Report an incident
Report an incident

Takeover of Domain Silver, Inc .pl domains – updated with sinkhole statistics
23 August 2013 | CERT Polska | #botnet, #domain, #malware, #silver

On 30th of July, 2013 NASK terminate its agreement with a registrar, Domain Silver, Inc. We described the reason for that decision in a detailed technical report. Today we publish an updated version of the report with our sinkhole statistics. These statistics were made from 20 different botnets sinkholed by our servers. All of them used domains registered through Domain Silver, Inc. These are not all of the botnets that used Domain Silver as the registrar, but only ones that were sinkholed as of 23rd of July 2013. The botnet malware included ZeuS ICE IX, Citadel, Andromeda/Gamarue and Dorkbot/NgrBot. Among them is also the Citadel plitfi botnet, the takedown of which we described previously in a detailed report. Highlights from the gathered data are:

    • 101 831 unique IP addresses connected to our sinkhole on one day.
    • Connections were made from 191 different countries, however most of the connections were made from Europe.
    • Some botnets used geographical profiling in order to capture victims in a specific countries.

Full text of the UPDATED report can be found here or under the “Reports” tab.