Message Image

Skip main navigation (Press Enter).

Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Massive Botnet and Symantec doesn't pick it up

Migration UserApr 23, 2009 03:23 PM

Article posted on Dark Reading - http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=217000166&cid=nl_DR_WEEKLY_T ...

Migration UserApr 23, 2009 03:43 PM

It only uses the command line version of a scanner. It does not look at running processes that can be ...

Migration UserApr 24, 2009 01:39 PM

I tested with definition set of 20090423.004 and 20090422.005 The definitions from 23rd is picking ...

1. Massive Botnet and Symantec doesn't pick it up

0 Recommend
Migration User
Posted Apr 23, 2009 03:23 PM

Reply Reply Privately
Article posted on Dark Reading - http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=217000166&cid=nl_DR_WEEKLY_T

Researchers indicate that the botnet is not picked up by Symantec and most anti-virus solutions.

1.9 Million PC's infected...
Botnet works over http and can download lots of goodies onto the PC and your network.

When is there going to be a fix/solution for this.
2. RE: Massive Botnet and Symantec doesn't pick it up

0 Recommend
Migration User
Posted Apr 23, 2009 03:43 PM

Reply Reply Privately
It only uses the command line version of a scanner. It does not look at running processes that can be present after an encrypted piece of malware decrypts itself at runtime and goes into memory. it 's a very static test of a file.

Ray
3. RE: Massive Botnet and Symantec doesn't pick it up

0 Recommend
Migration User
Posted Apr 24, 2009 01:39 PM

Reply Reply Privately
I tested with definition set of 20090423.004 and 20090422.005

The definitions from 23rd is picking it up whereas 22nd one is not .

I had requested for a sample, You can reverse it too if you have an isolated environment.

http://www.offensivecomputing.net/?q=node/1174#comment-3114

Copyright 2019. All rights reserved.

Powered by Higher Logic