Comments on: Finding Zeus Bot (Zbot) with Sophos UTM https://networkguy.de/finding-zeus-bot-zbot-with-sophos-utm/ Share your knowledge! Mon, 17 Feb 2014 14:42:45 +0000 hourly 1 https://wordpress.org/?v=6.9.1 By: Michel https://networkguy.de/finding-zeus-bot-zbot-with-sophos-utm/#comment-157 Mon, 17 Feb 2014 14:42:45 +0000 http://networkguy.de/?p=606#comment-157 In reply to Guido Meijers.

Traffic with virus-infection is detected by Sophos UTM already, but we are speaking about malware, that communicate as a normal PC (for example a normal http connect to a server). Sophos UTM will be able to see this with hashes coming from the central Sophos cloud to recognize such traffic.

]]> By: Guido Meijers https://networkguy.de/finding-zeus-bot-zbot-with-sophos-utm/#comment-156 Mon, 17 Feb 2014 14:14:07 +0000 http://networkguy.de/?p=606#comment-156 Yes, i wonder why only now… Fortinet seems to do this for a while already (4 Years) :)
Not sure yet what to choose…

]]> By: Michel https://networkguy.de/finding-zeus-bot-zbot-with-sophos-utm/#comment-155 Mon, 17 Feb 2014 13:20:38 +0000 http://networkguy.de/?p=606#comment-155 In reply to Guido.

Hi Guido,

i think this packets will be blocked with the Advanced Threat Protection (ATP) in Version 9.2 coming March/April this year.

]]> By: Michel https://networkguy.de/finding-zeus-bot-zbot-with-sophos-utm/#comment-133 Thu, 30 Jan 2014 13:19:03 +0000 http://networkguy.de/?p=606#comment-133 In reply to Guido.

Hi Guido,

no it can’t be recognize because it was a normal http request so there was no malware code within the tcp stream.

]]> By: Guido https://networkguy.de/finding-zeus-bot-zbot-with-sophos-utm/#comment-132 Wed, 29 Jan 2014 13:44:55 +0000 http://networkguy.de/?p=606#comment-132 Hi, We are currently looking for a UTm and Sophos is on the shortlist. But why doesn’t the UTM detect this and block the outgoing packets? This would the perfect Use Case for a UTm vs classic Firewall or not?

]]>