Dan Wolff is on the McAfee Endpoint Security Product team responsible for core Endpoint Security products including ...
Like Zeus, it appears that Operation High Roller is a banking trojan much more advanced in terms of quality, applicability to broad platforms and automation. Its ability to scale far beyond current banking malware is of great concern. So you want to know what you can do now to protect yourself? Here are some tips that we will update as we know more:
Since High Roller appears to be introduced via a malicious website or social engineering attack, McAfee SiteAdvisor Enterprise and McAfee Web Gateway can prevent users from accessing malicious host sites. McAfee Host Intrusion Prevention (HIPS) can block drive-by vulnerability exploits, preventing the malware from running for the first time on a target machine. McAfee Application Control can prevent any unknown or unapproved application from being installed or allowed to run. McAfee VirusScan Enterprise protects the machine from any known variants. McAfee Deep Defender will block the vast majority of kernel mode rootkits that High Roller variants may contain, day zero, with no need to update any signatures. Additionally, both McAfee VirusScan Enterprise and McAfee Host Intrusion Prevention prevent registry modifications and other configuration changes. And finally the McAfee Desktop Firewall can block outbound command and control communication to sites deemed malicious by McAfee Global Threat Intelligence technology.
Read the full report on Operation High Roller here:
For more on the four phases of every attack, please see my blog:
And more detail about protecting yourself against the 4 phases of every attack is here:
More on High Roller as it comes out.