Rombertik

These forums are retired and read-only.
Forum rules
These forums are retired and read-only.
For support, please visit https://www.d7xtech.com/support/

Rombertik

Postby Splendidbiz » Tue May 05, 2015 6:49 pm

http://blogs.cisco.com/security/talos/rombertik

From what I have read on this nasty bit of code, this is something that appears to already be blocked by CryptoPrevent? If not, I would imagine this is something you would aim to block, and in short order?

Thanks.
Splendidbiz
 
Posts: 1
Joined: Tue May 05, 2015 6:44 pm

Re: Rombertik

Postby Huskylogic » Wed May 06, 2015 6:45 pm

Does anyone know? Does crypto-prevent block this?
Strive not to be a success, but rather to be of value. –Albert Einstein
Huskylogic
Forum Moderator
 
Posts: 53
Joined: Sun May 03, 2015 11:32 pm
Location: Grand Island, NY

Re: Rombertik

Postby bored369 » Mon May 11, 2015 1:59 am

If the SCR that starts the infection is in the hash definitions it should be blocked as long as the Constant or Suspicious filtering is enabled for SCR. I'll have to track down a sample to see if we can test it and find out for sure.
Chief Operating Officer, dSupportOnline official support of Foolish IT
& long time tech friend of Nick & avid Foolish IT product user since before Foolish IT was even created!

Image
User avatar
bored369
d7xTech Staff
 
Posts: 183
Joined: Sat Feb 01, 2014 6:57 am
Location: Anderson, SC


Return to CryptoPrevent for Home Users