Endpoint Protection

 View Only
  • 1.  New Botnet Does Symantec Dectect it

    Broadcom Employee
    Posted Sep 27, 2009 09:08 PM
    Saw this article today and I am trying to find more info.   Does anyone know if Symantec detects it yet?

    http://www.foxnews.com/story/0,2933,555901,00.html

    Botnet is going by the name of Mariposa and according to the article there are many variants and most AV product do not detect it.  So far I have not found much out on it out side of this article





  • 2.  RE: New Botnet Does Symantec Dectect it

    Broadcom Employee
    Posted Sep 27, 2009 10:45 PM
    Hi,

    From what I have read, this botnet is believed to be created from Butterfly Bot Kit.

    There isnt much info on this particular threat. I will look into this and post an update sometime today.

    Best,
    Aniket


  • 3.  RE: New Botnet Does Symantec Dectect it

    Broadcom Employee
    Posted Sep 29, 2009 09:40 AM
    I am hearing very little ont his but the article was enough to cause some concern.


  • 4.  RE: New Botnet Does Symantec Dectect it

    Posted Sep 29, 2009 11:06 AM
    Hi Rick,

    This news item has been getting a lot of press lately.  Symantec is aware of it and our Security Response team is currently investigating.  

    Often times, these threats are already detected by varius AV vendors, but under a different name.  

    I believe from a bit of reading that the file to watch out for at present is called sysdate.exe.  Here's a link with a little more info on it from threatexpert.com : http://www.threatexpert.com/files/sysdate.exe.html

    As soon as an analysis of the threat / toolkit / botnet / all components involved is complete, there will no doubt be more news on Symantec's Security Response site.  Stay tuned!

    In the meantime: here's a very good article about another botnet to be aware of: Zeus.  https://www-secure.symantec.com/connect/blogs/zeus-king-underground-crimeware-toolkits  The video is an excellent illustration of the danger that is currently in circulation from these botnets. 

    Thanks and best regards

    Mick


  • 5.  RE: New Botnet Does Symantec Dectect it

    Broadcom Employee
    Posted Sep 29, 2009 11:06 AM
    I want to know if we're covered or not ??


  • 6.  RE: New Botnet Does Symantec Dectect it

    Broadcom Employee
    Posted Sep 29, 2009 01:17 PM
    Mariposa is the name that one particular vendor uses for this threat.  It does not appear to be a name that any other vendor is using. If it becomes a name in common usage we will look to change the name of our signatures.

    It is not a single threat, but one with many variants.  Symantec does have protection from the many variants of this threat with W32.SillyFDC signatures.  We have been detecting the variants that uses the sysdate file since January of this year.  

    A technical write-up on  "Mariposa" can be read here: http://www.symantec.com/security_response/writeup.jsp?docid=2009-080707-4052-99


    Kevin


  • 7.  RE: New Botnet Does Symantec Dectect it

    Posted Oct 02, 2009 04:53 AM
    Hi Rick,

    I recalled taht you were interested in this topic, and thought you might like to know that Security Response have just written a new post specifically on  The Mariposa Butterfly

    To distinguish this particular family from W32.SillyFDC in general, a new designation has been created: W32.Pilleuz.  All the details are linked off the new blog post!

    Thanks and best regards,

    Mick


  • 8.  RE: New Botnet Does Symantec Dectect it

    Broadcom Employee
    Posted Mar 03, 2010 03:03 PM

    Here's a quote from a blog we wrote awhile back when we first announced Mariposa. It should help with understanding the botnet name versus the malware involved:

    "Our naming of this botnet as Mariposa has been a cause of concern for some. The confusion comes when antivirus companies or those using antivirus, search for the Mariposa name only to find no results. This is because Mariposa refers to the botnet and not the malware it utilizes."

    The entire blog is available here:
    Mariposa Defined

    A lot of other questions and a link to a more detailed analysis is available here:
    www.defintel.com

    Hope that helps,

    Matt