Snort is more about intrusion detection and network monitoring. What you are looking for is an intrusion prevention system.
From: [email protected] [mailto:[email protected]] On Behalf Of Peter Atkin Sent: 14 June 2013 17:57 To: [email protected]; 'Uganda Linux User Group' Subject: Re: [LUG] Zeus Botnet C&C in our neighbourhood Tel me more, not familiar with snort rules. always ready to learn and share. Kind Regards Peter Atkin (C.T.O) cfts.co (u) ltd. Get I.T.Right +256-772-700781 | Skype: peter2cfu www.cfts.co.ug <http://www.cfts.co/> | location details <http://www.cfts.co/contacts.html> | <http://ug.linkedin.com/in/peteratkin> view my profile From: Simon Vass [mailto:[email protected]] Sent: Friday, June 14, 2013 5:24 PM To: [email protected] <mailto:[email protected]> ; Uganda Linux User Group Subject: Re: [LUG] Zeus Botnet C&C in our neighbourhood I think snort rules might cover both of these. Great firewall IDS. On 14 June 2013 11:14, Peter Atkin <[email protected] <mailto:[email protected]> > wrote: Hi Philip, My Bad should have read more thoroughly Zeus and SpyEye are competing products working in a similar fashion, uploading IP block list now into our firewall for both Zeus and SpyEye. Certainly do not want to be victim of a bot net take over or attack.. thanks for the heads up Kind Regards Peter Atkin (C.T.O) cfts.co <http://cfts.co> (u) ltd. Get I.T.Right +256-772-700781 <tel:%2B256-772-700781> | Skype: peter2cfu www.cfts.co.ug <http://www.cfts.co/> | location details <http://www.cfts.co/contacts.html> | <http://ug.linkedin.com/in/peteratkin> view my profile From: [email protected] <mailto:[email protected]> [mailto:[email protected] <mailto:[email protected]> ] On Behalf Of Phillip Simbwa Sent: Friday, June 14, 2013 12:47 PM To: lug Subject: Re: [LUG] Zeus Botnet C&C in our neighbourhood @Peter (Atkin) The link I shared specifically tracks Zeus NOT SpyEye! Here is the link sent earlier: https://zeustracker.abuse.ch/index.php And this is what I posted: ************************************************************** Zeus is one of the most successful financial botnets in the history of botnets. Its very sophisticated and hard to detect let alone decisively deal with. It was has been used to hit mainly financial institutions but the recent trend is hitting any corporate organization. Why should you worry? There is a command and control (C&C) server in Rwanda and its been there since last year. https://zeustracker.abuse.ch/index.php The ISP serving this server happens to be MTN Rwandacell. Our UGCERT could start watching for any traffic terminating to that server (IP: 41.186.24.58) just in case that turns out to be the regional C&C . For the CIOs, check your network logs just in case... Cheers, -- - Phillip. **************************************************************** The links you have provided however track SpyEye and indeed there isn't any SpyEye C&C on that server in Rwanda. I think your were using looking for the wrong thing here... -- - Phillip. "Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer are in the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it out aynawy." ____________________________________________________________________________ ______ This e-mail is company confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains. Please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorized amendment; we do not accept liability for any such changes, or for their consequences. _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] <mailto:[email protected]> Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way. -- Simon Vass Managing Director E-Tech Uganda Ltd http://www.etech.ug Tel: +256 (0) 312260620 Email: [email protected] <mailto:[email protected]> ____________________________________________________________________________ ______ This e-mail is company confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains. Please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorized amendment; we do not accept liability for any such changes, or for their consequences.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
