https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6961#M5132 <HTML><HEAD></HEAD><BODY><P>My answer to that question is currently - "Unless we have offices in the Middle East I'm unaware of, are politically active in Middle Eastern politics, or could otherwise be the target for 3 letter acronym Western intelligence agencies, I do not believe Flame is a present threat - unless/until the code is re-worked by cyber-criminals and deployed for other means"...!</P></BODY></HTML> Wed, 30 May 2012 12:30:16 GMT apackard 2012-05-30T12:30:16Z https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6960#M5131 <HTML><HEAD></HEAD><BODY><P>It looks like the Snort folks have a signature for Flame, does PAN?&nbsp; If not, when is it coming?&nbsp; The CTOs will be asking if we are safe...</P><P></P><P><A class="jive-link-external-small" href="http://vrt-blog.snort.org/2012/05/flame-malware-targeted-attacks-and-you.html">http://vrt-blog.snort.org/2012/05/flame-malware-targeted-attacks-and-you.html</A></P></BODY></HTML> Tue, 29 May 2012 22:00:21 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6960#M5131 grant_sturgis 2012-05-29T22:00:21Z https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6961#M5132 <HTML><HEAD></HEAD><BODY><P>My answer to that question is currently - "Unless we have offices in the Middle East I'm unaware of, are politically active in Middle Eastern politics, or could otherwise be the target for 3 letter acronym Western intelligence agencies, I do not believe Flame is a present threat - unless/until the code is re-worked by cyber-criminals and deployed for other means"...!</P></BODY></HTML> Wed, 30 May 2012 12:30:16 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6961#M5132 apackard 2012-05-30T12:30:16Z https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6962#M5133 <HTML><HEAD></HEAD><BODY><P>You prefer to wait until a threat is eminent before protecting yourself?&nbsp; That seems less than prudent.</P></BODY></HTML> Wed, 30 May 2012 14:36:55 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6962#M5133 grant_sturgis 2012-05-30T14:36:55Z https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6963#M5134 <HTML><HEAD></HEAD><BODY><P>Isnt that much more fun? Like using Microsoft products in your network - every day is a suprise when it comes to security <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P></P><P>I agree with thread starter - since snort have announced a bunch of ips-rules (which I assume also means that their commercial sourcefire IPS can already detect this) hopefully PA could do the same...</P><P></P><P>I tried threat vault to search for both flame and skywiper but no hits, hopefully someone from PA could inform the community whats going on (like which db update and date will have ips-rules to detect this)?</P><P></P><P>And dont say "contact your SE" ffs <span class="lia-unicode-emoji" title=":grinning_face_with_big_eyes:">😃</span></P></BODY></HTML> Wed, 30 May 2012 19:50:28 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6963#M5134 mikand 2012-05-30T19:50:28Z https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6964#M5135 <HTML><HEAD></HEAD><BODY><P>Hi...We will have an AV update for the flame exploits later today.&nbsp; Thanks.</P></BODY></HTML> Wed, 30 May 2012 19:57:04 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6964#M5135 rmonvon 2012-05-30T19:57:04Z https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6965#M5136 <HTML><HEAD></HEAD><BODY><P>Thanks for this, specially we have now a variant Shamoon.</P><P>IS AV now also updated for Shamoon?</P></BODY></HTML> Thu, 30 Aug 2012 05:45:27 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6965#M5136 sandro 2012-08-30T05:45:27Z https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6966#M5137 <HTML><HEAD></HEAD><BODY><P>I cant find anything right now about shamoon in <A href="https://threatvault.paloaltonetworks.com/" title="https://threatvault.paloaltonetworks.com/">https://threatvault.paloaltonetworks.com/</A> searching for vuln, spyware and virus (dont forget to change that dropdown to the right).</P><P></P><P>However plenty of flame variants when searching for flame in the virus container along with two generic signatures in spyware. Perhaps shamoon is already covered by one of the flame variants?</P><P></P><P>Tricky part of all these names is that the AV community tends to create their own name for each virus which means something that Kaspersky has named could be the very same thing but different name when looking in Symantec db's and so on.</P></BODY></HTML> Thu, 30 Aug 2012 08:53:58 GMT https://live.paloaltonetworks.com/t5/general-topics/detecting-flame-exploit/m-p/6966#M5137 mikand 2012-08-30T08:53:58Z