11-26-2014 09:01 AM
Hi All,
I understand that this bit of spyware is not well understood as to it's ultimate purpose, very hard to detect and in fact, with the media converge it has had recently I am sure whoever coded this nasty has since changed it's code/behavior.
But my question is, does or is PA able to detect any such traffic from this malicious code given that it has taken the "Security experts" years to come back with their prognosis on the code in the first place. Or is this one of those things that we just have to pray to the IT deities that we never fall under the gaze of someone who is wielding such a powerful bit of spyware?
11-26-2014 12:14 PM
Hi,
You can find more information here Regin Malware (regin.backdoor)
11-26-2014 02:24 PM
i would be interested in this as well...
No access to the link you provided though......even though i am logged in..
regards
Paul
11-27-2014 02:51 AM
Thanks for the link. Although I am getting "Access to this place or content is restricted"
Could you provide a working link please?
Thanks,
James
11-27-2014 03:09 AM
I am unable to get to the link also
11-28-2014 05:22 AM
I'm sorry to say, after doing a little research it looks like you are out of luck for now. Researchers have yet to say how victims get infected but that the malware disguises itself as legitimate Microsoft Software. I suggest you make sure your environment is as clean as possible to cover any other exploit that may have been used to deliver it. IE. updated OS/software, updated sigs, etc.
Edit:
Here is Symantec's whitepaper on the malware, they were the ones to discover it:
They have been unable to reproduce infection but through investigation and logs they say it can be delivered through spoofed websites and such.
11-28-2014 06:56 AM
Thanks for coming back DZ
We use WSUS to deliver any MS updates/installs that we do. So hopefully it will help protect us to a degree.
It is just strange that there is not a lot of noise being kicked up about this by AV companies.
11-28-2014 07:06 AM
No problem! The discovery of it is still less that a week old and given that it appears to be a well funded nation-state created malware it may take some time to fully investigate before they can release anything on a signature level to block it.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
