Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Deja Vu - Snow.A - Internet Security | DShield SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Deja Vu - Snow.A
Notable behavior - "drops and install WinPcap network drivers", "flood network with spoofed arp packets (arp poisoning) " and "appends its code to all .EXE files in all drives, including mapped network drives and removable disks. Thus, it is able to propagate via the network and removable drives, such as flash drives and floppy disks."

Other - "first attempts to infect files which are running processes", "its main .EXE component respawns when it is terminated, making termination more difficult."




165 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!