Endpoint Protection

 View Only
  • 1.  Trojan.Gozi

    Posted Aug 18, 2016 09:55 AM

    Hello,

    I'm looking for information about this trojan because I can't find it on the Security Response and I need to know how SEP can protect my organization against this Trojan.

    If anyone has faced this threat it could be useful have you opinion about.

     

    Thanks in advance



  • 2.  RE: Trojan.Gozi

    Trusted Advisor
    Posted Aug 18, 2016 10:14 AM

    Looks like an very old virus... best I can find was this

    https://www.secureworks.com/research/gozi



  • 3.  RE: Trojan.Gozi
    Best Answer

    Trusted Advisor
    Posted Aug 18, 2016 10:29 AM


  • 4.  RE: Trojan.Gozi

    Posted Aug 18, 2016 12:45 PM

    Hello DDepaul,

     

    Both the links mentioned GeoGeo are the available information for this threat. The write up for this Trojan was last updated on June 11, 2014 1:32:37 PM. Symantec would recommend to submit a sample file or a suspected file if you have one. If you reach the support team, Trust me they would give the same answer.

    Below are the links to submit the submission based on entitlement

    Retail

    https://submit.symantec.com/websubmit/retail.cgi

    Gold

    https://submit.symantec.com/websubmit/gold.cgi

    Essential

    https://submit.symantec.com/websubmit/essential.cgi

     

    Regards,

    Mohammed

     

    Click the "Mark as solution" link at bottom left on the post if this answer fixed your issue :)



  • 5.  RE: Trojan.Gozi

    Posted Aug 19, 2016 04:51 AM

    Hi DDepaul,

    Thanks for the querey.  Gozi is indeed old news.  A more recent development is the hybrid between Gozi ISFB code and the Nymaim Trojan.  This new threat is referred to as Goznym.  That is detected by Symantec AV signatures as Trojan.Nymaim.B.  SEP IPS signature "System Infected: Trojan.Nymaim.B Activity" will alerts security admins of an infection.

    This article can help:

    Symantec Endpoint Protection – Best Practices
    http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0

    Please do update this thread with any additional qurestion or mark it solved if you have received the info you were looking for.

    With thanks and best regards,

    Mick



  • 6.  RE: Trojan.Gozi

    Posted Aug 22, 2016 10:39 AM

    Thanks you all for the replies! They helped me a lot.

    Regards