Hi,
I think most of you heard about the new Crypto Trojan "WannaCry". I read that a malware specialist found out, that the Trojan tries to contact an URL and as soon it get's an answer, it stops his spreading (https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-outbreak-temporarily-stopped-by-accidental-hero-/). So he registered the URL iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com.
I tried to call this URL but it's blocked by ATP and identified as C2/Generic-A C&C (https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx). This is not good in case one of your clients is infected by the trojan. The blocking of this URL will prevent the deactivation of the spreading.
Or is there something that I didn't see? Otherwise Sophos should allow this URL in my opinion.
Thank you.
Jas Man
This thread was automatically locked due to age.
