Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
05-29-2012 03:00 PM
It looks like the Snort folks have a signature for Flame, does PAN? If not, when is it coming? The CTOs will be asking if we are safe...
http://vrt-blog.snort.org/2012/05/flame-malware-targeted-attacks-and-you.html
05-30-2012 12:57 PM
Hi...We will have an AV update for the flame exploits later today. Thanks.
05-30-2012 05:30 AM
My answer to that question is currently - "Unless we have offices in the Middle East I'm unaware of, are politically active in Middle Eastern politics, or could otherwise be the target for 3 letter acronym Western intelligence agencies, I do not believe Flame is a present threat - unless/until the code is re-worked by cyber-criminals and deployed for other means"...!
05-30-2012 07:36 AM
You prefer to wait until a threat is eminent before protecting yourself? That seems less than prudent.
05-30-2012 12:50 PM
Isnt that much more fun? Like using Microsoft products in your network - every day is a suprise when it comes to security 😉
I agree with thread starter - since snort have announced a bunch of ips-rules (which I assume also means that their commercial sourcefire IPS can already detect this) hopefully PA could do the same...
I tried threat vault to search for both flame and skywiper but no hits, hopefully someone from PA could inform the community whats going on (like which db update and date will have ips-rules to detect this)?
And dont say "contact your SE" ffs 😃
05-30-2012 12:57 PM
Hi...We will have an AV update for the flame exploits later today. Thanks.
08-29-2012 10:45 PM
Thanks for this, specially we have now a variant Shamoon.
IS AV now also updated for Shamoon?
08-30-2012 01:53 AM
I cant find anything right now about shamoon in https://threatvault.paloaltonetworks.com/ searching for vuln, spyware and virus (dont forget to change that dropdown to the right).
However plenty of flame variants when searching for flame in the virus container along with two generic signatures in spyware. Perhaps shamoon is already covered by one of the flame variants?
Tricky part of all these names is that the AV community tends to create their own name for each virus which means something that Kaspersky has named could be the very same thing but different name when looking in Symantec db's and so on.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
