Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking Phish-BankFraud.eml.a

What signature works for blocking/shunning emails with this Trojan in it?

1 REPLY
Cisco Employee

Re: Blocking Phish-BankFraud.eml.a

The short answer, there is no specific signature for this.

If I look at McAfee's definition of the "trojan", it's really a heuristic detection mechanism to block a large percentage of the "phishing" emails. So this isn't really a particular trojan, but rather a class of things. The messages themselves spread via email (not through some sort of OS/system vulnerability) and require user interaction.

Normally, we write signatures for vulnerabilities themselves so that a single signature catches numerous variants of a worm/trojan. Numerous worms make use of the RPC DCOM and LSASS vulnerbilities to spread - rather than seperate signatures for each and every variant, we have a couple signatures that capture all of them and help you isolate the machines that are infected and help stop the spread. There are instances where we will write virus/worm specific signatures - we partner with Trend and virus/worms that are bumped to medium or high severity levels will result in a signature from us.

225
Views
0
Helpful
1
Replies
CreatePlease login to create content