Cryptolocker being installed via HTTPS

We know, we know, we know... proxies are complex.  It's much easier to install a Next Gen Firewall and check the box.  However, what are you going to do about DLP?  Additionally, what are you going to do about the latest Cryptolocker attack? Per here and below, Firefoxpatch.exe, which is indeed malware, is being distributed via the phaaccounty-taxes website:

Your answer may be to turn on HTTPS Decryption.  We'll let you in on an ugly little secret... most Next Gen Firewalls have performance degradation issues when this feature is turned on per this NSS Labs Test:

Are we saying Next Gen Firewalls are not the answer?  Not at all... they are absolutely part of the answer as the IPS, VPN, Application ID capabilities and traditional firewalling features are necessary.  However, you need to augment these solutions with feature rich proxies ala the Raytheon|Websense APX Solution to enable a complete Security Architecture.  Schedule a briefing with ESPO Systems today to learn more.

Dridex Operational This Morning

A Microsoft Word document, currently named Order Acknowledgement.doc, is propagating across the Internet this morning.  Per below, the doc has a malicious macro and is being leveraged as a dropper:

As we've seen all too frequently, the dropper will not only ping the Botnet via high numbered TCP Ports (TCP:3448 today)... but will also pull another exe into the environment:

As stated previously, the FBI was a little too aggressive with it's "marketing" of the takedown of Dridex in mid-October... as this is the same malware variant.  And, as has been seen frequently over the last year, our AV Vendors are not keeping up with these initial volleys with only 6 of 55 companies currently detecting:

In summary, the Raytheon|Websense APX Solution is one of the few vendors capable of protecting against this threat... across the entire Kill Chain.  Contact ESPO Systems if you'd like to schedule a briefing.