Video Screencast Help

Does Symantec have a signature to protect against this worm?

Created: 28 Nov 2012 | 12 comments

Comments 12 CommentsJump to latest comment

_Brian's picture

The problem is all the companies use a different naming convention. So you would need to call Symantec as they probably have it internally.

dmaltby's picture

It looks very close to the W32.Changeup article update that Symantec released yesterday:

https://www-secure.symantec.com/connect/pt-br/blog...

The worm itself is old, but a new variant has kicked up the detections again.  Symantec just modified existing signatures, whereas McAfee added variant label to their signatures.

Mayu001's picture

Generic BackDoor.wc
W32/Autorun.worm.aaeb

Macfee has relase the patch today any patch is relase by symantec......

 

 

Mick2009's picture

Definitions and IPS signatures are available now, if this is indeed W32.Changeup.  We have the following protections in place for the latest version of W32.Changeup:

Antivirus

•W32.Changeup
•W32.Changeup!gen22
•W32.Changeup!gen23

Intrusion Prevention System

System Infected: W32.Changeup Worm Activity

 

There is also a list of servers that can be locked at the firewall level, and advice on how to prevent the spread of autorun threats and lock down Windows network shares.

W32.Changeup – A Malicious Gift That Keeps On Giving
https://www-secure.symantec.com/connect/blogs/w32changeup-malicious-gift-keeps-giving

With thanks and best regards,

Mick

Mick2009's picture

Glad to help!

If anyone does encounter any suspicious files they feel may be related to this (or any other threat), please do submit them to Security Response for analysis! 

Here are some good general recommendations on how to stay safe:

http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

With thanks and best regards,

Mick