Jump to content

Botnet protection and ZeusTracker

Go to solution Solved by BobArch2,

Recommended Posts

I am running SS v8.0.304.0 and have Botnet Protection turned on. I was just provided with a list of 222 IP addresses associated with ZeusTracker malware. 


I know that I can add single or range of IP addresses to the blacklist but adding 222 addresses would seem to be an onerous task. Before undertaking the mass input, can I determine if ESET's Botnet protection makes this an unneeded task?


Here is the current listing of the Zeus specific IPs.




Thanks for your assistance...

Link to comment
Share on other sites

ZeusTracker should be detected by ESET. Maybe under the name Win32/Zeus.
Also the Botnet protection (and web protection) should detect suspect network traffic and block them.
However your problem inspired me to create a tool, with which you can covert such IP lists into firewall rules for ESS. These are saved in a settings file, which you can import into ESS.
You can do it yourself or use my generated XML. I've just generated this XML with the newest blocklist.
But as this blocklist is often updated, I recommend you (and later visitors) to create their own firewall rule, based on the newest IP list.
The rule is set to log and notify the user if a connection to these servers is made.
After importing the rule, it should look like this:
Alternatively it may also work to import this IP list into the blocking list of the web protection of ESS or NOD32. But as a Firewall rule this is of course a much nicer way. :)
Download block list (last updated: 2015-02-23)
alternative download link


The most recent version of this file you can find on GitHub.

Edited by rugk
Link to comment
Share on other sites

Hi Rugk,

Many thanks for your efforts! I will certainly give the application you developed serious thought and will try it in my environment.

Again, many thanks,



Link to comment
Share on other sites

Hi rugk,


Tried to view your attached file in the post above and was presented with this error message:


Sorry, you don't have permission for that!



You do not have permission to view this attachment.


Any hints?

Link to comment
Share on other sites

Oh, this is maybe because you're a too new forum member (too few posts) which seems to result in restricted permissions.

I recreated the XML with the newest version of the IP list and edited my post above by adding two links where you can download the file.

Edited by rugk
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...