AV isn’t going to detect advanced malware like CryptoLocker.

As a start I would do a egress filter trust to untrust for these IP’s.

https://discussions.nessus.org/thread/6799

The most
recent alert I saw yesterday came from the Center for Internet 
Security<http://www.cisecurity.org/>. In their advisory,
they listed the following IPs as being associated with the network activity:
144.76.192.130
192.155.83.72
212.2.227.70
95.59.26.43
162.243.66.243
162.243.70.51
166.78.144.80
192.210.230.39
194.28.174.119
195.22.26.231
195.22.26.252
195.22.26.253
195.22.26.254
212.71.250.4
50.116.8.191
69.61.18.148
74.91.124.113
86.124.164.25
87.255.51.229
93.189.44.187
95.211.172.143
96.43.141.186
Are your 3rd party software on the endpoints up to date?

Z

Edward E. Ziots, CISSP, CISA, Security +, Network +
Security Engineer
Lifespan Organization
[email protected]<mailto:[email protected]>
Work:401-255-2497


This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[cid:[email protected]]


From: [email protected] [mailto:[email protected]] On 
Behalf Of Ryan Shugart
Sent: Thursday, February 27, 2014 2:27 PM
To: [email protected]
Subject: [NTSysADM] Cryptolocker

Hi:
        We’ve been plagued with Cryptolocker for the past several months, just 
two infections yesterday.  We’re running McAfee 8.8 with the latest DATs and 
its just not finding this virus in time.  If anyone is using an antivirus 
solution that does detect this, can you let us know?  We’re interested in a 
possible switch.
Thanks.
Ryan

Ryan Shugart
LAN Administrator
MiTek USA, MiTek Denver
314-851-7414


© COPYRIGHT, MITEK HOLDINGS, INC., 2011-2013, ALL RIGHTS RESERVED
  ________________________________
This communication (including any attachments) contains information which is 
confidential and may also be privileged. It is for the exclusive use of the 
intended recipient(s). If you are not the intended recipient(s), please note 
that any distribution, copying, or use of this communication or the information 
in it is strictly prohibited. If you have received this communication in error, 
please notify the sender immediately and then destroy any copies of it.

<<inline: image001.png>>

Reply via email to