Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 15 November 2024, 06:02:21 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14255 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Citadel-BASE Virus
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Citadel-BASE Virus  (Read 6700 times)
quicktech
Jr. Member
*
Offline Offline

Posts: 1


« on: Friday 11 October 2013, 07:17:34 am »

I am receiving notifications that a user on our network is infected with the Citadel-BASE virus

Timestamp: 2013-09-17 00:34:20 GMT
Issue: Citadel-B54-BASE
command: /pmserver/browse.php
srcprt: 4862
controller: hotels2013.org

Timestamp: 2013-10-07 00:39:22 GMT
Issue: Citadel-BASE
command: /pmserver/browse.php
srcprt: 1587
controller: hotels2013.org

I have our staff behind an Endian firewall, and would like to prevent this from leaving our network.
The srcprt does change (as you can see above) so I cannot block a specific port from our network, how can I block the URL so I can prevent this from leaving our network so our ISP wont disable our internet connection and then I can track down the machine internally?

Thanks for your time
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com