BobArch2 2 Posted February 16, 2015 Share Posted February 16, 2015 I am running SS v8.0.304.0 and have Botnet Protection turned on. I was just provided with a list of 222 IP addresses associated with ZeusTracker malware. I know that I can add single or range of IP addresses to the blacklist but adding 222 addresses would seem to be an onerous task. Before undertaking the mass input, can I determine if ESET's Botnet protection makes this an unneeded task? Here is the current listing of the Zeus specific IPs. https://zeustracker.abuse.ch/blocklist.php?download=ipblocklist Thanks for your assistance... Link to comment Share on other sites More sharing options...
rugk 397 Posted February 19, 2015 Share Posted February 19, 2015 (edited) ZeusTracker should be detected by ESET. Maybe under the name Win32/Zeus.Also the Botnet protection (and web protection) should detect suspect network traffic and block them. However your problem inspired me to create a tool, with which you can covert such IP lists into firewall rules for ESS. These are saved in a settings file, which you can import into ESS.You can do it yourself or use my generated XML. I've just generated this XML with the newest blocklist.But as this blocklist is often updated, I recommend you (and later visitors) to create their own firewall rule, based on the newest IP list.The rule is set to log and notify the user if a connection to these servers is made. After importing the rule, it should look like this: Alternatively it may also work to import this IP list into the blocking list of the web protection of ESS or NOD32. But as a Firewall rule this is of course a much nicer way. Download block list (last updated: 2015-02-23)alternative download link The most recent version of this file you can find on GitHub. Edited June 8, 2015 by rugk Link to comment Share on other sites More sharing options...
BobArch2 2 Posted February 22, 2015 Author Share Posted February 22, 2015 Hi Rugk, Many thanks for your efforts! I will certainly give the application you developed serious thought and will try it in my environment. Again, many thanks, Cheers, Bob Link to comment Share on other sites More sharing options...
BobArch2 2 Posted February 22, 2015 Author Share Posted February 22, 2015 Hi rugk, Tried to view your attached file in the post above and was presented with this error message: Sorry, you don't have permission for that! [#10171] You do not have permission to view this attachment. Any hints? Link to comment Share on other sites More sharing options...
rugk 397 Posted February 23, 2015 Share Posted February 23, 2015 (edited) Oh, this is maybe because you're a too new forum member (too few posts) which seems to result in restricted permissions. I recreated the XML with the newest version of the IP list and edited my post above by adding two links where you can download the file. Edited February 23, 2015 by rugk Link to comment Share on other sites More sharing options...
Solution BobArch2 2 Posted February 23, 2015 Author Solution Share Posted February 23, 2015 Have now been able to download the ZeuS-Tracker XML file from the mega.co.nz site. Still trying to find the EXE tool. Link to comment Share on other sites More sharing options...
Recommended Posts