Software feedback > RogueKiller PREMIUM

Does Rogus Killer guard against Purple Fox Roootkit / Worm?

(1/1)

mark.reed@ntebb.no:
See for example https://www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/

Curson:
Hi Mark,

Welcome to Adlice.com forum.

We were not able to get any Purple Fox malware payloads, so I can't answer you with certainty.
However, I can provide you some insights at what point, RogueKiller will trigger an alert. I will refer to the Guardicore tehnical as a reference.

The MSI/MOE installer being launched from a SMB drive will normally be detected as [Suspicious.Path].
The encrypted file containing the rootkit will be detected by MalPE, our heuristic engine.

Unfortunately, Guardicore does not provide any indication about the DLL payloads (winupdate64/winupdate32), so I don't have any clue about them.

Regards.

Navigation

[0] Message Index

Go to full version