Singnature to detect Flashback trojon

Reply
Highlighted
L0 Member

Singnature to detect Flashback trojon

Does PA have a Singnature to detect Flashback trojon?

Thanks

Mike


Accepted Solutions
Highlighted
L3 Networker

We have coverage on two fronts for this malware.  First, we have coverage for the 2 CVEs this has been known to use (CVE-2011-3544 and more recently CVE-2012-0507).  Coverage for these exploits have been included in content 300 and updated in 302.  These have also been patched by Apple Software Update for clients that are up-to-date.  Second, we will be releasing a command-and-control signature (13157) for the Flashback C&C network traffic in this Tuesday's content update, to detect already infected hosts on the network.

View solution in original post


All Replies
Highlighted
Not applicable

I'd like to know as well. Haven't been able to find anything yet.  PA needs to release a signature ASAP due to the fact that most Macs don't run antivirus.

Highlighted
L1 Bithead

I hope is realeased soon as you said there are only few macs with AV

By the way Fsecure guys released a free app to check and remove Flashback

Best regards

Highlighted
L3 Networker

We have coverage on two fronts for this malware.  First, we have coverage for the 2 CVEs this has been known to use (CVE-2011-3544 and more recently CVE-2012-0507).  Coverage for these exploits have been included in content 300 and updated in 302.  These have also been patched by Apple Software Update for clients that are up-to-date.  Second, we will be releasing a command-and-control signature (13157) for the Flashback C&C network traffic in this Tuesday's content update, to detect already infected hosts on the network.

View solution in original post

Highlighted
L0 Member

>  we will be releasing a command-and-control signature (13157) for the Flashback C&C network traffic in this Tuesday's content update . . .

I cannot find this signature in my Vulnerability Protection Profile. Does any have a search term that shows this signature?

Highlighted
L7 Applicator

It's there.  Go to Objects / Security Profiles / Vulnerability Profiles, Create your own profile, go to the Exceptions Tab, click "show all signatures", and search for flash...

Capture.PNG

Highlighted
L0 Member

Hmm. That's what I did. But I'm not seeing any results. . .

flashback_search.jpg

Highlighted
L6 Presenter

You are in the vuln profile instead of the antispyware profile - dunno if that should matter (but it does when you search at threatvault where there are virus, vuln and spyware as three different databases for some reason).

Highlighted
L7 Applicator

It does matter.  Spyware signatures detect the network traffic for nasty things like Trojans, Botnets, etc.  The Vulnerability signatures are for vulnerabilities that exist within legitimate business applications. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!