• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Getting malware past firewalls/HIPS etc

John Connor

John Connor

Lifer
I was reading about XOR and found a couple articles on how malware can get past your intrusion protection system and firewall like Untangle and install the malware. It seems to be mostly delivered via E-mail. Until I find a way to block the .enc files in untangle I have added the keyword .enc to the router and all links with .enc will be dropped. Not the best, but it's better than nothing at the moment.

If you run a server, check your logs for .enc files that were downloaded.

The criminals behind the malware delivery system for GameOver Zeus have a new trick. Encrypting their EXE file so that as it passes through your firewall, webfilters, network intrusion detection systems and any other defenses you may have in place, it is doing so as a non-executable ".ENC" file. If you are in charge of network security for your Enterprise, you may want to check your logs to see how many .ENC files have been downloaded recently.

-snip-

In the new delivery model, the .zip file attached to the email has a NEW version of UPATRE that first downloads the .enc file from the Internet and then DECRYPTS the file, placing it in a new location with a new filename, and then causing it both to execute and to be scheduled to execute in the future.
Click to expand...

http://garwarner.blogspot.com/2014/02/gameover-zeus-now-uses-encryption-to.html

http://blog.crysys.hu/2014/02/gameo...-to-bypass-perimeter-security-enc-encryption/
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top