Johannes B. Ullrich from SANS wrote about a user that made an interesting find in their network (you can read Johannes note here). In short, the user wrote an IDS signature to look for the NICK and USER commands that signify the start of an IRC session, and lo and behold found IRC traffic on [...]

In this blog, I talk about how our next-generation firewalls protect against botnets such as Torpig. There are 3 parts to a botnet attack: 1. User visits a website which starts a chain reaction for torpig-infection There are 2 ways in which this can happen: