Detection of CryptoLocker and Nymaim?

Does F-Secure AV/IS have detection for these 2 nasties? Can the online scanner remove these 2 ?

 

Although Win32/TrojanDownloader.Nymaim is a Trojan downloader, it also exhibits ransomware features similar to CryptoLocker.

 

Maybe the Ransomware page could be updated?; http://www.f-secure.com/en/web/labs_global/removal/removing-ransomware

 

 

Comments

  • BlackcatBlackcat Posts: 511

    Paolo hs just answered over on the Ransomware Q & A; http://community.f-secure.com/t5/Stop-Ransomware/Hi-does-F-Secure-IS-2014-detect/qaq-p/34281/comment-id/30#M30 (also shown below in Recommended).

     

    "our products have several detections meant to address these families"

     

    But again, the advice is to also have a good backup in place.

     

  • FendyFendy Posts: 67

    Hi Blackcat,

     

    As stated by Paolo, yes we do have several detections meant to address these families But the the real problem is, as malware authors keep adding new variants, then time is needed for us to come with an updated detection. By creating a variant, malware authors can increase the longevity of the virus's original code while still technically generating a new, unrecognizable virus.

     

    To explain it another way, suppose we have detection for Cryptolocker.A and Cryptolocker.B. Then a week later, the malware author writes a new variant of Cryptolocker, which is Cryptolocker.C.

     

    So F-Secure will not be able to protect computers from Cryptolocker.C until we have released an updated virus definition update that contains detection for this new variant.

     

    We also recommend our users to make sure all the softwares (especially Java, Adobe Reader, Flash, Windows, IE) are up to date. Otherwise the can be easily exploited by malware authors in order to plant ransomware and other type of malwares:


    http://www.csoonline.com/article/728306/f-secure-declares-2012-year-of-the-exploit-

     

    ---
    Best regards,
    Fendy

     

    Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

    ChrissySilenceIsGolden
  • NikKNikK Posts: 935 Rock Star

    "We also recommend our users to make sure all the softwares (especially Java, Adobe Reader, Flash, Windows, IE) are up to date. Otherwise the can be easily exploited by malware authors in order to plant ransomware and other type of malwares"

     

    There's a great free product for blocking exploits: http://microsoft.com/emet

    I recommend it to any tech user.

This discussion has been closed.