Defend Against Botnets with IP Scanning

According to a recent ThreatPost article, during a two-week time span earlier this year, thousands of poorly protected computers were compromised by a botnet that came from a singular malicious website. The botnet targeted weak remote desktop protocol (RDP) connections and brute forced them open, which allowed cyber-attackers to easily access user credentials and extract payment card information.

Try Metascan Online's new IP scanning feature!While it is not clear how the malware is being spread, according to researchers from FireEye, it appears to have circulated from one particular site - destre45[dot]com. In conjunction with weak password settings, users could leave themselves incredibly vulnerable to botnet attacks by unknowingly visiting a malicious website without taking the necessary precautions.

We decided to investigate this threat further and scanned the questionable website, utilizing our new IP reputation scanning feature that was recently launched into beta via our Metascan Online site. The result was that 3 of the 15 available reputation sources reported the website containing some form of malware. This capability allows users to take advantage of an aggregated IP reputation analysis and scan unfamiliar IP addresses or websites beforehand, ensuring that the website they plan to visit is not putting their personal information in jeopardy.

View IP Scanning Results

IP Scanning Botnet Results

Malicious sites such as highlighted in this blog reinforce that users must take additional steps to ensure they are not connecting to malicious websites and become victims of cyber-attacks. While avoiding unfamiliar IP addresses or websites is the best course of action, if a user must connect to an unknown IP address they should add IP reputation scanning as an extra layer of security against potential botnet attacks.

As we mentioned, the all-new IP scanning feature for Metascan Online is currently in beta and we would love to get feedback from our amazing community! Tweet us @OPSWAT to let us know your thoughts about this new feature or ways we can improve it before we push the new feature to GA.

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.