Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Does Symantec have a signature to protect against this worm?

  • 1.  Does Symantec have a signature to protect against this worm?



  • 2.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 28, 2012 01:29 PM

    Yes, see here:

    https://www.symantec.com/security_response/writeup.jsp?docid=2011-031106-4835-99



  • 3.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 28, 2012 01:45 PM

    But this is a year old.



  • 4.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 28, 2012 02:06 PM

    The problem is all the companies use a different naming convention. So you would need to call Symantec as they probably have it internally.



  • 5.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 28, 2012 02:19 PM

    It looks very close to the W32.Changeup article update that Symantec released yesterday:

    https://www-secure.symantec.com/connect/pt-br/blogs/w32changeup-malicious-gift-keeps-giving

    The worm itself is old, but a new variant has kicked up the detections again.  Symantec just modified existing signatures, whereas McAfee added variant label to their signatures.



  • 6.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 28, 2012 02:21 PM

    Yep, looks to be the same



  • 7.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 28, 2012 02:34 PM

    I dont think yet,..

    http://r.virscan.org/7d0c47e7183abd92ea3f58f0a587bec1

    Good Luck!

     



  • 8.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 28, 2012 07:27 PM

    Generic BackDoor.wc
    W32/Autorun.worm.aaeb

    Macfee has relase the patch today any patch is relase by symantec......

     

     



  • 9.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 29, 2012 04:16 AM

    When wil symantec release something for this?



  • 10.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 29, 2012 04:52 AM

    Definitions and IPS signatures are available now, if this is indeed W32.Changeup.  We have the following protections in place for the latest version of W32.Changeup:

    Antivirus

    •W32.Changeup
    •W32.Changeup!gen22
    •W32.Changeup!gen23


    Intrusion Prevention System

    System Infected: W32.Changeup Worm Activity

     

    There is also a list of servers that can be locked at the firewall level, and advice on how to prevent the spread of autorun threats and lock down Windows network shares.

    W32.Changeup – A Malicious Gift That Keeps On Giving
    https://www-secure.symantec.com/connect/blogs/w32changeup-malicious-gift-keeps-giving



  • 11.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 29, 2012 04:54 AM

    Thank you for the response on this Mick2009!



  • 12.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 29, 2012 04:58 AM

    Glad to help!

    If anyone does encounter any suspicious files they feel may be related to this (or any other threat), please do submit them to Security Response for analysis! 

    Here are some good general recommendations on how to stay safe:

    http://www.symantec.com/theme.jsp?themeid=stopping_malware&depthpath=0



  • 13.  RE: Does Symantec have a signature to protect against this worm?

    Posted Nov 30, 2012 07:02 PM

    A new blog post that will be of interest:

    https://www-secure.symantec.com/connect/blogs/w32changeup-keeps-giving