Latest versions of Zeus -- might adding some firewall rules help?

Norton Security | Norton Internet Security
1

 

I understand that to some extent AV software is always in catch-up mode - a new virus is released and then new signatures can generated to detect it. 

 

With regards to the Zeus virus I understand that with rare exception the virus "phones home" to a *.RU domain address.

For those of us that have not need to visit *.RU domains, would it be helpful to add a firewall rule to block outbound traffic to RU domains? 

If so, could someone explain the details I could not figure out how to add a rule to block  outbound connections to destinations of:   <wildcard>.RU    i.e. anything with a .RU suffix.....

 

THANKS!

2

Bad idea cause .ru is the suffix for russian sites, like .co.uk. Blocking .ru sites will block out any sites that use .ru. Plus, not quite sure if you can block it but you could use the router parental control settings to block the sites.

3

Not quite sure if that can be done with Norton. Plus, .ru is the prefix for russian sites, like .co.uk. Blocking it will restrict all sites using .ru, good or bad. Plus if you have a router, you might be able to use the parental control feature, if it has one to block the keyword .ru.

4

 

Thanks for the reply!

I don't think I would miss any of blocked sites *.RU as I don't think i've ever been there :smileywink: but if I did miss them I suppose I could put in a higher priority rule to pass specified sites.  The Parental options might work!!! I don't have them installed now, but will look into that - thanks!

 

My son never got the "wait 4 seconds" page but ... I am now paranoid about the situation as he does do some on-line banking / PayPal stuff.............

5

I was talking about the parental control feature found on some routers.  Some routers also come with keyword blocking and domain blocking.  I have added goggle.com as a parental control keyword blocking and whenever I visit a page containing the words "goggle.com" it displays netgear firewall have blocked this page or something like that.

6

 

Ahhhhhhhhhhhh I thought you meant the "parental controls" in NIS!

 

My router does have parental controls, but I was thinking that might only block outbound traffic on port 80?

Or might only block http type traffic?