To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Citadel Botnet

Options
SocBoy
SocBoy W/ Alumni Posts: 3 Security Scout

Good Afternoon,

Can you tell me if F-Secure have rolled out a signature to detect and delete the Citadel Botnet as mentioned here

 

http://www.theregister.co.uk/2013/06/06/microsoft_feds_breach_citadel_botnets/

 

thanks for your advice

Comments

  • SocBoy
    SocBoy W/ Alumni Posts: 3 Security Scout
    Options

    Further info,

     

    after confirmation could you tell me what the signature name is so we can check our systems.

     

     

  • Dmitriy
    Dmitriy W/ Alumni Posts: 179 Threat Terminator
    Options

    Citadel banking trojan (and Zeus which it derived from) has been known for more than a year already. Please check our H1/2012 threat report (http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H1_2012.pdf). If you are using our latest software with DeepGuard4 technology, then you shouldn't worry about it. On systems running the old versions or no anti-virus at all, you can check them with our Online Scanner (http://www.f-secure.com/en/web/home_global/online-scanner). Also, make sure you have the OS and applications fully patched on your computers.

  • SocBoy
    SocBoy W/ Alumni Posts: 3 Security Scout
    Options

    Hi,

    Many thanks for you reply. Just a bit more information from me to make sure we are covered.

    We are running F-Secure Client Security 9.20 build 274 on our estate.

     

    The Deepguard version we are using is F-Secure DeepGuard 3.00 build 190 and I would also add that we are receiving these error alerts

    Message: DeepGuard configuration was rejected. Old configuration will be used if possible.

    Error code: XML parse failed!

     

    The main question I would like answering though is what is the infection name for this signature (for example: Exploit:Java/Majava.B)

     

    I appreciate your help in this matter

     

    Regards,

  • Dmitriy
    Dmitriy W/ Alumni Posts: 179 Threat Terminator
    Options

    Hi,

     

    I am not the malware researcher, but as far as I remember Citadel trojan could be dropped to the system via Java or PDF exploits. Java/Majava.B could be one of those.

     

    I would strongly recommend you to upgrade to the latest version of Client Security. DeepGuard has been significantly improved in Client Security 10 and can block exploits more effectively.

This discussion has been closed.