Twitter | Search | |
David Redekop May 12
Replying to @GossiTheDog
If Sophos is blocking the killswitch domain, it's unintentionally allowing to continue?
Reply Retweet Like
Jeroen Bobbeldijk May 12
Replying to @DRtheNerd @GossiTheDog
Well... It's still getting some response for the domain, just not the sinkhole response. The killswitch should still work.
Reply Retweet Like
2sec4u May 13
Replying to @GossiTheDog
That's fine, as long as it returns a page :)
Reply Retweet Like
Flemming Riis May 13
Replying to @GossiTheDog
Airgapped need to add this to internal DNS zones with a http responding correct ?
Reply Retweet Like
Doc Chis May 13
Replying to @2sec4u @GossiTheDog
That's almost funny! Block the sinkhole. Sigh.
Reply Retweet Like
Kevin Beaumont May 13
Replying to @2sec4u
It doesn't sadly it appears. Screenshot is Web Intelligence which does browsing, Malicious Threat Detection blocks non-browser traffic ☃️
Reply Retweet Like
Kevin Beaumont May 13
Replying to @2sec4u
That said they added definitions at 6pm yesterday for that exe.
Reply Retweet Like
2sec4u May 13
Replying to @GossiTheDog
Oh fuck
Reply Retweet Like
2sec4u May 13
Replying to @GossiTheDog
Test the sample and confirm - I'll reach out to people if it still runs
Reply Retweet Like
Kevin Beaumont May 13
Replying to @jerbob92 @DRtheNerd
Nae, screenshot is Web Intelligence, Malicious Threat Detection hooks non-browser and blocks. However they have definitions for exe now.
Reply Retweet Like
🌊🐠🐟🙎🏻‍♂️💥☠️ May 13
Replying to @GossiTheDog @2sec4u
Sophos: Look we're helping!
Reply Retweet Like
Kevin Beaumont May 13
Replying to @2sec4u
It shouldn't work. Sophos detects the exe now. I guess I could crypt it, but I don't want to start a new worm exe 💩
Reply Retweet Like
Rob Smith May 13
Replying to @GossiTheDog @2sec4u
Strangely, Sohpos on my mac blocks access to that URL in my browser, but not through telnet on port 80 within terminal?
Reply Retweet Like
Kevin Beaumont May 13
Replying to @iopsGent @2sec4u
Malicious Threat Detection is Windows only.
Reply Retweet Like
Rob Smith May 13
I think has just dropped the block
Reply Retweet Like
Kevin Beaumont May 13
👍
Reply Retweet Like
Richard Bartlett May 13
Ditto, just tested from our network with Sophos Endpoint Protection 10.7 and I can see the page text fine.
Reply Retweet Like
Kevin Beaumont May 13
Yay! Cheers guys.
Reply Retweet Like
Kevin Beaumont May 13
Replying to @GossiTheDog
Update - Sophos have fixed this, thank you. Malicious Web Detection was blocking sinkhole.
Reply Retweet Like