Jump to content

Botnet protection and ZeusTracker

BobArch2
 Share
Go to solution Solved by BobArch2,

Recommended Posts

BobArch2

BobArch2 2

Posted
Posted

I am running SS v8.0.304.0 and have Botnet Protection turned on. I was just provided with a list of 222 IP addresses associated with ZeusTracker malware. 

 

I know that I can add single or range of IP addresses to the blacklist but adding 222 addresses would seem to be an onerous task. Before undertaking the mass input, can I determine if ESET's Botnet protection makes this an unneeded task?

 

Here is the current listing of the Zeus specific IPs.

 

https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist

 

Thanks for your assistance...

Link to comment
Share on other sites
rugk

rugk 397

Posted
Posted (edited)

ZeusTracker should be detected by ESET. Maybe under the name Win32/Zeus.
Also the Botnet protection (and web protection) should detect suspect network traffic and block them.
 
However your problem inspired me to create a tool, with which you can covert such IP lists into firewall rules for ESS. These are saved in a settings file, which you can import into ESS.
You can do it yourself or use my generated XML. I've just generated this XML with the newest blocklist.
But as this blocklist is often updated, I recommend you (and later visitors) to create their own firewall rule, based on the newest IP list.
The rule is set to log and notify the user if a connection to these servers is made.
 
After importing the rule, it should look like this:
post-3952-0-05511600-1424358932_thumb.png
 
Alternatively it may also work to import this IP list into the blocking list of the web protection of ESS or NOD32. But as a Firewall rule this is of course a much nicer way. :)
 
Download block list (last updated: 2015-02-23)
alternative download link

 

The most recent version of this file you can find on GitHub.

Edited by rugk
Link to comment
Share on other sites
BobArch2

BobArch2 2

Posted
  • Author
Posted

Hi Rugk,

Many thanks for your efforts! I will certainly give the application you developed serious thought and will try it in my environment.

Again, many thanks,

Cheers,

Bob

Link to comment
Share on other sites
BobArch2

BobArch2 2

Posted
  • Author
Posted

Hi rugk,

 

Tried to view your attached file in the post above and was presented with this error message:

 

Sorry, you don't have permission for that!

 

[#10171]

You do not have permission to view this attachment.

 

Any hints?

Link to comment
Share on other sites
rugk

rugk 397

Posted
Posted (edited)

Oh, this is maybe because you're a too new forum member (too few posts) which seems to result in restricted permissions.

I recreated the XML with the newest version of the IP list and edited my post above by adding two links where you can download the file.

Edited by rugk
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...