Beta Bot (Neurevt)

Neurevt is a Trojan that affects computers running the Windows operating system. This trojan has been designed to steal sensitive information such as login credentials to certain services and operating system data from the user’s computer, among others.


Malware Command and Control unit. They are used by an attacker to control the victim’s devices, both to send as well as to receive information.


Conficker is a malware in the form of a computer worm targeting the Windows operating system. Once infected, a computer becomes part of a botnet in which each computer is controlled remotely by a central node. This malware can be used to perform multiple crimes and has mainly been used to steal information from infected systems and to send spam.

Cutwail (Pushdo)

Cutwail is a malware in the form of a Trojan that infects computers running the Windows operating system, which then become part of a botnet. It is basically used for spamming and downloading files containing malware onto the infected computer, where they are later executed.

Fake Coupon

Discount coupons or vouchers used as bait to obtain users’ personal information. They are usually shared via WhatsApp.

DNS Poisoning

Malicious DNS server that redirects users attempting to reach a legitimate site to a fake site for the purpose of stealing their personal information.

DoS (Denial of Service)

A Denial of Service (DoS) attack consist of carrying out certain actions in order to make a machine or network resource unavailable to its intended users. Examples: ping of death, SYN Flood, etc.


Dyre is a malware in the form of a Trojan that infects computers running the Windows operating system, which then become part of a botnet. Its most common applications include stealing credentials, spamming and downloading and installing other files containing malware.

E-mail Abuse

An attack executed through an e-mail message or a file attachment containing some type of malware.

Brute Force

Trial and error method. This is typically carried out with software that uses a dictionary containing the most commonly used passwords in order to decrypt the victim’s password by systematically checking all possible passwords and passphrases until the correct one is found.


Gamut is a malware in the form of a Trojan that affects computers running the Windows operating system. Infected computers become part of a botnet and are controlled remotely for criminal activities. The main goal of this botnet has been the distribution of spam.

Intrusion Attempt

Unauthorized login attempt. A brute force attack seeking to obtain the login credentials to a system. The most commonly reported protocol for this type of attacks is SSH.


Kelihos is the name of a botnet that uses P2P communications, which makes it difficult to detect the control centers. Some of the uses of the botnet include DoS attacks, spam, stealing Bitcoin wallets and Bitcoin mining.


Malicious code typically used to steal information, destroy systems totally or partially, or hijack information. Malware may be implanted through e-mail attachments, by downloading applications and by exploiting operating system vulnerabilities.

Mirai (iotmirai)

MIRAI is a botnet that affects the Internet of Things (IoT). This malware exploits the vulnerabilities of various devices, such as routers, digital video recorders and IP surveillance cameras. This botnet has mainly been used to carry out Denial-of-Service (DoS) attacks.

Open DNS Resolver

An open DNS resolver is a server that responds to any recursive domain name query without limiting query requests to local devices and/or authorized clients.

Open Relay

Open Relay is an SMTP server configured in such a way that it allows anyone on the internet to send e-mail through it.


Any other reported security incident that does not belong to the other categories.

PAC (Proxy auto-config)

A PAC attack redirects the victim’s browser traffic to a fraudulent proxy server. This allows the attacker to see all of the victim’s traffic and capture confidential information such as a usernames and passwords, or to hijack authentication sessions by stealing the victim’s cookies.

Pharming (Rogue DNS)

A form of exploiting a vulnerability in the DNS server software or in the users’ own devices that allows an attacker to redirect a website’s traffic to another, fake site.


A fraudulent attempt to obtain sensitive information by disguising a fraudulent site as a legitimate resource. These attacks are generally aimed at stealing users’ login credentials in order to carry out financial fraud. Phishing can infect systems through fake e-mails or when a user visits a website with a questionable reputation.


An intermediary server between a client and a destination server. Connection requests from the users of a network are sent to the desired destination through the proxy. This mechanism may allow the information that passes through it to be displayed, such as, for example, usernames/passwords or other sensitive information.

Proxy Poisoning

Servers hosting fake sites to which the victims of pharming attacks are redirected.


A malicious application that infects a computer and encrypts certain files. Ransomware restricts the user’s access to their files until a ransom is paid in exchange for the password to decrypt them.


Attack used to redirect users from one site to another, even by creating redirect chains. Users are generally redirected to a fraudulent site.

Unauthorized Prefix Advertising

Route advertisements from unauthorized origins. Route hijacking occurs when a device advertises a prefix that it is not authorized to announce. This can be intentional or due to an operational error.

Web Skimming

Web skimming is a form of attack whereby an attacker compromises a website in order to steal users’ payment information.


ZeroAccess is a malware in the form of a Trojan that infects computers running the Windows operating system, which then become part of a botnet. These botnets are controlled remotely by a central node and can be used for multiple malicious purposes. In addition to being controlled by a central unit, infected computers are mainly targeted for Bitcoin mining or for creating fraudulent online advertising campaigns.