Hi,Marie SWE wrote: ⤴Mon May 16, 2022 1:04 pm [...]
I do follow MikeNovember post but with a few additions. one, as I do what to be able to detect suspicious activity's on all of my computers, not only in the network traffic. two and I also have outbound firewall rules on every computer as spyware sends data out in the background and its often by it's own processes/programs. also remote access is often create through a tunnel from the inside and out, to bypass firewalls as they often is default set to allow all outbound traffic.
[...]
Unfortunately, outbound rules are essentially useless:
- you have seen in the quoted analysis that, once installed, the malware BPFdoor is able to make "low level" outbound connections, bypassing firewalls.
- moreover, malware programs, for long, have used a trick: they "attach" themselves in memory to legit applications, such as browsers, to make authorized outbound connections.
Regards,
MN