Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 9 subscribers
  • Views 14190 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protect against malware Adrozek?

David Grandolfo

Good afternoon, 

I would like to confirm if the machine-learning feature of Sophos can protect us againts the new major browser malware Adrozek. 

Further information about can be find here:

https://arstechnica.com/information-technology/2020/12/ongoing-malware-attacks-are-hitting-users-of-4-major-browsers/

Detailed one : https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers

My understanding is that a standard signature protection can't beat the countermesure Adrozek are taking.

Also I'm not sure blocking  Audiolava.exe, QuickAudio.exe, and converter.exe can a real protection here.

That said, in this one I need your help to tell me if Sophos already have something against it or if I need to look at something else to block it.

Regards,



This thread was automatically locked due to age.

Top Replies

  • in reply to David Grandolfo +1 verified

    Hi David,

    As Glenn stated - we are using both forms to detect the malicious element. So, for some scenarios the static detection will prevent the action and in others (based on how the malware is executing) the ML portion of the product will catch it.

    In general, we use a Defense in Depth approach to our product to provide optimal protection.

    Jump to answer
Parents
  • 0

    Hi ,

    Based with our labs team confirmation, we are detecting the files through generic malware detection (Troj/Agent-BEQV) and also through ML based detection.
    In addition There is no mention of hashes or IPs on Microsoft blog. To help us strengthened the protection that we can offer for this type of Malware, Please submit to us any sample file related to this malware in order for our labs team to further check to it. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
Reply
  • 0

    Hi ,

    Based with our labs team confirmation, we are detecting the files through generic malware detection (Troj/Agent-BEQV) and also through ML based detection.
    In addition There is no mention of hashes or IPs on Microsoft blog. To help us strengthened the protection that we can offer for this type of Malware, Please submit to us any sample file related to this malware in order for our labs team to further check to it. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer | Global Community and Digital Customer Support
    Connect, Engage, Earn Rewards - Join the Sophos Community
Children
No Data