Sinowal Trojan - Undetectable ?

Discussion in 'other security issues & news' started by Ocky, Nov 4, 2008.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    I wonder if HIPS or any scanners can stop/detect/clean this one.
    (Also known as Torpig and Mebroot.)

    http://www.rsa.com/blog/blog_entry.aspx?id=1378
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Great ! I am protected with MBAM, along with many other Wilders members. :thumb:
     
  4. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    I can guarantee Prevx CSI is able too ;)
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Not only has it become detectable, it's always been preventable, since its method of installing is the easiest to block-- the remote code execution (drive-by download) attack:

    http://cyberinsecure.com/undetectable-sinowaltorpig-trojan-steals-more-than-300000-bank-accounts/
    All you need is security in place that will block any attempt to download an executable file without your permission.

    ----
     
  6. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Prevx 2.0 nails it too. :thumb:
     
Loading...
Thread Status:
Not open for further replies.