I think snort rules might cover both of these. Great firewall IDS. On 14 June 2013 11:14, Peter Atkin <[email protected]> wrote:
> Hi Philip,**** > > ** ** > > My Bad should have read more thoroughly Zeus and SpyEye are competing > products working in a similar fashion, uploading IP block list now into our > firewall for both Zeus and SpyEye.**** > > > Certainly do not want to be victim of a bot net take over or attack.. > thanks for the heads up**** > > ** ** > > Kind Regards **** > > **** > > Peter Atkin**** > > (C.T.O)**** > > cfts.co (u) ltd.**** > > **** > > Get I.T.Right **** > > +256-772-700781 | Skype: peter2cfu**** > > www.cfts.co.ug <http://www.cfts.co/> | location > details<http://www.cfts.co/contacts.html>| view > my profile <http://ug.linkedin.com/in/peteratkin>**** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On > Behalf Of *Phillip Simbwa > *Sent:* Friday, June 14, 2013 12:47 PM > *To:* lug > *Subject:* Re: [LUG] Zeus Botnet C&C in our neighbourhood**** > > ** ** > > @Peter (Atkin)**** > > > The link I shared specifically tracks Zeus NOT SpyEye!**** > > Here is the link sent earlier: https://zeustracker.abuse.ch/index.php**** > > And this is what I posted: > ************************************************************** > Zeus is one of the most successful financial botnets in the history of > botnets. > Its very sophisticated and hard to detect let alone decisively deal with. > It was has been used to hit mainly financial institutions but the recent > trend is hitting any corporate organization. > > Why should you worry? > > There is a command and control (C&C) server in Rwanda and its been there > since last year. > https://zeustracker.abuse.ch/index.php > The ISP serving this server happens to be MTN Rwandacell. > > Our UGCERT could start watching for any traffic terminating to that server > (IP: 41.186.24.58) just in case that turns out to be the regional C&C . > > For the CIOs, check your network logs just in case... > > Cheers, > > -- > - Phillip. > > ******************************************************************** > > ** ** > > The links you have provided however track SpyEye and indeed there isn't > any SpyEye C&C on that server in Rwanda.**** > > ** ** > > I think your were using looking for the wrong thing here...**** > > ** ** > > > -- > - Phillip. > > “Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in > waht > oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist > and lsat ltteer are in the rghit pclae. > The rset can be a toatl mses and > you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed > ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it > out aynawy." **** > > > __________________________________________________________________________________ > This e-mail is company confidential and may contain legally privileged > information. > If you are not the intended recipient, you should not copy, distribute, > disclose or use the information it contains. Please e-mail the sender > immediately and delete this message from your system. > Note: e-mails are susceptible to corruption, interception and unauthorized > amendment; we do not accept liability for any such changes, or for their > consequences. > > _______________________________________________ > The Uganda Linux User Group: http://linux.or.ug > > Send messages to this mailing list by addressing e-mails to: > [email protected] > Mailing list archives: http://www.mail-archive.com/[email protected]/ > Mailing list settings: http://kym.net/mailman/listinfo/lug > To unsubscribe: http://kym.net/mailman/options/lug > > The Uganda LUG mailing list is generously hosted by INFOCOM: > http://www.infocom.co.ug/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The mailing list host is not responsible for them in > any way. > -- Simon Vass Managing Director E-Tech Uganda Ltd http://www.etech.ug Tel: +256 (0) 312260620 Email: [email protected]
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
