1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Festi Rootkit Activity

System Infected: Festi Rootkit Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This IPS signature is designed to detect and block the network communications initiated by Festi rootkit to prevent the threat from receiving additional commands and further updates even when antivirus might not be able to detect the infection.

Additional Information

According to the statistics, Festi Rootkit is the most active rootkit around the world. The rootkit is capable of droping malwares that can spread spam. It can also be used to actively perform DDOS atttacks.


  • Microsoft Windows based operating systems.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube