Re: anyone else seeing Hiloti malware zero day ?

t; *From:* Erik Goldoff [mailto:egold...@gmail.com] > *Sent:* Tuesday, September 13, 2011 5:58 AM > *To:* NT System Admin Issues > *Subject:* RE: anyone else seeing Hiloti malware zero day ? > > ** ** > > Last I saw qakbot was about 2 years ago, this was a new varian

RE: anyone else seeing Hiloti malware zero day ?

l.com] Sent: Tuesday, September 13, 2011 5:58 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Last I saw qakbot was about 2 years ago, this was a new variant ... wonder if maybe there's a new malware construction toolkit out ... Erik G

RE: anyone else seeing Hiloti malware zero day ?

rd [mailto:ezi...@lifespan.org] Sent: Monday, September 12, 2011 9:40 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Qakbot I have seen off and on, and its variants ( maybe they tweaking it for other infections) Z Edward E. Ziots CISSP, Netwo

RE: anyone else seeing Hiloti malware zero day ?

] Sent: Sunday, September 11, 2011 11:08 AM To: NT System Admin Issues Subject: RE: anyone else seeing Hiloti malware zero day ? Must be my lucky week, we also caught an 'undetected' variant of qakbot too Erik Goldoff IT Consultant Systems, Networks, & Security ' Sec

Re: anyone else seeing Hiloti malware zero day ?

Trend catches nothing of note at all here. I'm seriously considering recommending it is replaced. Whitelisting catches 5 or 6 nasties a week, all of which slip under the Trend radar. Having said that, on VirusTotal the nasties that we've found are very typically low detection by the "big" AV vendo

Re: anyone else seeing Hiloti malware zero day ?

We have caught one, also found by IPS (Palo Alto) but not AV (Trend) On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff wrote: > At a client site Wednesday had a Hiloti outbreak, found by IDS signatures > but not AV. Had to submit captured DLL from loadpoint analysis for > examination by AV vendors

Re: anyone else seeing Hiloti malware zero day ?

Security is an ongoing process, not a one time event ! ' > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* Sunday, September 11, 2011 12:29 PM > > *To:* NT System Admin Issues > *Subject:* Re: anyone else seeing Hiloti malware zero day ? > >

RE: anyone else seeing Hiloti malware zero day ?

es Subject: Re: anyone else seeing Hiloti malware zero day ? Never a dull moment. :) ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Sun, Sep 11, 2011 at 11:08 AM, Erik Goldoff wrote: Must be my lucky week, we also caught an ‘undetected’ var

Re: anyone else seeing Hiloti malware zero day ?

0 PM > *To:* NT System Admin Issues > *Subject:* Re: anyone else seeing Hiloti malware zero day ? > > ** ** > > Not I... > > > *ASB* > > *http://XeeMe.com/AndrewBaker* > > *Harnessing the Advantages of Technology for the SMB market…*

RE: anyone else seeing Hiloti malware zero day ?

2011 10:20 PM To: NT System Admin Issues Subject: Re: anyone else seeing Hiloti malware zero day ? Not I... ASB http://XeeMe.com/AndrewBaker Harnessing the Advantages of Technology for the SMB market… On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff wrote: At a client site Wednesda

Re: anyone else seeing Hiloti malware zero day ?

Not I... * * *ASB* *http://XeeMe.com/AndrewBaker* *Harnessing the Advantages of Technology for the SMB market… * On Fri, Sep 9, 2011 at 7:47 PM, Erik Goldoff wrote: > At a client site Wednesday had a Hiloti outbreak, found by IDS signatures > but not AV. Had to submit captured DLL from lo