Cisco malware-detection tool

Cisco has a new tool to help with malware detection:

The most recent addition to the toolkit Cisco is providing customers comes after the Cisco PSIRT worked with internal teams and customers to acquire copies of the malware. Talos has now developed a tool for customers to scan their own network to identify routers that may have been compromised by this specific malware. The tool works by scanning devices and networks, looking for routers answering the SYNful Knock malware. Note: This tool can only detect hosts responding to the malware “knock” as it is known at a particular point in time. This tool can be used to help detect and triage known compromises of infrastructure, but it cannot establish that a network does not have malware that might have evolved to use a different set of signatures. The tool was developed in Python and requires Python version 2.7 along with the scapy v2.3.1 packet manipulation library. During its operation, the tool injects custom crafted packets at the Ethernet layer (layer 2) and monitors and parses the responses. This functionality requires that the tool be run with root privileges.

http://blogs.cisco.com/security/talos/sysadmin-phish

http://blogs.cisco.com/talos

http://blogs.cisco.com/security/talos/synful-scanner

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s