RE: anyone else seeing Hiloti malware zero day ?
Last I saw qakbot was about 2 years ago, this was a new variant … wonder if maybe there’s a new malware construction toolkit out … Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, September 12, 2011 9:40 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Qakbot I have seen off and on, and its variants ( maybe they tweaking it for other infections) Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 CISSP_logo From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Sunday, September 11, 2011 11:08 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Must be my lucky week, we also caught an ‘undetected’ variant of qakbot too Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, September 10, 2011 10:20 PM To: NT System Admin Issues Subject: Re: anyone else seeing Hiloti malware zero day ? Not I... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
RE: anyone else seeing Hiloti malware zero day ?
Could be I haven't heard anything through the underground yet on this fact, but if I do I will post. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, September 13, 2011 5:58 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Last I saw qakbot was about 2 years ago, this was a new variant ... wonder if maybe there's a new malware construction toolkit out ... Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Monday, September 12, 2011 9:40 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Qakbot I have seen off and on, and its variants ( maybe they tweaking it for other infections) Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Sunday, September 11, 2011 11:08 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Must be my lucky week, we also caught an 'undetected' variant of qakbot too Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, September 10, 2011 10:20 PM To: NT System Admin Issues Subject: Re: anyone else seeing Hiloti malware zero day ? Not I... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage002.jpgimage003.jpg
Re: anyone else seeing Hiloti malware zero day ?
thanks ... or could just be normal malware churn, and I've the the lucky one 3 times in 3 days :) On Tue, Sep 13, 2011 at 8:23 AM, Ziots, Edward ezi...@lifespan.org wrote: Could be I haven’t heard anything through the underground yet on this fact, but if I do I will post. ** ** Z ** ** Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 [image: CISSP_logo] ** ** *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Tuesday, September 13, 2011 5:58 AM *To:* NT System Admin Issues *Subject:* RE: anyone else seeing Hiloti malware zero day ? ** ** Last I saw qakbot was about 2 years ago, this was a new variant … wonder if maybe there’s a new malware construction toolkit out … ** ** *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Ziots, Edward [mailto:ezi...@lifespan.org] *Sent:* Monday, September 12, 2011 9:40 AM *To:* NT System Admin Issues *Subject:* RE: anyone else seeing Hiloti malware zero day ? ** ** Qakbot I have seen off and on, and its variants ( maybe they tweaking it for other infections) ** ** Z ** ** Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 [image: CISSP_logo] ** ** *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Sunday, September 11, 2011 11:08 AM *To:* NT System Admin Issues *Subject:* RE: anyone else seeing Hiloti malware zero day ? ** ** Must be my lucky week, we also caught an ‘undetected’ variant of qakbot too ** ** *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Saturday, September 10, 2011 10:20 PM *To:* NT System Admin Issues *Subject:* Re: anyone else seeing Hiloti malware zero day ? ** ** Not I... *ASB* *http://XeeMe.com/AndrewBaker http://xeeme.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* ** ** On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote:** ** At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? *Erik Goldoff* *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise
Re: anyone else seeing Hiloti malware zero day ?
We have caught one, also found by IPS (Palo Alto) but not AV (Trend) On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? ** ** *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: anyone else seeing Hiloti malware zero day ?
Trend catches nothing of note at all here. I'm seriously considering recommending it is replaced. Whitelisting catches 5 or 6 nasties a week, all of which slip under the Trend radar. Having said that, on VirusTotal the nasties that we've found are very typically low detection by the big AV vendors. I'm starting to toy with the idea of removing reactive AV altogether and relying completely on whitelisting, but losing the belt and braces approach makes me a little nervous. On 12 September 2011 13:08, Kevin Lundy klu...@gmail.com wrote: We have caught one, also found by IPS (Palo Alto) but not AV (Trend) On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? ** ** *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. * * The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. * * In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets** ** At Home yesterday. * * We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * * The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: anyone else seeing Hiloti malware zero day ?
Qakbot I have seen off and on, and its variants ( maybe they tweaking it for other infections) Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Sunday, September 11, 2011 11:08 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Must be my lucky week, we also caught an 'undetected' variant of qakbot too Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, September 10, 2011 10:20 PM To: NT System Admin Issues Subject: Re: anyone else seeing Hiloti malware zero day ? Not I... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market... On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg
RE: anyone else seeing Hiloti malware zero day ?
Must be my lucky week, we also caught an ‘undetected’ variant of qakbot too Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, September 10, 2011 10:20 PM To: NT System Admin Issues Subject: Re: anyone else seeing Hiloti malware zero day ? Not I... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: anyone else seeing Hiloti malware zero day ?
Never a dull moment. :) * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Sun, Sep 11, 2011 at 11:08 AM, Erik Goldoff egold...@gmail.com wrote: Must be my lucky week, we also caught an ‘undetected’ variant of qakbot too ** ** *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Saturday, September 10, 2011 10:20 PM *To:* NT System Admin Issues *Subject:* Re: anyone else seeing Hiloti malware zero day ? ** ** Not I... *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote:** ** At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? *Erik Goldoff* *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: anyone else seeing Hiloti malware zero day ?
But I’d *LIKE* a dull moment ! J Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Sunday, September 11, 2011 12:29 PM To: NT System Admin Issues Subject: Re: anyone else seeing Hiloti malware zero day ? Never a dull moment. :) ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Sun, Sep 11, 2011 at 11:08 AM, Erik Goldoff egold...@gmail.com wrote: Must be my lucky week, we also caught an ‘undetected’ variant of qakbot too Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, September 10, 2011 10:20 PM To: NT System Admin Issues Subject: Re: anyone else seeing Hiloti malware zero day ? Not I... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: anyone else seeing Hiloti malware zero day ?
Aren't you an IC? How would you get paid? On Sun, Sep 11, 2011 at 2:14 PM, Erik Goldoff egold...@gmail.com wrote: But I’d **LIKE** a dull moment ! J ** ** *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Sunday, September 11, 2011 12:29 PM *To:* NT System Admin Issues *Subject:* Re: anyone else seeing Hiloti malware zero day ? ** ** Never a dull moment. :) *ASB* *http://XeeMe.com/AndrewBaker http://xeeme.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* On Sun, Sep 11, 2011 at 11:08 AM, Erik Goldoff egold...@gmail.com wrote: Must be my lucky week, we also caught an ‘undetected’ variant of qakbot too *Erik Goldoff* *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Saturday, September 10, 2011 10:20 PM *To:* NT System Admin Issues *Subject:* Re: anyone else seeing Hiloti malware zero day ? Not I... *ASB* *http://XeeMe.com/AndrewBaker http://xeeme.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market…* ** ** On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote:** ** At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? *Erik Goldoff* *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ** ** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: anyone else seeing Hiloti malware zero day ?
Not I... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff egold...@gmail.com wrote: At a client site Wednesday had a Hiloti outbreak, found by IDS signatures but not AV. Had to submit captured DLL from loadpoint analysis for examination by AV vendors to have signatures updated. Today, only two days later, a new variant of Hiloti is back in the wild. Anyone else seeing this ? ** ** *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin