Re: Identifying Malware in Outbound Traffic

[Barry Greene <bgreene () senki org>]

Hi Team,

Step 1 - Go to http://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork . Sign up to get daily 
reports on your network. This will give you a view from the operational security community's monitoring of the 
"criminal cloud."

Step 2 - Install Bothunter - http://www.bothunter.net/ . This is a free tool with a "community action network" that 
works together find malware communicating into and out of your network. 

Barry



On Sep 15, 2011, at 12:44 PM, Henri Salo wrote:

> On Thu, Sep 15, 2011 at 07:08:28PM +0000, hellkyng () gmail com wrote:
> > This is an idea we've been playing around with a lot lately. I was hoping the experts here could give us some 
> > pointers to improve or modify our process.
> >
> > We are looking at ways to find existing infections that have evaded anti-virus successfully within our network. 
> > We've started doing this by monitoring web traffic for anomalies that we think indicate an infection. For example 
> > searching for traffic to sites listed in the Malware Domain list. At a basic level this is finding some interesting 
> > results.
> >
> > But I am curious are other people attempting similar things, if so how are they going about doing so? Any thoughts 
> > or recommendations would be appreciated.
> >
> > Thanks,
> > Helly
>
> - http://en.wikipedia.org/wiki/Intrusion_prevention_system
> - http://en.wikipedia.org/wiki/Intrusion-detection_system
> - http://en.wikipedia.org/wiki/Host_based_intrusion_detection_system
> - www-proxies
> - Anomaly detection using "smart" firewalls, which can detect traffic in strange times, hosts etc.
> - Forced firewall policy
> - http://en.wikipedia.org/wiki/Principle_of_least_privilege
>
> Best regards,
> Henri Salo
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------