Protect a network from Gameover Zeus (GOZ) and CryptoLocker malware

book

Article ID: 168435

calendar_today

Updated On:

Products

ProxyAV Software - AVOS Malware Analysis Software - MA Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You would like to know if we can use our ProxySG/ASG and ProxyAV to block this malware or do we need additional equipment such as SSLVA appliance.

Resolution

To block cryptolocker or gameover zeus, our MAA (https://www.symantec.com/products/atp-content-malware-analysis) appliance would be needed and also the ProxySG/ASG will need to enable SSL Interception as the malware traffic is traveling via SSL. The SSL Intercept is to break down to see the traffic and the MAA is to detect the malware. You’ll need to refer to our Bluecoat SE for further details on this MAA devices if you are planning to implement in your environment.

If want to block this malware from being downloaded from websites, then the Blue Coat Web Filter (BCWF) and WebPulse would help but this is if the site has been reviewed and categorized; then the proxy can just deny users access to the site if configured. If those sites are new and has not been categorized yet, then it might still pass through. So best bet is to use the MAA appliance mentioned above.


Additional notes: Another options to decrypt SSL traffic are by installing SSLVA (https://www.symantec.com/products/ssl-visibility-appliance) into your environment. The benefit of having SSLVA is that its allow to decrypt and analyze the content of SSL traffic as required. You may refer to our Symantec SE for further details on this SSLVA device if you want to know more.