Skip navigation
2797 Views 7 Replies Latest reply: Nov 8, 2013 8:49 AM by Philip Niegos RSS
Devin Patel Lurker 3 posts since
Oct 19, 2010
Currently Being Moderated

May 30, 2012 1:05 PM

Flame malware

Hi,

 

Is there a QID to detect recently discovered Flame malware? if not, will there be one?

 

-Dave

  • Robert Dell'Immagine Level 4 258 posts since
    Apr 26, 2010
    Currently Being Moderated
    May 31, 2012 1:28 PM (in response to Devin Patel)
    Flame malware

    Moved to VM area for better visibility.

  • Tim Pettigrew Level 1 17 posts since
    Jul 27, 2010
    Currently Being Moderated
    May 31, 2012 2:43 PM (in response to Devin Patel)
    Flame malware

    I opened a ticket the other day to ask the same question.  The reply I received said "Qualys is staying clear of worms or other malware detections in Vuylnerability Management as a product decision."

     

     

    -Tim

  • Craig Kagawa Level 2 31 posts since
    Nov 18, 2010
    Currently Being Moderated
    May 31, 2012 4:54 PM (in response to Devin Patel)
    Flame malware

    Hi Devin,

     

    The Flame malware appears to be leveraging two older Microsoft vulnerabilities that were patched back in 2010. 

    (Microsoft Security Bulletin’s MS10-046 and MS10-061). You can verify with QualysGuard that you do not have these unpatched vulnerabilities which Flame has been known to use.

     

    QID 90616 "Microsoft Windows Shell Remote Code Execution Vulnerability (MS10-046 and KB2286198)"

    QID 90636 "Microsoft Windows Print Spooler Remote Code Execution Vulnerability (MS10-061)"

     

    The following QIDs can also be helpful too.

    QID 105294 "Antivirus Product Not Detected on the Windows Host"

    QID 105336 "Firewall Product Not Detected on Windows Host"

     

    To help assist to detect the Flame malware, please ensure your QualysGuard scanner is at Vulnerability Signatures version: 2.2.139-2 or higher and use QID 1244 "Win32.Flame Detected".

     

    If you need further assistance please don't hesitate to contact Support.

     

    -Craig

    • Robert Dell'Immagine Level 4 258 posts since
      Apr 26, 2010
      Currently Being Moderated
      Nov 7, 2013 12:54 PM (in response to Craig Kagawa)
      Flame malware

      Regarding these two QIDs:

      QID 105294 "Antivirus Product Not Detected on the Windows Host"

      QID 105327 "Antivirus Product Detected on the Windows Host"

       

      They both currently detect these AV products:

      AVG Antivirus

      CA eTrust Antivirus

      F-Secure Antivirus

      Kaspersky Antivirus

      McAfee Antivirus

      Network Associates Antivirus

      Sophos Antivirus Scanner

      Symantec Norton Antivirus Corporate Edition

      Symantec Norton Antivirus Personal Edition

      Symantec Endpoint Protection

      TrendMicro Antivirus

      ESET Antivirus Scanner

      Microsoft Windows Defender

      Clam Antivirus

       

      Checks for additional AV products can be added if customers request them.

      • Philip Niegos Level 2 55 posts since
        Aug 11, 2011
        Currently Being Moderated
        Nov 8, 2013 8:47 AM (in response to Robert Dell'Immagine)
        Flame malware

        One Additional Note:

         

        The QualysGuard Vulnerability Management Application does contain detections for many different types of malware.

         

        To find there associated QIDs, simply use the KnowledgeBase Search tool, and select the Category drop-down option called "Backdoors and Trojan Horses".

         

        Additionally, the QualysGuard Malware Detections Service (MDS) is now a standard component in QualysGuard WAS v3 and greater.  MDS use both signature-based and advanced "behavioral" detection techniques to identify malware on EXTERNAL facing Web Applications and Web sites.

  • Philip Niegos Level 2 55 posts since
    Aug 11, 2011
    Currently Being Moderated
    Nov 8, 2013 8:49 AM (in response to Devin Patel)
    Flame malware

    Devin,

     

    QID 1244 - Win32.Flame Detected

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points