A new Dridex Variant is propagating across the internet via email this morning. The M$ Word attachment, labeled "Penta Invoice", has a very low catch rate currently:
As such, it is highly likely your users will be compromised as you are unlikely to be blocking M$ Office files. It is therefore recommended that you check your proxy & firewall logs for the phone home:
Note that a Websense AP-Web customer, leveraging the Websense ACE Technology via their next gen proxy platform, would have detected/blocked the payload delivered via HTTP in real-time... even if an inferior email security solution was in place. The reference to Threat.Malicious.Web.RealTime in the above screen shot validates this.
Lastly, and as always, ESPO recommends you squeeze your AV Vendor and apply the budget savings towards the purchase of a File Sandboxing Solution. The Websense report, previously called ThreatScope, is available here for your viewing pleasure.
No comments:
Post a Comment