Blocking Neutrino EK and Ponmocup Droppers

ThreatSTOP and DNS Firewall Blocking Two New Malware Types

ThreatSTOP has started blocking two new varieties of malware for our subscribers and those of our OEM partner Infoblox.

The first malware type is the Neutrino Exploit Kit, for which we are blocking the servers that drop the kit onto vulnerable computers. The Kit is sold on underground forums to criminals who use it to gain access to a computer and then download other malware onto it. This is an extremely dangerous malware kit and it is updated regularly to contain the latest exploits, primarily in Java.

The second is the Ponmocup Adware Botnet also known as Trojan.Milicenso. Ponmocup is currently considered less harmful as it seems to be used mainly for adware and clickfraud but there is no reason to assume that this will remain the case.

To learn more read this article

About ThreatSTOP 
 

ThreatSTOP is a real-time IP and Domain Reputation Service that automatically delivers a block list against criminal malware (botnets, Trojans, worms etc.) directly to a user’s firewalls and nameservers, so they can enforce it. It is a cloud-based service that protects the user’s network against the most serious information security problem today—malware designed to steal valuable data perpetrated by organized criminals. ThreatSTOP enables existing hardware and network infrastructure to enforce user defined malware blocking policy without requiring the expense, complexity and time of a forklift upgrade of new equipment. It can be deployed within the hour with simple rule-settings or a script on the user’s firewall, or by enabling DNS Firewall (RPZ) on their Infoblox Grid. Founded in 2009, ThreatSTOP is headquartered in San Diego, CA. For more information, visit http://www.threatstop.com.

Share this: