Endpoint Protection

I recently saw an article from mar of 2015 about DRIDEX. Does Syamantec Endpoint Protection detect and protect against this type of infection/malware. I want to ensure our systems are protected, we are running version 12.1.6 currently with up to date virus definitions. Thanks in advance.

According to this virus total result symantec detects it as a generic trojan horse.

https://www.virustotal.com/en/file/de25222783cdcbe20ca8d8d9a531f150387260e5297f672474141227eeff7773/analysis/1419394924/

you might also want to take a look at this details article from mitun

DRIDEX and how to overcome it.

Yes, see these links from Symantec:

Dridex is the latest variant of Cridex:

W32.Cridex
http://www.symantec.com/security_response/writeup.jsp?docid=2012-012103-0840-99

Trojan.Cridex
http://www.symantec.com/security_response/writeup.jsp?docid=2015-012314-0117-99

Other Dridex samples are caught as Trojan Horse, Trojan.Gen and other more generic names. There is also coverage in place for 64-bit versions, heuristic signatures against Cridex, IPS, etc.

IPS signature is here:

System Infected: Trojan.Cridex Activity 5

https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28567

Additionally, there is a blog here detailing all detection types, check it out:

https://www-secure.symantec.com/connect/blogs/dridex-takedown-sinks-botnet-infections

Hello,

Check this Article:

DRIDEX and how to overcome it.

https://www-secure.symantec.com/connect/blogs/dridex-and-how-overcome-it

DRIDEX is an online banking malware that steals personal information through HTML injections. This mainly targets customers of financial/banking institutions based in Europe. First spotted around November 2014, DRIDEX is considered to be the direct successor of online banking malware CRIDEX; it features new malicious routines as well as techniques to avoid detection.

Symantec classification for Cridex:

W32.Cridex

http://www.symantec.com/security_response/writeup.jsp?docid=2012-012103-0840-99

W32.Cridex is a worm that spreads by copying itself to mapped and removable drives. It also opens a back door and downloads potentially malicious files on to the compromised computer.

Trojan.Cridex

http://www.symantec.com/security_response/writeup.jsp?docid=2015-012314-0117-99

Trojan.Cridex is a Trojan horse that may add the compromised computer to a botnet and steal information.

Other Dridex samples are caught as Trojan Horse, Trojan.Gen and other more generic names. There is also coverage in place for 64-bit versions, heuristic signatures against Cridex, IPS, etc.  Those are quite effective.

Hope that helps!!

Hi alplechaty,

Yes, this is a threat that Security Response is well aware of.  We are constantly refining protection. Definitely be sure that you are scanning mail that is coming into your organization (malicious macro docs often download Cridex when the document is opened) and that all components of SEP- especially IPS- are in use on all endpoints.

Some good news:

Bugat Botnet Administrator Arrested and Malware Disabled
https://www.fbi.gov/pittsburgh/press-releases/2015/bugat-botnet-administrator-arrested-and-malware-disabled

Just to mention, at any point you felt there is any active threat which SEP is not able to detect it.

Follow best practice guide: Virus removal and troubleshooting on a network

http://www.symantec.com/docs/TECH122466

Also see:

Dridex takedown sinks botnet infections

https://www-secure.symantec.com/connect/blogs/dridex-takedown-sinks-botnet-infections

Hi alplechaty,

Just wondering if you have any additional questions?  This thread is still marked "needs solution."