As we've seen all too frequently, the dropper will not only ping the Botnet via high numbered TCP Ports (TCP:3448 today)... but will also pull another exe into the environment:
As stated previously, the FBI was a little too aggressive with it's "marketing" of the takedown of Dridex in mid-October... as this is the same malware variant. And, as has been seen frequently over the last year, our AV Vendors are not keeping up with these initial volleys with only 6 of 55 companies currently detecting:
In summary, the Raytheon|Websense APX Solution is one of the few vendors capable of protecting against this threat... across the entire Kill Chain. Contact ESPO Systems if you'd like to schedule a briefing.
No comments:
Post a Comment