Thu 13Oct2016

From 12.00 until 13.30

At ETH Zurich, CNB/F/110

Universitätstrasse 6, 8092 Zurich


- MELBL - (MELANI Botnet List): The MELANI botnet list contains botnet IPs/Domains which, we extract from malware binaries/configs or which we get from other partners. Different ISPs block the listed C&Cs via BGP Feed or on their security gateways.

- MalDB: The malware database is filled up by MELANI and we inform infected website owners respectively their ISPs.

- PhishDB: We run the website and take down (if possible) the phishing sites and provide blocking lists for the ISPs, Google, Microsoft etc.

- IDS Feed: We do offer a Suricata/Snort feed for the above mentioned lists.

- DroneDB: Different sinkhole providers send us their logs, we normalize the logs and inform the ISPs respectively the companies or citizens.

- Web crawler: We have developed a web crawler, which is searching for infected CH websites. If the crawler finds any infected domains, we put them in the malware database.

- Malvertising: Different CH Newspaper agencies were distributing malware in 2015/2016. We would show you, how the infection chain worked and how we were involved respectively what we have developed to recognize such infections.

- Incident response and malware analysis in the RUAG espionage case. We are going to quickly pinpoint a few interesting facts about the Security Response at the RUAG case and make a short introduction about the malware used by the attacker group.

Download Event to Calendar