Endpoint Protection

Mcafee recently released an emergency dat for W32/DistTrack, has Symantec addressed this?

I would like this information as well.  I see nothing on security response about this.

Bump

Does anyone have any further information on this threat type as there is nothing in the NAI files for this at present.

 

Cheers

 

Fal

Here is the Mcafee KB article, https://kc.mcafee.com/corporate/index?page=content&id=KB75963

The problem is the naming convention is different so Symantec may have something for it, just under a different name.

Brian, that's what the "Also Known As" in the write-up is for.

hi,

Yesterday Symantec has added detection for a new worm that collects system information and steals user credentials.

https://www-secure.symantec.com/connect/forums/w32gauss

I strongly believe that is not the same.

I suspect that this virus yesterday attack on Saudi Aramco. Deos any one know what this virus name in Symantec virus data base ?. Thanks in advance.

This virus wipe out complete hard disk within 5 minute. Can you please check what this virus name in symantec.

 

Symantec Security Response has posted a public writeup on W32.DistTrack:

http://www.symantec.com/security_response/writeup.jsp?docid=2012-081608-0202-99&om_rssid=sr-mixed30days

The right way to proceed is to submit a sample. Since the naming conventions are different you cannot know what this is unless it is something huge like downadup etc.

How to Use the Web Submission Process to Submit Suspicious Files

http://www.symantec.com/business/support/index?page=content&id=TECH102419

 

Submit the sample and symantec will give you the details.

You can also use

http://www.threatexpert.com/submit.aspx

 

Hi,

Symantec Security Response has analyzed the related sample(s) and detection is added as W32.DistTrack.  Rapid Release definitions sequence#: 136853 & above will include the detection.

Symantec Security Response has posted a public writeup on W32.DistTrack:

http://www.symantec.com/security_response/writeup.jsp?docid=2012-081608-0202-99&om_rssid=sr-mixed30days

The write-up will be updated as necessary.

even Downadup got alias of Kido and Conficker :)

A blog has been published by Symantec Security Response on this targeted attack.

http://www.symantec.com/connect/blogs/shamoon-attacks

 

Hello Folks, 

The offical Symantec writeup for this threat can be found here.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-081608-0202-99&om_rssid=sr-mixed30days

 

Blog on the natuer of the targted attack can be found here

http://www.symantec.com/connect/blogs/shamoon-attacks

 

 

"Thumbs up" to teh advice, above.

Note that this threat spreads by network shares.  It is a crucial best practice that access to network shares be locked down / password protected and access limited to those who need it.   

Thank you, Symantec for a quick turnaround on this.