This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Mirai Malware for Windows Definition

Since the Mirai botnet attack in Late 2016, there has since been a couple articles published on a new type that infects Windows machines, which is based on the Linux version for IoT. I think it is being referenced as "Trojan.Mirai.1". I was wondering if Sophos currently has a detection signature for this, and if it is available in the newest Endpoint definitions.

Thanks.



This thread was automatically locked due to age.
  • Hello it_weasel15,

    understandable question but IMO questions like this one are, well, insubstantial (no insult intended) for several reasons:

    • if at all the question is valid only for a very short time after a new threat has surfaced as every vendor strives to add appropriate detections to their products
    • when a threat is new it might show unexpected variations and no one can reliably predict whether yesterday's detection will catch today's variant
    • one a threat-family is sufficiently known (usually several days to a few weeks) there's a period where the question is - is your AV software up-to-date?
    • as long as a threat is "maintained" it's likely that it's adapted to evade the newest detections

    Given that Mirai isn't breaking news I'd say you can expect adequate protection with the limitations mentioned above.
    Some nit-picking: currently - you mean already. don't you? Definitions/detections once added are never removed though they might be consolidated, renamed, or reclassified. newest - definitions are constantly added several times a day, every few hours and thus newest isn't really meaningful.

    To your question, if you search the main site for Mirai you'll get quite a number of hits (although the majority are just the same references on different pages). Won't recommend a specific article as more than one is worth reading.

    Christian