Skip to content

Catch Any Malware Including EquationGroup

The Fixvirus video show that explains it:

According to Kaspersky Group  report:

http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf

There is malware that can infect hard drive firmware and then perform other tasks

At page 23 #14 says:

23

 

"14.
What C&C infrastructure do the Equation group implants use?
The Equation group uses a vast C&C infrastructure that includes more than
300 domains and more than 100 servers. The servers are hosted in multiple countries, including the US, UK, Italy, Germany, Netherlands, Panama, Costa Rica, Malaysia, Colombia and Czech Republic.
All C&C domains appear to have been registered through the same two major
registrars, using “Domains By Proxy” to mask the registrant’s information.
Kaspersky Lab is currently sinkholing a couple dozen of the 300 C&C servers."
C&C means command & control.
The infected hard drive means nothing without being able to "phone home".  So since it has to contact its C&C server we can detect that. Once we detect it we can stop the transmission - Use an IPS system firewall (a Next Gen FireWall) properly configured can protect against the malware.
Contact Us to help you with setting up your IPS or purchasing an IPS system that works for you.

Leave a Reply