Some months ago, Fortinet published a new list of Botnets Applications supported.
Frequently, more and more infected hosts are including in Botnets Networks. Fortinet has developed a new application's signatures in order to trying to avoid that the infected PCs (called Zombies) contact with the Command & Control Server.
Today, this is the known botnet list by Fortigate:
Agobot.Phatbot, Asprox, BlackEnergy, Bredolab, CMultiLoader, Chapro, Citadel, Cridex, DHL, Danmec.Asprox, Darkness, Dexter, DirtJumper , DistTrack, Duqu, ET, Eleonore.Web.Exploit, FakeSkype, Festi, Flame, Gbot, Gootkit, Gozi, Gumblar, Hiloti, IRC, Illusion, Imrabot, Jeefosance , Katusha, Koobface, LOIC, LOIC.IRC, Lethic , LoL, MacOS.Flashback, MachBot, Mariposa, MoneyBack, Morto, Murofet.CC, Night.Dragon, Pbbot, Phatbot , Pushdo, Qakbot, Ramnit, SDBot , SSHDkit Botnet, Sasfis, Sisron, Smoke, SpyEye, Storm.Krackin, Storm.Worm, T3C4I3, Tedroo, Torpig.Mebroot, Ursnif, VBCF, VertexNet, Vilsel, Virut, Vundo, Waledac, Webwail.Audio.Captcha, Yahoo.Messenger.Worm, Zeroaccess, Zeus
How can we avoid that with Fortigate Firewalls?
First of all, you need to create an Application Sensor in UTM Profiles. We named the Sensor "Botnet":
You can select other applications, in this case, only we've selected Category Botnet and anction Block.
Then, It's must apply this sensor in the general rule. For example:
Now, you are denying callbacks sessions to a C&C Servers.
If one of your computers are infected, you could see the firewalls logs.
Comparing Fortigate logs and Snort IDS logs, I can tell you that Fortigate only detect the 10% of Zombies in our networks than Snort IDS can do. Every day, the number of infected PCs detected by Fortigate Firewalls is higher, but at the moment, it's lower than everybody wants...
You can trace the evolution of Botnets detections by Fortigate by clicking here: http://www.fortiguard.com/botnet/
Subscribe to:
Post Comments (Atom)
About Me
Popular Posts
-
Some months ago, I participated in something like a "Hacker Competition" to get a job in a CERT. One of the tests consisted of g...
-
When we are involved in an incident handling and we are in charge of analyzing a traffic capture in a pcap format related to an attack, one...
-
In this post I'm going to talk about Volatility. Volatility is one of the best tools for memory forensics. It is an open source frame...
-
Introduction Wordpress is the CMS most used Worldwide. According to w3techs.com WordPress is used by 61.1% of all the websites whose con...
-
Assuming that time enough has happened since the security update was released by phpMyAdmin, we want to share our researches. As you alre...
Behind The Firewalls. Powered by Blogger.
0 comments:
Post a Comment