nGran, LLC

Granular Network Security Solutions


nGran is a data security consulting  firm specializing in End-Point protection from and blocking solutions for malicious websites, user data privacy protection, security awareness training, networking, and security services to the Banking and Financial Services Industries.


Providing internet security to clients around the world.



 
nGran producs and services secure a variety
of clients, from Large Banks and Financial
Services corporations
to small, private companies.

Find out what we can do for you:

> Malicious Website Blocking Solutions
>
Web Application Intrusion Prevention
> Privacy Impact Assessments
> Security Awareness Training
> Website Redirection Notifications




Malicious Site Repeat Offenders

The Top Ten list of domain names and IP Addresses that have been identified as spreading surveillance tools, Malware and Scams for the month of September, 2014 are
shown below along with their major distributions. The sites originate mostly from CN and have been confirmed by independent researchers as distributing Spam and Malware including, Password stealers, Keyloggers, Injectors, Zeus variants, surveillance tools, Agents, Autostarts, Botnet controllers, Zbots, FakeAV, Redirection and Proxy sites and serve as IPTheft repositories.

For a more complete listing of repeat offender sites please review the items on the Research page of the nGran website.
-------------------------------------------------------
1. 203.205.148.100-105 - from CN.Shenzhen publishes numerous Backdoor threats as well as Injectors, Zeus, and Keyloggers
2. www.zilliontoolkitusa.info - US.OR.Boardman provides multiple Keyloggers, Zeus derivatives, and other surveillers
3. xingfubobo.com - from CN publishes numerous Zeus, Backdoors, surveillance tools and Infostealers
4. fuchangsi.com - from HK provides IPTheft repositories & hacktools
5. 52z.com - from CN publishes numerous Backdoors, Keyloggers, Injectors and Agent threats
6. liulanwangye.com - from CN.Taiyuan & Wuhan publishes multiple threats including Backdoors, Keyloggers and Agents
7. software.huafugongmao.com - from CN.Beijing publishes Backdoors, Downloaders and Chindo hacktools
8. zn.tybests.com - from CN.Chengdu publishes Keyloggers, Backdoors, Agents and Injectors
9. www.storebox1.info - from NL.Amsterdam publishes Agents, Backdoors, Injectors, and surveillance tools
10. dl.downloadaesaenineipi.com - from US.MA.Cambridge publishes Agents, Backdoors, and Krypt Trojans





The Malicious Website Problem
 

The number of malicious sites on the Internet that are either origination or distribution (O&D) points for Malware, Trackware, Phishing, Identity Theft and Spam have increased year by year by a factor of 10 over the past three years, and continue to rise dramatically in 2014. There are many estimates of cyber attacks per day and the range varies from roughly 10,00 to 250,000 attacks and depend on the profile of the site under attack. Sites that are high profile include US and Western European government as well as many commercial sites in those locations. Most attacks are tied to the use of Spyware and according to both Malware Bytes and Sophos, over 88% of those attacks emanate from the Internet. Many threats use stealth techniques to redirect unsuspecting Internet users from legitimate to malicious web sites. In the past two years there has also been a steady increase in attacking small business and consumers in the US and Western European locations. One reason is the lack of protection used when running a web site, especially if the site is "hosted" with weak access controls for personal or small businesses trying to reduce operating costs. According to OWASP, and new to the "Top Ten vulnerabilities" in June of 2013, was operating a web site with known and unpatched vulnerabilities. This state of the Internet is a perfect storm for malicious website operators who continue to exploit unsuspecting users.


To help users combat the glut of malicious sites, we recommend services such as those offered by iBlocklist at http://www.iblocklist.com or hpHosts at http://hosts-file.net/. All Internet users should limit their "attack surface" by curtailing connectivity to malicious websites. iBlocklist combined with Peerblock and nGran solutions, currently block over 20 Million malicious websites even on the smallest platforms. To further limit their exposure, users should take advantage of online services that check on the status of suspicious Internet domains. Mozilla has developed plugins for modern browsers, including supported hand-helds, Firefox and IE versions, based on the Web of Trust (WOT). nGran and others contribute findings daily to the WOT database ... it takes a community. The plugins are freely available from Mozilla and show abusive websites while warning unsuspecting users prior to establishing connectivity with such sites. It is important for all Internet users to protect themselves with the use of such tools as it will limit their exposure to malicious websites and Malware infections.


Other tools that should be used to reduce end-user attack surfaces include those provided by online blacklist services such as Spamhaus, l2.apews or barracuda.org. Site lookups for these services can be found at the following URLs shown below. Naturally if a domain shows to be blacklisted for abusive activity, then it stands to reason that such a site must be avoided until such time as the registered owner corrects that condition. End-users, Hosting Companies and Internet Service Providers must take more proactive roles in responding to malicious web site abuses and protecting their respective computers and identities.


http://whatismyipaddress.com/blacklist-check

http://www.robtex.com/







Blended Threats
Threat Research
Prevention, Protection, & Awareness


nGran has added more real time information feeds from industry leaders and links to the Federal Trade Commission (FTC) IDTheft web site to help raise awareness to the growing spyware and identity theft problems in the marketplace. Click on the Alliances link for more information. Also, visit our Research page to see our site threat lists, whitepapers, and products that are currently available.


Finally, we recommend that users contact the Internet Crime Complaint Center (IC3) for their latest information about protecting your PII and means of lodging complaints against malicious websites. IC3 can be contacted at the following link;


http://www.ic3.gov/default.aspx




This Web site is designed to work best when using version 3.0 or higher of Mozilla Firefox or version 6.0 or higher of Microsoft's® Internet Explorer. nGran, LLC believes that the information posted on this website is accurate as of its publication date; such information is subject to change without notice. nGran is not responsible for any inadvertent errors. All trademarks and registered trademarks are property of their respective owners. Copyright 2002-2014, nGran, LLC. All rights reserved.