posted by: Alfred on October 22, 2009 10:15 AM
filed in: Uncategorized
tagged: application control, mariposa, threats
Control Applications, Control Threats.
Over the past month, we’ve been pulled in by customers to analyze various “weird” behavior on the network. One of these instances happened a few weeks ago. A large Fortune 200 customer was reviewing application usage on the network using the Palo Alto Networks devices and discovered that there were a few devices in globally disparate locations sending 7 byte UDP packets consistently to a few IP addresses. When we analyzed the traffic and IP addresses it was clear that they were clients infected with a bot. We quickly found a sample, analyzed it and released a signature to detect the command and control communication. …Continue reading
