As usual, AntiVirus coverage is spotty as only 5 of 55 Companies currently have a signature available (McAfee and Symantec are MIA again):
Per this Raytheon|Websense File Sandbox Report, and as is typical with today's Blended Threats, this dropper file pulls another malicious file via HTTP from a site in Germany:
However, something interesting is going on with this 2nd bouncing ball, it phones home to a site in Russia. Of particular interest is the HTTP Post:
Question - are you monitoring outbound HTTP Posts to determine if Intellectual Property or PII is being exfiltrated? Better Question - if the Post was encrypted via HTTPS... would you be able to decrypt it and gain visibility into the data leak?
No comments:
Post a Comment