Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2358
Views
0
Helpful
1
Replies

Blackhole DNS URLs

presscotn
Level 1
Level 1

‎04-09-2011 05:13 AM

We regularly get BlackHole DNS URL's in our Malware Threat Report (Adware>Blackhole DNS URLs)

The report states that transactions are all blocked.

When we go to examine/scan the user/computer that is referenced and run Malwarebytes scans nothing is detected.

Could you provide some guidance as to

1.) any corrective action that could be taken to eliminate the reported threat.

2.) describe recommended practises when these instances show up in the report

TIA

Thomas

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎04-13-2011 09:35 AM

Its very possible that your users aren't infected at all, it could be a "drive-by attack", which your WSA is protecting you from. If someone surfs to a web site that references one of those sites, the browser will happily go there. Nobody on your network has to be doing anything wrong, but the website may have been compromised.

0 Helpful
Customers Also Viewed These Support Documents