This morning I get this warning ,,see attach file" fram Advanced Threat Protection, I was download Sophos Virus Removal tool and start it on affacted computers, but I found nothing it could be false possitive alert ?
I also scan the web site ,,csc3-2009-2-crl.verisign.com" in virus total and this site pass.
What is suggestion add this site to Threat Exception.
here is the log
05:59:14 DNS C2/Generic-A
192.168.101.229
→
csc3-2009-2-crl.verisign.com
drop
06:04:07 DNS C2/Generic-A
192.168.101.229
→
csc3-2009-2-crl.verisign.com
drop
Thank you for advice.
PS:
on desktop clients we have installed Eset End Point AV - this AV detect nothing too.
UTM version is 9.206-35
Pattern version is 67802
And I also get new threat C2/Vundo-A and this come to our Public IP see attach it comes from IPS so I set rule drop for this in IPS.
Log:
2014:10:03-09:14:55 mail-1 snort[28166]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="MALWARE-CNC Win.Trojan.Vundo redirection landing page pre-infection" group="500" srcip="80.95.X.X" dstip="208.73.211.239" proto="6" srcport="34172" dstport="80" sid="24491" class="A Network Trojan was Detected" priority="1" generator="1" msgid="0"
This thread was automatically locked due to age.
