Comments for Network Forensics Blog

Comment on Visualize and Content Enhancements by New NetWitness Visualize : Welcome To The Future! | Dragos Lungu Dot Com

New NetWitness Visualize : Welcome To The Future! | Dragos Lungu Dot Com — Tue, 20 Jul 2010 16:25:20 +0000

[...] I have already written about how awesome NetWitness is so I won't repeat what i said in this NetWitness review ; instead I would like to present you the most advanced network traffic visualization system I've ever seen, the NetWitness Visualize. [...]

Comment on Kneber Update by Zeus Botnet: Interesting and In-depth Articles « Mister Reiner

Zeus Botnet: Interesting and In-depth Articles « Mister Reiner — Sat, 05 Jun 2010 10:38:42 +0000

[...] NetWitness Blog: Kneber Update (Web page – An attempt to set the record straight) [...]

Comment on They are watching you…and your security vendors. by Content Delivery Networks for Security « cdnXite Blog

Content Delivery Networks for Security « cdnXite Blog — Wed, 02 Jun 2010 13:34:40 +0000

[...] harmful websites use content delivery networks for this reason so that the address of the server that malicious websites are hosted on remains [...]

Comment on They are watching you…and your security vendors. by BelchSpeak » Post Topic » Anti-Antivirus- Concentrated Binary Evil!

BelchSpeak » Post Topic » Anti-Antivirus- Concentrated Binary Evil! — Tue, 01 Jun 2010 21:26:58 +0000

[...] Networkforensics.com here: Scan4u.biz is essentially a “criminal virustotal plus”. That is, it is a service where a [...]

Comment on They are watching you…and your security vendors. by Network Forensics Blog » Blog Archive » They are watching you…and … « Tips On Security

Mon, 31 May 2010 05:39:13 +0000

[...] reading here: Network Forensics Blog » Blog Archive » They are watching you…and … Comments [...]

Comment on Move over China, here comes Russia by Se vende o alquila Kneber (alquiler de habitaciones por 50 céntimos)* » blog.trendmicro.es

Thu, 25 Feb 2010 17:20:31 +0000

[...] se ha mostrado aterrada por la magnitud de una “nueva” red zombi llamada Kneber. Según un informe de NetWitness, una red zombi en concreto que utiliza el crimeware ZeuS ha logrado infiltrarse en miles de [...]

Comment on Move over China, here comes Russia by Kommentar von Trend Micro zum Kneber-Hype » markus-arlt.de

Kommentar von Trend Micro zum Kneber-Hype » markus-arlt.de — Tue, 23 Feb 2010 19:47:37 +0000

[...] entsetzt über die Ausmaße eines “neuen” Botnetzes namens Kneber. Einem Bericht von NetWitness zufolge hat ein bestimmtes Botnet, das ZeuS-Crimeware nutzt, Tausende Unternehmen und Zehntausende [...]

Comment on Kneber Update by tim

tim — Tue, 23 Feb 2010 10:35:32 +0000

Where possible, and within reason, we have notified responsible network owners of the IP addresses that are infected. In many articles, it mentioned we are working to notify parties. We continue to work with others including service providers, banks, and social networking sites.

Comment on Kneber Update by tim

tim — Tue, 23 Feb 2010 10:33:56 +0000

In order:

The McAfee Rootkit Detector, when we tested it the other day, did not detect this “variant.” We say variant, because these adversaries can take the executable and repackage it with various tools that make it undetectable to many signature based solutions. Since the posting of this, we have various additional repackaged versions that remain undetected.

All AV vendors have similar challenges detecting these repackaged versions. If your signatures are up to date, you will likely detect the original variant. However, there are more that have been released that are difficult to detect. AV plays an important role here – but cannot be relied upon exclusively.

The IE vulnerability can be used to deliver malware. This particular group has access to a very large spamming bot, and is using custom crafted emails that can be very convincing.

See last response on patching. If they successfully convince you to open an trojan document, or use a zero day, or to voluntarily install, you will be infected. Patching, like AV, is part of the solution and makes you more resistant, but does not make anyone immune.

Comment on Kneber Update by EJ

EJ — Mon, 22 Feb 2010 17:07:50 +0000

One item of interest to me in this but I haven’t seen commented on is whether the victims that were detected in this 74K node botnet have been notified of their participation?