Endpoint SWAT: Protect the Endpoint Community

Is there any response from Symantec regarding this newest virus : GameOver Zeus P2P Malware

There is an IPS signature for it:

http://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25879

AV signature as well:

http://www.symantec.com/security_response/writeup.jsp?docid=2010-011016-3514-99

Are you seeing something not being detected? If so, could be a newer, updated variant to elude AV. I would recommend submitting to Symantec for analysis.

Adding this link for further detail:

http://www.us-cert.gov/ncas/alerts/TA14-150A

...and another:

https://www-secure.symantec.com/connect/blogs/international-takedown-wounds-gameover-zeus-cybercrime-network

Also has a link to a "Fix" tool

Our hardware PCs and persistent VDI (VMware) PCs are running SEP12 modules VSP, PTP & NTP.

However, our Composer-based VDI PCs (VMware) are running SEP12 Virus and Spyware Protection only (to mitigate impact to underlying ESX resources).

Are we adequately protected from GameOver Zeus and CryptoLocker on those PCs running SEP12 VSP only?

Ideally, you want to include the IPS asit contains signatures to block this

Does "IPS" = both Proactive Threat Protection and Network Threat Protection?

I see IPS = NTP. I'll check into activating that on C-VDI pools (and leave PTP inactive). Thx!
 

Removal Tool link,

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixNecurs64bit.exe

thanks