Regd. Red October global espionage


Yesterday I read about Red October global espionage. Details are here:

Researchers have uncovered an ongoing, large-scale computer espionage network that’s targeting hundreds of diplomatic, governmental, and scientific organizations in at least 39 countries, including the Russian Federation, Iran, and the United States.

My question:

  1. Apart from updating MS Office, Adobe Reader and Java patches, is there anything I could do within my Comodo 5.10.x Firewall to detect it?

  2. How to identify once my machines gets infected?

Please respond.

Big Thanks

If they want you, they get you.

Dont use the trusted vendors list, use paranoid mode.
Dont use the game mode button or trainingsmode.

Dont ask for userfriendlyness, but keep your eyes open.

Make each rule for the firewall on your own.

If “we” would be a target, they would have to read loads of BS.

Make sure that it isnt you who installs something like that. Thats the most difficult part. And the most likely.

Thanks for the response. I’m using:

Configuration - Firewall Security

Firewall Security Level - Custom Policy
Defense+ Security Level - Clean PC
Sandbox Security Level - Disabled

I don’t use Game mode at all.

Is this good enough? or if I make Defense+ as Paranoid will do?

Please suggest any changes.

PS: any link(s) on how to make more tighter Firewall rules?

Big thanks again

Heres a really good guide
configuration of CIS for high security

Thanks go to Chiron

Paranoid mode incurs too many pop ups.
Whats the issue with game mode?..i never use it anyway.

Thanks for the reference.

I’ve gone through a few links. The article covers 6.0 version, but I’ll manage.

I downloaded TDSSKiller to check for Rootkits. Nothing found. I’ll check with CCE later.

It was indeed a great work done by Chiron :slight_smile:


I would recommend proactive configuration.
Note: This will make it necessary to make a new rule set.

A discovered thread is a detected thread. So your antivirus will be the protection against it.

In general, all “layers” that avoid something to happen without your consent are protection.
Firewall (block IP in any, only allow necessary things to connect OUT)
Defense+ (clean mode was too much work, i found paranoid mode less demanding, but you have to make decisions about everything. Dont worry that much, today i am using safe mode :D)
Use a password for comodo

Those attacks are targeted. And you dont get all malware out there. So you are more than average safe :wink:

“Game mode” is the new userfriendly name of “trainings mode”.
No protection+perma allow rules

Thanks for responding.

a) could you share any example of a proactive config. rules set?
b) Since 2+ years, I run Comodo Firewall + Avira AV. It this team safe enough?
c) I did look at “Firewall Behavior Settings” etc. Where to set a password?
d) Should I enable Sandbox?
e) In Defense+ General Settings, should i enable enhanced protection mode?
f) What to select for “Treat unrecognized files as” (P. Limited/Limited/Restricted/Blocked)?

I’m quite worried about the data - personal and business. I already isolated this PC (stand alone internet, not using any USB sticks etc as precaution. Should I discard using (fully-patched) Windows XP SP3 altogether? (I use Win 7, Mac OS and Linux OSes too).

I’m sorry to hit you with so many questions. Could you or anyone answer them?

Thank you very much.

I can try to answer a few of these:

c) Advanced Settings → General Settings → User Interface → Enable Password Protection
d) It’s recommended, especially if you’re going for maximum security
e) As far as I know, Enhanced Protection Mode is important on 64-bit systems
f) If you follow Chiron’s guide, he advices to treat them as ‘Restricted’

The internet is full of answers.
And you can read the manual of comodo. Its made well.

If you have so many concerns, you should look at each window of any program that you use. To make the settings. In general.

You have to make choices. Read what you can choose.
You know what you are looking for.

Avira was fine for me with comodo.

Thats not right.
If you are concerned about execution of things,
you should not enable the sandbox,
but instead at least safe mode, or best paranoid mode.

I spoke too soon, sorry!
I stand corrected.

It seems I annoyed you ??? That was not my intention at all.

Nevertheless, I’ll take your suggestions and take some quality time…

Thank you very much

I gave an usefull information. Usefull for the future too :wink: