19 Hours of Malware Blackout

by on | Leave a comment
Filed under Research Lab and tagged , , , .

For over 19 hours the internet in Syria was inaccessible. There was no access to internet resources from within and throughout the country.

This internet blackout was a really bad news for most Syrian citizens, but it was also a malware blackout for some of the cyber criminals, hacktivists, and other adversaries that were not able to control part of their targeted victims – those infected machines that were located in Syria at that time.

Through the following sneak peek to our botnet interception dataset, you can easily see that the amount of malware callbacks from Syrian IP addresses dropped, from several thousands a second to zero, yesterday at 18:45 GMT. The callback attempts of Syrian infected machines to malware C&C servers continued to be unsuccessful up until today at 14:15 GMT. At that time the malware activity in Syria went back to a normal rate.

Figure: Malware callbacks of Syrian infected devices drops to zero for 19.5 hours

The reason for this blackout is still unknown. However, now that access to the internet is back for the Syrian citizens, the attackers have also gained back their control of the infected machines which are located in Syria.

One thought on “19 Hours of Malware Blackout

  1. Alon

    This is nice (and definitely visual) but obviously predicted.

    However, it should be interesting to investigate if some malware “commited suicide” because of their internet connection loss, or how did the blackout affect malware in general.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>