Sinowal Trojan - Undetectable ?

Discussion in 'other security issues & news' started by Ocky, Nov 4, 2008.

Thread Status:
Not open for further replies.
  1. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
    I wonder if HIPS or any scanners can stop/detect/clean this one.
    (Also known as Torpig and Mebroot.)

    http://www.rsa.com/blog/blog_entry.aspx?id=1378
     
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    26,740
    Location:
    U.S.A.
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,710
    Location:
    George, S.Africa
    Great ! I am protected with MBAM, along with many other Wilders members. :thumb:
     
  4. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    I can guarantee Prevx CSI is able too ;)
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Not only has it become detectable, it's always been preventable, since its method of installing is the easiest to block-- the remote code execution (drive-by download) attack:

    http://cyberinsecure.com/undetectable-sinowaltorpig-trojan-steals-more-than-300000-bank-accounts/
    All you need is security in place that will block any attempt to download an executable file without your permission.

    ----
     
  6. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Prevx 2.0 nails it too. :thumb:
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.