Malware Infection

The Network: US East Coast government contractor, hundreds of servers, hundreds of workstations, multiple locations

The Expectation: Up to date leading AntiVirus and patching, IDS and regular vulnerability scans provide protection

The Catch: EventTracker v8 sensor detects the creation of a new service on a workstation. Minutes later, it connects to a site hosted on Amazon EC2.

The Find: Malware infection detected after deep scan with a separate anti malware product.

The Fix: Quarantine the workstation and re-image the hard drive from the golden master.

The Lesson: Up to date AV and patching is necessary but not sufficient in today’s threat landscape.