CheckPoint 7-20-2012 Daily Anti-Bot & Anti-Virus Report

7/31/2019 CheckPoint 7-20-2012 Daily Anti-Bot & Anti-Virus Report

1/10

Malware ReportJuly 20, 2012 12:00 AM - July 20, 2012 10:40 AM

Generated by Check Point SmartEvent, on July 20, 2012 10:40 AM 1

1/10

Protected Hosts

3 HostsInvolved in Malicious Activity

1Detected Malware

Infected HostsBy Infection Duration

Less than a Day 3 Hosts

Top MalwareBy Number of Hosts

Operator.JitteryPictur... 3 Hosts

Incidents between Jul 20 to Jul 20

Total Critical & High severity incidents

Fri 05:30 Fri 07:30 Fri 09:300

1

2

3

5Malicious Incidents

Prevent Detect (Policy can be modified to prevent more or all incident types)

5Prevented

0Detected

0BTotal Sent

0BTotal Received

5

Communication w ith C&C

5


2/10

1/10


Table of Contents 2

2/10

Top Hosts Involved in Malicious Activity 3

Top Malware 4

Top Activities and their Top Hosts 5

Top Protection Types and their Top Malware 6

Malware Activity 7

Infected Hosts by Infection Duration 8

Top Destination Countries 9

Malware News 10


3/10


Top Hosts Involved in Malicious Activity 3

Policy can be modified to prevent more or all incident types

3/10

By Number of Incidents

0 1 2 3

172.25.104.64

172.25.104.230

172.25.104.188

Machine NameNum. ofIncidents Prevented Detected

SentTraffic

ReceivedTraffic

172.25.104.188 2 2 0 0B 0B

172.25.104.230 2 2 0 0B 0B

172.25.104.64 1 1 0 0B 0B

Total (3) 5 5 0 0B 0B

By Sent Traffic (Bytes)

172.25.104.230

172.25.104.188

172.25.104.64

Machine NameSentTraffic

ReceivedTraffic

Num. ofIncidents Prevented Detected

172.25.104.64 0B 0B 1 1 0

172.25.104.188 0B 0B 2 2 0

172.25.104.230 0B 0B 2 2 0

Total (3) 0B 0B 5 5 0


4/10


Top Malware 4

4/10

By Number of Incidents

0 1 2 3 4 5 6

Operator.JitteryPicture.d...

Malware Name Num. of Incidents Num. of Hosts Comment

Operator.JitteryPicture.d 5 3 Post Infection

By Sent Traffic (Bytes)

Operator.JitteryPicture.d...

Malware NameSentTraffic

Num. ofIncidents

Num. ofHosts Comment

Operator.JitteryPicture.d 0B 5 3PostInfection


5/10


Top Activities and their Top Hosts 5


5/10

Communication with C&C (100%)

Malware Act ivity Machine NameNum. ofIncidents

SentTraffic Prevented Detected

Communication with

C&C

172.25.104.188 2 0B 2 0

172.25.104.230 2 0B 2 0

172.25.104.64 1 0B 1 0

Total (3) 5 0B 5 0


6/10


Top Protection Types and their Top Malware 6


6/10

URL Reputation (100%)

ProtectionType Malware Name

Num. ofIncidents

Num.ofHosts

SentTraf fic Preven ted Det ect ed

URLReputation

Operator.JitteryPicture.d 5 3 0B 5 0


7/10


Malware Activity 7

7/10

Fri 05:30 Fri 07:30 Fri 09:30

0

1

1

2

3

0

1

1

2

3

Num. of Incidents

Num. of Hosts

Fri 05:30 Fri 07:30 Fri 09:30

0B

0B

0B

0B

Sent Traffic

Received Traffic

Act ivity Dat eNum. ofIncidents

Num. ofHosts

SentTraffic

ReceivedTraffic

Jul 20 201205:30

1 1 0B 0B

Jul 20 201206:30

2 2 0B 0B

Jul 20 201209:30

2 2 0B 0B


8/10


Infected Hosts by Infection Duration 8

8/10

Machine Name Infected Since Num. of Incidents Sent Traffic Prevented Detected

172.25.104.64 Jul 20 2012 05:43 1 0B 1 0

172.25.104.230 Jul 20 2012 06:46 2 0B 2 0

172.25.104.188 Jul 20 2012 06:47 2 0B 2 0

Total (3) 5 0B 5 0


9/10


Top Destination Countries 9

9/10

DestinationCountry

Num. ofIncidents

Num.ofHosts

SentTraffic

ReceivedTraffic

Germany 5 3 0B 0B


10/10


Malware News 10

An inte rnet conne ctiv ity is ne eded for this page to be dyna mically updat ed 10/10

Latest Attacks

Anonymous shreds intelligence firm Stratfor

December 25, 2011 - Claimed that 200GB data stolen, with parts of it postedonline including the companys extensive client list. Read more

Anonymous Brazil attacks major Brazilian banks

February 7, 2012 - 10 different banks websites where hit with a denial ofservice attack, including Banco do Brazil, HSBC and the Brazilian Central

Bank. Read more

AntiSec leaks Symantec pcAnywhere source code after $50k

extortion not paid

February 7, 2012 - Hackers as sociated with Anonymous published online1.27 GB of Symantec source code. Read more

Did You Know?

Nearly 90% of spam activity is the result of bots

Altought it may appear to be harmless, in most cases computers sending out spam are infected with bots whichcan later be used for other malicious purposes (e.g. data theft).

The TDL-4 indestructible botnet infected over 4.5 million computers in the first 3 months of

2011.

The bot Leverages publicly available Peer-to-peer network to communicate with its remote operators as well asaffiliate programs as a key means of distribution. Its damages include data theft (such as bank account details and

pass words), anonymous Internet access and mass ive click fraud. Read more

Security breaches numbers, costs and APTs:

- 6 out of 10 enterprises experienced multiple security breaches in the past 12 months- 4 out of 10 enterprises responded that overall breaches cos t to the organization > $500k- 60% of IT security professional consider APT data breach as a key concernRead more: Ponemon Perception About Network Security Survey (June 2011), Bit9 endpoint security surveyQ3/2011

Product Related News

- 3D Security Analysis Report Tool - now supporting the new Anti-Bot and Anti-Virus software blades. Read more

Documents

CheckPoint 7-20-2012 Daily Anti-Bot & Anti-Virus Report