Recently we have seen a rash of this variant W97M/Downloader.cyv of this known threat.
Just wondering about this variant of the W97M/Downloader Trojan. We have the document McAfee Labs Threat Advisory - W97MDownloader and X97MDownloader.pdf
It is very thorough. I was wondering if there was updated information that could pertain to any additional steps to take. For example new sites to block, new rules to add or any other data that could help in making sure we are safe from this attack.
Hi, thanks, but not finding that hash. This .cyv detection name covers a number of hashes so can you please paste the detail from the log / ePO so we can confirm if it was via dat / ed / tie / gti ?
If you are seeing a number of detection`s for the same variant , may be worth running a report as per : How to build a Threat Source report for VirusScan Enterprise in ePolicy Orchestrator . Technical Articles ID: KB81336