Zero-Day Malware Alert: FormBook


March 7, 2018 02:00 PM

Radware Cloud Malware Protection Service has detected and blocked a new evasive zero-day malware: a new variant of the FormBook malware family.

This is a high-risk malware specifically crafted for stealing sensitive business data. The new variant is using combination of decoy (spoofed) hosts and a new command-&-control (C&C) server address to evade existing anti-malware defenses.

The new C&C address detected is ceroton[.]in

Radware recommends updating gateways and firewalls to block this C&C.

Customers of Radware Cloud Malware Protection Service are already fully protected from this malware through the real-time C&C API feed of the service.

Effective Malware Protection Essentials

Defeating zero-day malware is no easy task, but there are several key steps you can take to severely limit its impact:

  1. Apply multi-layer defenses: Combine endpoint defenses (such as anti-virus software) with network-layer protection such as firewalls, secure web gateways and more. Only multi-layered protection ensures complete coverage.
  2. Focus on zero-day malware: Zero-day malware accounts for up to 50% of malware currently in circulation. Zero-day malware frequently goes unrecognized by existing anti-malware defenses and is a major source of data loss. Anti-malware defense mechanisms that focus squarely on identifying and detecting zero-day malwares is a must have.
  3. Implement traffic analysis: Data theft malware attacks take aim at the entire network to steal sensitive data. Although infection might originate from user endpoints, it is typically the aim of attackers to expand to network resources as well. Make sure your defenses maintain a holistic view of the entire network and analyze what is happening.
  4. Leverage big data: A key ingredient in detecting zero-day malware is the ability to collect data from a broad information base amassed over time. This allows defenders to detect malware activity on a global scale and correlate seemingly unrelated activities to track malware development and evolution.

Learn more about Radware Cloud Malware Protection Service and how it can help safeguard your network from evasive data-theft malware.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center