Malware Update

Malware Update

Signs of a Malware Update

  • An internal host is downloading and installing software from the Internet
  • The downloads are over HTTP, appear to be machine- driven, and follow a suspicious pattern of checking for availability of files before downloading them
  • The threat score is driven by the number of executable files being downloaded
  • The certainty score is driven by the pattern of machine- generated HTTP requests

Purpose of a Malware Update

  • The initial exploit on this host may be loading malware to continue the attack
  • Malware installed on the host may be updating itself to enhance its functionality
  • Malware installed on the host may be updating itself to a new version of its software

Business Impact of a Malware Update

  • An infected host can attack other organizations (e.g. spam, DoS, ad clicks) thus causing harm to your organization’s reputation, potentially causing your IP addresses to be black listed and impacting the performance of business-critical applications
  • If this is a targeted attack, it can spread further into your network and ultimately exfiltrate data from it
  • The malware which infected the host can create nuisances and affect user productivity

How to Investigate a Malware Update

  1. Look up the domain and IP address to which the communication is being sent via reputation services to see if this is known malware; such lookups are supported directly within the UI
  2. Search for the domain + “virus” via a search engine; this is effective for finding references to known adware or spyware
  3. Download the supplied PCAP and look at the HTTP payload being sent to see if any data is being leaked in clear text or whether the identity of the program is visible

White Paper

Understanding Vectra AI

Vectra AI is a leading AI-driven threat detection and response platform. It uses machine learning to analyze network traffic and other data to identify and prioritize real threats.

This document provides a comprehensive guide to Vectra detections, including:

  • What Vectra detections are and how they work
  • Specific detections that Vectra can identify
  • How to interpret and respond to Vectra detections