Skip to main content
Currently there is a lot to do in our country about the citadel virus. According to news sources, some 150.000 PC have been effected and have been part of a botnet. PC's including those of government, industry and public sector and some privately owned.

 

What worries me a lot, and frankly I don't understand, is that this virus stayed undetected for months while that many PC with undoubtedly many different AV packages were (being) infected. It is known that the attacker got hold of some 750 Gigabytes of data.

 

As I understand it, this one is using a 'man in the browser' type of attack. Webroot has many, much appreciated, controls to manage exe type of files and/or named processes. I see none, however, for controlling browser hooks. How well does WR protect against these kind of attacks? Anybody know whether WR indeed detected a citadel or man in the browser based virus?
Hi Dick,

 

Webroot SecureAnywhere protects all major browsers from man-in-the-browser (MitB) attacks with the ID Shield. 

The ID shield both hardens existing browser security features and also prevents untrusted processes from making critical modifications. Attitudinally, you can protect any program with the ID Shield by adding it to the list of protected applications in  the ID Shield settings.

 

With respect to Citadel, WSA does detect this family of trojans.

What has makes this infection (and others like it such as Zeus and Spy Eye) so difficult for traditional AV's, is that there are so many variants; and very often variants are missed in the sample collection process so researchers lack an opportunity to create a signature.

In this respect, WSA is very different. We ensure all files seen by our customers are seen by our research team - nothing slips through the cracks.

 

You can read more about this approach in another post on the community https:///t5/Security-Industry-News/Novel-Approach-to-Security-Intelligence-in-today-s-Threat/m-p/20918

Reply