Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1109 Views 1 Reply Latest reply: Nov 6, 2013 10:49 AM by gfergus1 RSS
gene33 Newcomer 35 posts since
Jun 15, 2012
Currently Being Moderated

Nov 6, 2013 8:42 AM

CryptoLocker Signature?

Anyone have anything for this?  It looks like the paid snort subscription may have one, I'm considering getting one if McAfee doesn't come up with one soon.  Let me know your thoughts!

  • gfergus1 McAfee SME 125 posts since
    Nov 4, 2009
    Currently Being Moderated
    1. Nov 6, 2013 10:49 AM (in response to gene33)
    Re: CryptoLocker Signature?

    CryptoLocker Ransomware is a Malware attack more so than a Network Attack.


    Network Security Platform (NSP) includes or integrates with following to combat Malware related threats:

              Global Threat Intelligence (GTI) File reputation (formerly known as Artemis)

              Integration with Network Threat Behavior Analysis's (NTBA’s) Gateway Anti-Malware Engine (requires NSP 7.5.x & above)

              Integration with McAfee Advanced Threat Defense (ATD) (requires NSP 8.x)


    Depending how the CryptoLocker trojan is passed through the network does affect whether or not NSP (GTI) will be able to detect it.  If the Malware is in an archive then will need NSP 7.5.x or above and integration with NTBA Gateway Anti-Malware Engine in order to scan/detect the Malware because GTI will not in this instance.


    NTBA is a separate product from NSP but a valid contract for NSP does include coverage/licensing/support for at least one (1) Virtual instance of NTBA.  ATD is a separate product as well.  For information on these products I recommend contacting a McAfee Sales Representative or McAfee Reseller.


    In summary, the NSP does not have an Alert/Attack Signature for this Malware but does have means to detect/take action (GTI) or integrate with other products (NTBA or ATD) to detect and take actions against Malware.

More Like This

  • Retrieving data ...

Bookmarked By (0)


  • Correct Answers - 5 points
  • Helpful Answers - 3 points