Detecting Flame exploit

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Detecting Flame exploit

Not applicable

It looks like the Snort folks have a signature for Flame, does PAN?  If not, when is it coming?  The CTOs will be asking if we are safe...

http://vrt-blog.snort.org/2012/05/flame-malware-targeted-attacks-and-you.html

1 accepted solution

Accepted Solutions

Hi...We will have an AV update for the flame exploits later today.  Thanks.

View solution in original post

6 REPLIES 6

L4 Transporter

My answer to that question is currently - "Unless we have offices in the Middle East I'm unaware of, are politically active in Middle Eastern politics, or could otherwise be the target for 3 letter acronym Western intelligence agencies, I do not believe Flame is a present threat - unless/until the code is re-worked by cyber-criminals and deployed for other means"...!

You prefer to wait until a threat is eminent before protecting yourself?  That seems less than prudent.

Isnt that much more fun? Like using Microsoft products in your network - every day is a suprise when it comes to security 😉

I agree with thread starter - since snort have announced a bunch of ips-rules (which I assume also means that their commercial sourcefire IPS can already detect this) hopefully PA could do the same...

I tried threat vault to search for both flame and skywiper but no hits, hopefully someone from PA could inform the community whats going on (like which db update and date will have ips-rules to detect this)?

And dont say "contact your SE" ffs 😃

Hi...We will have an AV update for the flame exploits later today.  Thanks.

Thanks for this, specially we have now a variant Shamoon.

IS AV now also updated for Shamoon?

I cant find anything right now about shamoon in https://threatvault.paloaltonetworks.com/ searching for vuln, spyware and virus (dont forget to change that dropdown to the right).

However plenty of flame variants when searching for flame in the virus container along with two generic signatures in spyware. Perhaps shamoon is already covered by one of the flame variants?

Tricky part of all these names is that the AV community tends to create their own name for each virus which means something that Kaspersky has named could be the very same thing but different name when looking in Symantec db's and so on.

  • 1 accepted solution
  • 3591 Views
  • 6 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!