|
Title: Citadel-BASE Virus Post by: quicktech on Friday 11 October 2013, 07:17:34 am I am receiving notifications that a user on our network is infected with the Citadel-BASE virus
Timestamp: 2013-09-17 00:34:20 GMT Issue: Citadel-B54-BASE command: /pmserver/browse.php srcprt: 4862 controller: hotels2013.org Timestamp: 2013-10-07 00:39:22 GMT Issue: Citadel-BASE command: /pmserver/browse.php srcprt: 1587 controller: hotels2013.org I have our staff behind an Endian firewall, and would like to prevent this from leaving our network. The srcprt does change (as you can see above) so I cannot block a specific port from our network, how can I block the URL so I can prevent this from leaving our network so our ISP wont disable our internet connection and then I can track down the machine internally? Thanks for your time |