Havex Malware

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Havex Malware

L1 Bithead

Hi all,

Do you have any information about PAN detection capability for the Havex malware family: http://www.f-secure.com/weblog/archives/00002718.html

Threat vault seems to produce no hits at the moment.

Tuomo

26 REPLIES 26

L0 Member

I would like more information on this too.

Nick

L7 Applicator

This is not showing up yet in the threat vault as an existing update for PA.

https://threatvault.paloaltonetworks.com/

You can open a ticket with support to get a more specific update.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

L1 Bithead

Did you got some more information about havex/oldrea malware coverage in the threat signatures unitl now?

Andy

Any update from PA?

If this is a critical vulnerability to you, I would open a ticket. This will get the signature escalated internally.

You can't expect an official update from PA here.  These are just user to user support forums.  We are lucky that many PA employees spend a great deal of time here.  But official support is still via tickets to the support portal.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

But we have.....

L4 Transporter

Looks like Havex made it into the ThreatVault:

https://threatvault.paloaltonetworks.com/Home/VirusDetail/2889719

Interestingly enough if you click on the hash links, PA's own WildFire flags it as benign! Hmph. :smileyplain:

I guess that is just a one way conversation, wildfire pushes signatures to threats but not back the other way.

They did just add this because I checked before posting this morning earlier and it wasn't there yet.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center

We uploaded a sample of havex to Wildfire ca June 20th - problem is they don't check it on Acrobat reader 10.x....
PAN also need to update their Virtual machines...

L5 Sessionator

Hello All,

We have coverage for Havex malware.

Please upgrade to latest Anti virus version released today.

Regards,

Hari Yadavalli

Does WildFire flag a sample as malicious yet :smileylaugh:

Based on the SHA provided in initial comment I see wildfire reported as malicious

  • 11343 Views
  • 26 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!