James Harper wrote:
I'm trying to find a simple way to parse squid logfiles looking for cryptolocker (http://en.wikipedia.org/wiki/CryptoLocker) URL's. The proxy in question denies these anyway because the current version of cryptolocker doesn't authenticate and this proxy requires authentication, so right now it's a useful trigger to notice an infection after the fact but before it has downloaded enough to start infecting user files.
To ask a stupid question; I take it that this is a legitimate 'luv-main' subject because the parsing is being done on a Linux machine ? I notice from the above URL : "CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows[1] and first surfaced in September 2013................. "; there being no suggestion that Linux machines are affected ? thanks Rohan McLeod