Friday, July 15, 2016

Wapack Labs Sinkhole Results - 18 universities

Between 7/4/16 - 7/5/16,  computers in eighteen research organizations or universities were identified beaconing out of their university environments to Wapack Labs operated sinkholes at the Internet Protocol address 23.253.46.64.

A sinkhole is DNS server that gives out false information, to prevent the use of the domain names it represents, often times redirecting information from one to another, where security researchers capture the data and analyze it for threats.

Wapack Labs monitors several such sinkholes --purchased by the team, these domains are typically command and control nodes that malware will call to, looking for instructions, when installed on a computer.  What a computer is identified on the sinkhole list, we assume it to be compromised. 

The full report was published to Wapack Labs on 7/5/16. For more information, users can search for the domain name on ThreatRecon.co or contact Red Sky Alliance or Wapack Labs for assistance at 844-4-WAPACK.

Universities mentioned in this report in crude Ali, Brookings, Brook Law, Boston University, Clarkson, CUNY, Georgia Tech,  Kean, Khai, Lake Forest, Missouri State, MSU, Najah, University of Rhode Island, UCLA, University of Houston, University of Kentucky, University of Michigan, and the University of Pennsylvania.