A new attack started at ~6amCST with a subject of "Auto insurance apps and documents" via
spam bots in Spain & India (88.2.161.115 & 59.97.76.10). The lure was a doc
attachment that, as you'll see via this
link,drops a number of files with malicious intent:
You will note that a number of outbound TCP connections are made (via TCP Ports 80, 443 and 8080) to IPs currently listed in the Websense URL database as bots. As such, a Websense Web Security Gateway customer would be protected even if an inferior Email Security Solution is in place.
BTW - we would strongly advise limiting your outbound TCP:80, 443 and 8080 connections to the IP of your Proxies only. A Policy Based Route (PBR) or WCCP on your firewall would elegantly address this.
Lastly, and as always, AntiVirus coverage is weak with only 3 of 57 AV Engines currently protecting. We at ESPO would therefore advise calling your AV Sales Rep and asking them to justify the expense :-)
No comments:
Post a Comment