This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

attacking site and PAN

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

attacking site and PAN

_slv_
L4 Transporter

‎04-16-2014 12:48 AM

Hello

Few days ago I discovered site with some information about VMware Update Manager. I had a problem with it and I was searching for solution.

This site is www.bourgelat.net/cannot-patch-definitions-vmware-19988

I have PA with all licences but PAN software doesnt detect any bad traffic Smiley Sad

I asked PAN to change categorization to malware site, but today I got email : New category: computer-and-internet-info

This site still trying to hurt Your computer, and PAN doesnt responds to it - is it OK?

I have security policy with thread prevention/av - but it doesnt stops it, hopefully my Symnatec Endpoint protection detecting it and blocking.

You can try to open www.bourgelat.net - this isn't https so in my opinion PAN should react in some way to this traffic.

Do You agree with me?

How it's possible when IE 10 with default configuration recomends to not enter to this site while PAN recategorization is computer-and-internet-info ?

Regards

Slawek

Labels:
0 Likes Likes
13 REPLIES 13

_slv_
L4 Transporter

‎04-16-2014 05:37 AM

small update, www.bourgelat.net is classified as malware site by BightCloud Service, and it's blocked if You are blocking access by url filter (block malware sites) but if you are using PA url database you are under risk!

0 Likes Likes

dyang
L5 Sessionator

‎04-16-2014 11:22 AM

Hi slv,

Can you provide more details about why you feel this site is malicious? 

--Doris

0 Likes Likes

_slv_
L4 Transporter
In response to dyang

‎04-17-2014 12:19 PM

My symantec endpoint pretection is detecting that this site try to attact my computer using "red export kit redirect" now.

0 Likes Likes

gafrol
L4 Transporter
In response to _slv_

‎04-17-2014 12:45 PM

Are you referring to this threat Web Attack: Red Exploit Kit Redirect: Attack Signature - Symantec Corp. ?

If yes then --> CVE-2009-4324

CVE-2009-4324 is covered with nine Threat ID's

Capture.JPG.jpg

Are these nine Threat ID's all covered in your Vuln. Protection Profile ?

BTW, www.bourgelat.net/cannot-patch-definitions-vmware-19988 does not seem to be accessible at all

Capture.JPG.jpg

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks