I did not receive notification from my ISP. I found out about it when I was corresponding with someone from work on my personal email address and the email kept getting held. I looked at *why* it was being held and the info was that it was being held by the CBL.ABUSEAT.ORG block list. They in turn told me that the external IP of our firewall was listed due to the Torpig/Anserin/Mebroot traffic. *shrug*
I'm looking at probably 2-3 dozen computers total in one location. From: Shauna Hensala [mailto:[email protected]] Sent: Monday, October 03, 2011 1:53 PM To: NT System Admin Issues Subject: RE: Torpig/Anserin/Mebroot infection How many machines are we talking about here? All local or some in remote locations? The ISP did not provide the IP of the device that was misbehaving? Shauna Hensala ________________________________________ From: [email protected] To: [email protected] Subject: Torpig/Anserin/Mebroot infection Date: Mon, 3 Oct 2011 13:22:56 -0400 So, our external IP is blacklisted because apparently one of our machines is infected with a banking Trojan. Short of going to each and every individual machine on the network, the only thing I can think of to do is to set up logging of the ASA to a syslog server. I have downloaded and installed a trial version of Kiwi syslog, but I cant figure out how to configure it to forward the log files to my system. Anyone here able to provide a good how-to? I *did* Google, but apparently my Google-fu sucks, as I wasnt able to find instructions that made sense to me. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
