thanks ... or could just be normal malware churn, and I've the the lucky one 3 times in 3 days :)
On Tue, Sep 13, 2011 at 8:23 AM, Ziots, Edward <[email protected]> wrote: > Could be I haven’t heard anything through the underground yet on this > fact, but if I do I will post. **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots**** > > CISSP, Network +, Security +**** > > Security Engineer**** > > Lifespan Organization**** > > Email:[email protected]**** > > Cell:401-639-3505**** > > [image: CISSP_logo]**** > > ** ** > > *From:* Erik Goldoff [mailto:[email protected]] > *Sent:* Tuesday, September 13, 2011 5:58 AM > *To:* NT System Admin Issues > *Subject:* RE: anyone else seeing Hiloti malware zero day ?**** > > ** ** > > Last I saw qakbot was about 2 years ago, this was a new variant … wonder > if maybe there’s a new malware construction toolkit out …**** > > ** ** > > *Erik Goldoff*** > > *IT Consultant***** > > *Systems, Networks, & Security ***** > > ' Security is an ongoing process, not a one time event ! '**** > > *From:* Ziots, Edward [mailto:[email protected]] > *Sent:* Monday, September 12, 2011 9:40 AM > *To:* NT System Admin Issues > *Subject:* RE: anyone else seeing Hiloti malware zero day ?**** > > ** ** > > Qakbot I have seen off and on, and its variants ( maybe they tweaking it > for other infections) **** > > ** ** > > Z**** > > ** ** > > Edward E. Ziots**** > > CISSP, Network +, Security +**** > > Security Engineer**** > > Lifespan Organization**** > > Email:[email protected]**** > > Cell:401-639-3505**** > > [image: CISSP_logo]**** > > ** ** > > *From:* Erik Goldoff [mailto:[email protected]] > *Sent:* Sunday, September 11, 2011 11:08 AM > *To:* NT System Admin Issues > *Subject:* RE: anyone else seeing Hiloti malware zero day ?**** > > ** ** > > Must be my lucky week, we also caught an ‘undetected’ variant of qakbot too > **** > > ** ** > > *Erik Goldoff*** > > *IT Consultant***** > > *Systems, Networks, & Security ***** > > ' Security is an ongoing process, not a one time event ! '**** > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* Saturday, September 10, 2011 10:20 PM > *To:* NT System Admin Issues > *Subject:* Re: anyone else seeing Hiloti malware zero day ?**** > > ** ** > > Not I... > **** > > *ASB***** > > *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>***** > > *Harnessing the Advantages of Technology for the SMB market…***** > > ** ** > > On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff <[email protected]> wrote:** > ** > > At a client site Wednesday had a Hiloti outbreak, found by IDS signatures > but not AV. Had to submit captured DLL from loadpoint analysis for > examination by AV vendors to have signatures updated. Today, only two days > later, a new variant of Hiloti is back in the wild.**** > > Anyone else seeing this ?**** > > **** > > *Erik Goldoff***** > > *IT Consultant***** > > *Systems, Networks, & Security ***** > > ' Security is an ongoing process, not a one time event ! '**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin**** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
<<image003.jpg>>
<<image002.jpg>>
