Brian Jackson - Fotolia
Proofpoint Inc. researchers found a new traffic distribution system known as BlackTDS, which the vendor says is being advertised on the dark web. What is a traffic distribution system and what should enterprise security teams know about BlackTDS?
One key aspect of phishing attacks or other cyberattacks is the way web hosting is used to distribute malware or to host web-based content, such as phishing pages or advertising. Botnets are often used to host this content; however, doing so adds to the complexity of managing the botnet and directing the compromised systems to access the botnet's content.
With the continued segmentation of malware attacks in an attack's lifecycle, a malicious actor need only assemble pieces of the attack from multiple different sources, as the development of a cloud service for this was inevitable. This approach to hosting malicious content is an extension of bulletproof hosting, an approach to content distribution where malware campaigns use servers in locations where it is difficult to take down malicious websites.
Proofpoint recently discovered a new approach to distributing malicious content called BlackTDS, a multi-tenant traffic distribution system (TDS) that is used to distribute malware exploit kits, malicious advertising and the domain names of malicious hosts. A TDS is also capable of detecting when it is being investigated and can block security researchers from taking it down.
Like other TDSes, BlackTDS also has the ability to redirect web browsers to third-party sites for the next step in an attack. Enterprise security teams should know that BlackTDS is used for distribution of malware, and teams should ensure that their security tools include updated threat intelligence to guarantee malicious network connections are identified and blocked.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
New variants of popular botnets were found targeting IoT devices by Palo Alto Networks' Unit 42. Discover how these variants differ from their ... Continue Reading
Detected malware can now efficiently be tracked due to VirusTotal's enterprise version of its software. Discover what N-gram is and how it can be ... Continue Reading
A new Kronos banking Trojan variant was found to use process impersonation to bypass defenses. Learn what this evasion technique is and the threat it... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.