New Badfellas 2.6.488 to spot malware and botnets

Hey Trisul users, please update your Badfellas plugin to the latest version released today.

(Support for Palevo Tracker and DNS Blackhole)

Major updates in this release.

  1. The popular abuse.ch Malware Database has been discontinued and Palevo Tracker is introduced. Badfellas now holds up your traffic against known Palevo C&C Domains and IPs.
  2. The Malware Domains DNS Blackhole lists was not working with earlier versions of Badfellas due to incorrect parsing of some entries. This is now fixed.
  3. Enhanced catching of malware (see below)

Donate to these lists Please consider donating to the good folks who run the above lists.

Enhanced catching

Trisul 2.6 further enhances detection by parsing DNS records and picking out additional answer AA and CNAME entries for checking with these lists. Even if a compromised system on your network tried to unsuccessfully resolve one of these C&C hosts, Trisul Badfellas will flag that.

Current users please note

If you are installing Badfellas for the first time, you may skip this section.

Existing users of Badfellas need to follow these steps to update.

  1. Stop Trisul
  2. Uninstall Badfellas (rpm -e)
  3. Install new (rpm -Uvh)
  4. Delete the old config file /usr/local/etc/trisul/PI-9FE* It will be recreated afresh.
  5. Start Trisul

The new lists will take effect within 5 minutes.

New to Trisul ?
Download Trisul and Badfellas today. Its free for a rolling 3-day window.

Leave a Reply

Your email address will not be published. Required fields are marked *