Endpoint Protection

Good Day,

Just would like to know any information regarding Win32/CazinoSilver Activity. We've been seeing this threat and i think my SEP is not able to detect or mitigate this threat. Hope anyone can help. Thanks

Best Regards,

If sep not detect You can submit suspicious file to symantec

https://submit.symantec.com/websubmit/retail.cgi

How to Use the Web Submission Process to Submit Suspicious Files

https://support.symantec.com/en_US/article.TECH102419.html

see mick 2009 articles

https://www-secure.symantec.com/connect/articles/symantec-insider-tip-successful-submissions

Where are you seeing it? Is SEP making any sort of detection?

This has been around for some time, see here:

https://www.virustotal.com/en/file/68ded50bf7c9b7f6961e6334b25fdad5d2369e461051d5a9fa1f1ebaadeb1d0e/analysis/1302535749/

Make sure your content is fully up to date and run a full scan.

Are you also employing IPS, SONAR, Download Insight, and the Firewall? If not, I would suggest enabling them for best protection.

Thanks James,

The problem is SEP cannot detect it so we don't have visibility who are the clients that was affected by this threat.We only do have a report (3rd party solution) that has the total or highest number of threat that was recorded on the network. Having this issue, we cannot submit any suspicious files to symantec. Thanks

Best Regards,

Have you tried running the Threat Analysis scan from within Symhelp or using another third party scanner? These are other options you'll need to pursue.

I haven't tried running Symhelp yet because i don't know which client is affected by this threat

HI Brian,

According to your provided link, does this mean that Win32/CazinoSilver was threated by Symantec as WS.Reputation.1?

Unfortunately not. It only give the total number of threat detected

Yes.

Hi Aeschylus,

Just judging by the "VegasVIP_setup.exe" name, ths looks like a Potentially Unwanted Application / Grayware rather than a program that is designed to steal information or sabotage the computers.  Even if it is not detected by Symantec Endpoint Protection, you can block it in your own organization. This article may help:

All About Grayware
https://www-secure.symantec.com/connect/articles/all-about-grayware

I viewed the Analysis date "view lates" and check the Symantec antivirus and its result. And the result was "File not Detected".

Can we say that the site has a reliable information? Please advise. Thanks

Best Regards,

VT is very reliable.

So this means that base on the latest analysis date, Symantec was not able to detect this threat and that the threat was already not categories as Ws.Reputation.1?

Best Regards,

Hi Aeschylus,

When your investigation has advanced to the point that you have identified the computers involved and the processes responsible for the traffic, please do feel free to PM me with the tracking numbers of the submissions for those.  I will see if I can help.

There's really no way to confirm if Symantec detects something based on another vendor's name/determination.  We'll need to have a look ourselves. &: )

With thanks and best regards,

Mick

Hi Aeschylus,

Just a ping to see if you have any update?  The thread is still marked "needs solution."

Many thanks!

Mick