SecureMe2 MalwarePedia

Category

Sinkhole

Priority

Urgent

Explanation

Malware is active on your client’s system, but the controller IP has been seized or diverted in order to disable the botnet. The infected client still tries to connect to it and, therefore, a breach and an infection occurred in the past. Sinkholed servers are former and disarmed Botnet Controllers that are disabled by security companies or law enforcement.

A DNS sinkhole, also known as a sinkhole server, Internet sinkhole, or BlackholeDNS is a DNS server that gives out false information, to prevent the use of a domain name.

Risk

A DNS sinkhole can be used to control the C&C traffic and other malicious traffic across the enterprise level. The sinkhole can be used to change the flow to malicious URLs by entering the fake entry in the DNS. These malicious URLs can be gathered from already known C&C servers, through the malware analysis process, open source sites that are providing malicious IP details, etc.

Action

Create Access-rule in the firewall to prevent connecting to the Sinkhole address.

More information

Door de site te te blijven gebruiken, gaat u akkoord met het gebruik van cookies. meer informatie

De cookie-instellingen op deze website zijn ingesteld op 'toestaan cookies "om u de beste surfervaring mogelijk. Als u doorgaat met deze website te gebruiken zonder het wijzigen van uw cookie-instellingen of u klikt op "Accepteren" hieronder dan bent u akkoord met deze instellingen.

Sluiten