9 Replies Latest reply on Apr 11, 2016 2:33 PM by charleslatty

    Botnet in network

    charleslatty

      Hi

       

      Can anyone help me with this issue.

       

      I have got a customer that has got a BOTNET on his network goinig by the name of "CUTWAIL" and is balcklisted by CBL which he is finding hard to get rid off, can you please tell me what the best solution is to go about this?????

      I have deployed Stinger from epo but i have no idea on how to start it running, can you please help?

       

      Thanks inadvance

       

      Spookrider2001

        • 1. Re: Botnet in network
          Peter M

          Moved to Corporate User Assistance as a better spot for attention.

          • 2. Re: Botnet in network
            Peter M

            Meanwhile here's the How To for Stinger and note in the FAQ's it says to run Command Line see the Help menu in Stinger itself.

            How to Use Stinger | Intel Security Free Tools

             

            Sorry I can't help further as I'm only a Moderator on the Consumer side.

            • 3. Re: Botnet in network
              charleslatty

              No Problem,

               

              Thank you very much for moving it for me, hopefully someone gets back to me.

               

              Many thanks

               

              Spookrider2001

              • 4. Re: Botnet in network
                Peter M

                No problem but I'm wondering, although it wouldn't really be the right spot for this kind of enquiry, if ePO wouldn't be a better spot for some answers, if you think so, I can move it again.

                • 5. Re: Botnet in network
                  rasul_f

                  Hi Charley

                   

                  You can deploy the stinger epo version and create the stinger scanning task through epo for specific clients or group of clients.  You have to verify that stinger can detect and clean botnet.  Stinger can detect and clean specific virus infection.

                   

                  Thanks

                  Rasool

                  • 6. Re: Botnet in network
                    charleslatty

                    Hi

                     

                    Thank you for getting back to me.

                     

                    Can you send me or direct me how to do a automated task to run stinger within my network using epo please?

                     

                    Many thanks

                     

                    Spookrider2001

                    • 7. Re: Botnet in network
                      rasul_f

                      Hi Charle

                       

                      You can download the stinger from be low link. Stinger comes in two types stand alone and epo manager stinger.  You need to download epo managed stinger and check in the package in epo Master Reposiotry.

                      1. Create the epo deployment Task

                      2. Once EPO is deployed you can create another task to run the stinger scan.

                       

                      Stinger | McAfee Free Tools

                      • 8. Re: Botnet in network
                        dmeier

                        Stinger is a fair approach for a few systems, but for an entire network (more or less), you'll really need to get each and every end point covered with proper AV.  From there, you would schedule On-Demand scans across the board.  And, then, you need to use Access Protection rules to determine where the reinfections are coming from (and possibly block), and collect the missed samples and submit them to us.

                         

                        There are a lot of moving parts to the above sentences, and I'm not sure we can get you where you need to be, over a forum.  But, we can try, assuming you don't have a support contract. (if you have ePO, I figure you have support)

                         

                        Let us know how you get on

                         

                        - David

                        • 9. Re: Botnet in network
                          charleslatty

                          Hi All,

                           

                          I have just returned from my visit to the company that had an issue with the Cutwail virus that is randomly appearing on their system and i did the following implementation;

                          1- deployed VSE patch 7 to machines that did not have a AV installed or systems that were not on the latestest patch

                          2-Created a ODS full scan and memory scan to run immediately

                          3- Created a task to launch getsusp when an intrusion is found so that the evidence will be sent to mcafee for analysis

                          4- Customer memtioned that he has got systems that are been plugged into the network witout any VSE installed so i have deployed 2 rogue sensors within his environment.

                           

                          After all this, Cutwail is still appearing on the customers network; i have attached a screen shot of what the message says from one of there providers from previous detections

                          CBL.png

                          Thanks inadvance

                           

                          Spookrider2001