Citadel Botnet

Good Afternoon,

Can you tell me if F-Secure have rolled out a signature to detect and delete the Citadel Botnet as mentioned here

 

http://www.theregister.co.uk/2013/06/06/microsoft_feds_breach_citadel_botnets/

 

thanks for your advice

Comments

  • SocBoySocBoy Posts: 3

    Further info,

     

    after confirmation could you tell me what the signature name is so we can check our systems.

     

     

  • DmitriyDmitriy Posts: 212 F-Secure Employee

    Citadel banking trojan (and Zeus which it derived from) has been known for more than a year already. Please check our H1/2012 threat report (http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H1_2012.pdf). If you are using our latest software with DeepGuard4 technology, then you shouldn't worry about it. On systems running the old versions or no anti-virus at all, you can check them with our Online Scanner (http://www.f-secure.com/en/web/home_global/online-scanner). Also, make sure you have the OS and applications fully patched on your computers.

  • SocBoySocBoy Posts: 3

    Hi,

    Many thanks for you reply. Just a bit more information from me to make sure we are covered.

    We are running F-Secure Client Security 9.20 build 274 on our estate.

     

    The Deepguard version we are using is F-Secure DeepGuard 3.00 build 190 and I would also add that we are receiving these error alerts

    Message: DeepGuard configuration was rejected. Old configuration will be used if possible.

    Error code: XML parse failed!

     

    The main question I would like answering though is what is the infection name for this signature (for example: Exploit:Java/Majava.B)

     

    I appreciate your help in this matter

     

    Regards,

  • DmitriyDmitriy Posts: 212 F-Secure Employee

    Hi,

     

    I am not the malware researcher, but as far as I remember Citadel trojan could be dropped to the system via Java or PDF exploits. Java/Majava.B could be one of those.

     

    I would strongly recommend you to upgrade to the latest version of Client Security. DeepGuard has been significantly improved in Client Security 10 and can block exploits more effectively.

This discussion has been closed.