Endpoint Protection

Has anyone seen or heard where Symantec has weighed in on the Citadel Trojan issue?

Should fall in here

https://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99

Whitepapers here:

https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_world_of_financial_trojans.pdf

http://www.itu.int/ITU-D/eur/rf/cybersecurity/presentations/ITU_IMPACT_banking_trojans%20by%20Symantec.pdf

Security Response Blog here:

http://www.symantec.com/connect/blogs/citadel-s-defenses-breached

This is what I could find

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26434

Hello,

Symantec has released numerous blogs and detections for Zbot. The main detections in this instance are

AV – Trojan.Zbot

IPS - System Infected: Citadel C&C Activity

Check these other attack signatures:

Attack: Citadel/UX Username BO

CITADEL UX Format String BO

CITADEL UX Remote BO

System Infected: Citadel C&C Activity

Check this Latest BLOG from Symantec Security Response:

Citadel’s Defenses Breached

https://www-secure.symantec.com/connect/blogs/citadel-s-defenses-breached

Hope that helps!!

"Thumbs up" to the above!

There are those IPS signatures (and please do add IPS to your environment, if it is not already in place!!) and Symantec has also had antivirus detections against this for quite a while.  The AV detections will appear as "Trojan.Zbot" - no special name for this variant/particular crimeware kit. 

Please do stress to all stakeholders, though, that the main component of security is not technical but human.  Education and sound practice are the keys to keeping your data safe.

More good recommendations from Security Response:

Symantec Endpoint Protection – Best Practices
http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0