I've had one of my RMM clients get repeated attacks from MindSpark, with Malwarebytes cleaning up over 400 components in a shot.
I thought MBAM was supposed to keep the system protected, but the NOC tells me that this is being caused by a worm, specifically Trojan.Gen.ML.
According to the article they provided (http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/worm_lineage.ju), Symantec is supposed to stop/block it, but that has not been the case.
I've gone back through my email for the past 12 months as well as various Partner Management Console reports and cannot find any evidence of having recieved an alert for this particular event. In fact, the only alert for this computer was this one:
Incident Date
|
Status
|
IPS Alert Name
|
Attack Signature
|
11/11/2015 2:20:34 PM
|
Blocked
|
Web Attack : Malicious Website Script Redirect 16
|
N/A
|
So I am wondering if anyone knows why this got through?
FWIW: It turns out that Junkware Removal Tool (JRT.exe), also from Malwarebytes, did perform a thorough cleaning...