virus logo Intrusion Prevention

Cisco.SYNful.Knock

description-logoDescription

This indicates that a system might be infected by Cisco SYNful Knock Malware.
SYNful Knock is a malware that is implanted into Cisco firmware images. Users that executes the images will be infected leading to a persistence presence within a victim's network.

affected-products-logoAffected Products

Cisco Routers

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

If required, the signature's action can be set to "Block".
Refer to the vendor's advisory for updates:
http://www.cisco.com/web/about/security/intelligence/ERP_SYNfulKnock.html

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis0.html https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html
ID 41402
Created Sep 30, 2015
Updated May 05, 2016
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID
Default Action pass
Active