days. The numbers should not be taken as absolutes, and have considerable sampling error, but are believed to be a reasonable indicator of overall trends.

View all available monitoring graphs

Internet Malicious Activity Maps

Internet Malicious Activity Hilbert Map The map to the left shows network locations of malicious activity on the Internet within the past 30 days, plotted using a Hilbert curve. Check out our Internet Malicious Activity Maps page for full details and a larger view of this and other maps.

Recent Releases

Our contribution to Operation Ghost Click

[17 NOV 2011] On 09 November 2011, US law enforcement released details of a major series of arrests as part of Operation Ghost Click. Team Cymru is proud to have been able to add details of victim computers that were part of this criminal infrastructure into one of our daily feeds of data that is provided at no cost to providers around the world. These lists of affected IP addresses enable network managers to identify and remediate computers infected by malware that are taking part in criminal activities.

This has a direct impact on people: it disrupts criminals and improves the lives of legitimate Internet users everywhere; we're honored to have been able to contribute to this effort. Our great thanks to all who contributed to this team effort.

Details of the case and our commentary can be found in this darkreading.com article. Images of the data we provided to our partners can be found via Twitter here and here.

Unexpected and unsubstantiated blog post

[25 OCT 2011] A recent blog post appeared to draw the unsubstantiated conclusion that more than 760 organizations were compromised with some of the same resources used to hit RSA earlier this year. Team Cymru was one of the organizations named in the posting.

We have no evidence of compromise related to incidents at RSA or anywhere else. The source of the report, and those who revealed and posted it, didn't take the time to contact us, or to share incident details with us. Thus we are unable to investigate further. We hope that those who gathered this data will responsibly disclose it to the potential victims.

Please note that without more details on the methodology used to determine the list of organizations, and a scientific review of the same, it's not safe to assume that an entry on the list means either "victim" or "false positive". We've seen no data or methodology description that would support either case.

New Underground Insight: A Criminal Perspective on Exploit Packs

[05 MAY 2011] The Team Cymru Business Intelligence Team is pleased to announce the release of their latest paper, entitled "A Criminal Perspective on Exploit Packs". This paper chronicles the genesis and historical eveolution of the Browser Exploit Pack (BEP). We discuss our research into the installation and usage of 40 different packs. Most notably, the paper discusses dishonor among coding thieves and the entrenched practice of "statistics shaving". Finally, we examine the monetization, code protection, and overall effectiveness of the various packs. For full details, check out the whitepaper, and don't forget to look at the rest of our whitepapers as well!

Team Cymru moving to Florida

[04 MAY 2011] Team Cymru today announced that they are relocating their headquarters staff from Chicago, Illinois, to Central Florida over the summer. The majority of our Chicago staff will move and are excited at the prospect of continuing to use our insight to improve lives, but from a significantly warmer location.

We do not forsee any disruption to our community or commercial feeds and services during this transition and we will continue to update our partners with news as appropriate. If you have any questions or concerns in the meantime, please e-mail outreach@cymru.com and we will be happy to discuss them with you!

View older news items in our news archives.

Friends of Team Cymru  
  CSIRT-MU DomainSponsor Dyn, Inc. F-Secure  
  FIRST GoDaddy.com Interoute Communications Oversee.net GOVCERT-LU  
  REN-ISAC Savvis Communications Support Intelligence Tata Communications Verizon Business INTECO CERT  

Team Cymru Community Services