1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: SMB Ransom Malware Copy Attempt

Attack: SMB Ransom Malware Copy Attempt

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature will detect attempts of worms to create certain files like autorun.inf, transfer of exes and exes masquerading as documents on network shares.

Additional Information

Certain worms spread through network shares by having autorun.inf reads/writes on network share roots or transfer of executables masquerading as documents or writes to suspicious folders.

This signature will detect attempts of worms to create certain files like autorun.inf, transfer of exes and exes masquerading as documents on network shares.

Affected

  • Windows

Response

Unless otherwise known, any unintended SMB Activity in this network traffic should be treated as Malicious. Actions should be taken to suspend and audit the communication and potentially block this network Activity from further communication.

If you want to block this traffic, refer following link:
https://support.symantec.com/en_US/article.HOWTO80883.html
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube