It looks like the Snort folks have a signature for Flame, does PAN? If not, when is it coming? The CTOs will be asking if we are safe...
Solved! Go to Solution.
My answer to that question is currently - "Unless we have offices in the Middle East I'm unaware of, are politically active in Middle Eastern politics, or could otherwise be the target for 3 letter acronym Western intelligence agencies, I do not believe Flame is a present threat - unless/until the code is re-worked by cyber-criminals and deployed for other means"...!
Isnt that much more fun? Like using Microsoft products in your network - every day is a suprise when it comes to security ;-)
I agree with thread starter - since snort have announced a bunch of ips-rules (which I assume also means that their commercial sourcefire IPS can already detect this) hopefully PA could do the same...
I tried threat vault to search for both flame and skywiper but no hits, hopefully someone from PA could inform the community whats going on (like which db update and date will have ips-rules to detect this)?
And dont say "contact your SE" ffs =)
I cant find anything right now about shamoon in https://threatvault.paloaltonetworks.com/ searching for vuln, spyware and virus (dont forget to change that dropdown to the right).
However plenty of flame variants when searching for flame in the virus container along with two generic signatures in spyware. Perhaps shamoon is already covered by one of the flame variants?
Tricky part of all these names is that the AV community tends to create their own name for each virus which means something that Kaspersky has named could be the very same thing but different name when looking in Symantec db's and so on.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!