Can you tell me if F-Secure have rolled out a signature to detect and delete the Citadel Botnet as mentioned here
thanks for your advice
Citadel banking trojan (and Zeus which it derived from) has been known for more than a year already. Please check our H1/2012 threat report (http://www.f-secure.com/static/doc/labs_global/Research/Threat_Report_H1_2012.pdf). If you are using our latest software with DeepGuard4 technology, then you shouldn't worry about it. On systems running the old versions or no anti-virus at all, you can check them with our Online Scanner (http://www.f-secure.com/en/web/home_global/online-scanner). Also, make sure you have the OS and applications fully patched on your computers.
Many thanks for you reply. Just a bit more information from me to make sure we are covered.
We are running F-Secure Client Security 9.20 build 274 on our estate.
The Deepguard version we are using is F-Secure DeepGuard 3.00 build 190 and I would also add that we are receiving these error alerts
Message: DeepGuard configuration was rejected. Old configuration will be used if possible.
Error code: XML parse failed!
The main question I would like answering though is what is the infection name for this signature (for example: Exploit:Java/Majava.B)
I appreciate your help in this matter
I am not the malware researcher, but as far as I remember Citadel trojan could be dropped to the system via Java or PDF exploits. Java/Majava.B could be one of those.
I would strongly recommend you to upgrade to the latest version of Client Security. DeepGuard has been significantly improved in Client Security 10 and can block exploits more effectively.