malvertising detection

Updates about recent increase in infections

January 28, 2016 | By

Six days ago, we added the Disconnect.me malware tracker and “malvertising” tracker to the list of supported open source domain feeds in strongarm.io. Since then, we have seen a significant increase in the number of discovered infections across all strongarm.io users.

We built strongarm.io to block and intercept the downloading of malware and malware command-and-control. We strive for zero false positives; if strongarm.io generates a notification it’s because we believe you need to know about what’s happening on your network and take action accordingly.

Unfortunately, many of the domains in the disconnect.me “malvertising” list do not meet our criteria for blackholing in strongarm.io; they are not currently serving malware or malware command-and-control. Because of this, we are removing this feed from strongarm.io immediately. Based on our analysis, the domains on this list that do meet our criteria are also included in the disconnect.me malware feed and other feeds we already support.

No immediate action is needed on your part. If you would like help understand your infections in strongarm.io we are always here to help you. Feel free to contact us.

In light of this experience, new domain feeds will be deployed both internally and for select early adopters before making them generally available to all users. If you would like to opt-in to these feeds, feel free to send us an email.