04-10-2012 12:42 PM
Does PA have a Singnature to detect Flashback trojon?
Thanks
Mike
04-12-2012 11:52 AM
We have coverage on two fronts for this malware. First, we have coverage for the 2 CVEs this has been known to use (CVE-2011-3544 and more recently CVE-2012-0507). Coverage for these exploits have been included in content 300 and updated in 302. These have also been patched by Apple Software Update for clients that are up-to-date. Second, we will be releasing a command-and-control signature (13157) for the Flashback C&C network traffic in this Tuesday's content update, to detect already infected hosts on the network.
04-11-2012 08:20 PM
I'd like to know as well. Haven't been able to find anything yet. PA needs to release a signature ASAP due to the fact that most Macs don't run antivirus.
04-12-2012 06:27 AM
I hope is realeased soon as you said there are only few macs with AV
By the way Fsecure guys released a free app to check and remove Flashback
Best regards
04-12-2012 11:52 AM
We have coverage on two fronts for this malware. First, we have coverage for the 2 CVEs this has been known to use (CVE-2011-3544 and more recently CVE-2012-0507). Coverage for these exploits have been included in content 300 and updated in 302. These have also been patched by Apple Software Update for clients that are up-to-date. Second, we will be releasing a command-and-control signature (13157) for the Flashback C&C network traffic in this Tuesday's content update, to detect already infected hosts on the network.
08-31-2012 05:45 AM
> we will be releasing a command-and-control signature (13157) for the Flashback C&C network traffic in this Tuesday's content update . . .
I cannot find this signature in my Vulnerability Protection Profile. Does any have a search term that shows this signature?
08-31-2012 07:44 AM
It's there. Go to Objects / Security Profiles / Vulnerability Profiles, Create your own profile, go to the Exceptions Tab, click "show all signatures", and search for flash...
08-31-2012 08:45 AM
Hmm. That's what I did. But I'm not seeing any results. . .
09-01-2012 01:52 AM
You are in the vuln profile instead of the antispyware profile - dunno if that should matter (but it does when you search at threatvault where there are virus, vuln and spyware as three different databases for some reason).
09-02-2012 02:18 PM
It does matter. Spyware signatures detect the network traffic for nasty things like Trojans, Botnets, etc. The Vulnerability signatures are for vulnerabilities that exist within legitimate business applications.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
