Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 276 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FBI Moneypak

Tamizpa

I've been having several desktops at my work get the FBI Moneypak malware. Sophos is up to date on the client's pc.    Version 10.0   I've been having to have to clean it up with Malwarebytes and that removes it fine, but I want to know why Sophos isn't catching it.  We are running Windows XP Service Pack 3.  

:34643


This thread was automatically locked due to age.
Parents
  • 0

    Hello Tamizpa,

    why Sophos isn't catching it

    different strategies. I'm not an expert but I guess "removal" tools sometimes work their way backwards - e.g. examine certain registry keys, search for associated executables and if they look fishy assume they are malware. This doesn't prevent infection in the first place though (and nevertheless cleanup isn't as simple as it sounds and I don't belittle such software).

    Sophos (and other vendors) might not catch a particular malware because it is not (yet) known to them - even "heuristic" methods can't catch all malware (otherwise the writers would have given up already). Malware writers usually don't send samples to AV vendors - on the contrary, some effort is made to evade honeypots and automated collection. Thus if you encounter a "something" your AV doesn't recognize, try to obtain a sample and send it in (with Sophos it usually takes just a very few hours until updated definitions are available - and automatically downloaded by the endpoints). 

    It also depends on whether you scan for suspicious files and enable HIPS or not. Most "unknown" variations don't go completely undetected if these options are enabled (and in many cases are prevented from "fulfilling their evil task").

    Christian 

    :34683
Reply
  • 0

    Hello Tamizpa,

    why Sophos isn't catching it

    different strategies. I'm not an expert but I guess "removal" tools sometimes work their way backwards - e.g. examine certain registry keys, search for associated executables and if they look fishy assume they are malware. This doesn't prevent infection in the first place though (and nevertheless cleanup isn't as simple as it sounds and I don't belittle such software).

    Sophos (and other vendors) might not catch a particular malware because it is not (yet) known to them - even "heuristic" methods can't catch all malware (otherwise the writers would have given up already). Malware writers usually don't send samples to AV vendors - on the contrary, some effort is made to evade honeypots and automated collection. Thus if you encounter a "something" your AV doesn't recognize, try to obtain a sample and send it in (with Sophos it usually takes just a very few hours until updated definitions are available - and automatically downloaded by the endpoints). 

    It also depends on whether you scan for suspicious files and enable HIPS or not. Most "unknown" variations don't go completely undetected if these options are enabled (and in many cases are prevented from "fulfilling their evil task").

    Christian 

    :34683
Children
No Data