virus logo Intrusion Prevention

Cisco.SYNful.Knock

description-logoDescription

This indicates that a system might be infected by Cisco SYNful Knock Malware.
SYNful Knock is a malware that is implanted into Cisco firmware images. Users that executes the images will be infected leading to a persistence presence within a victim's network. All botnet signatures from FortiOS 5.6 onwards are under IPS, and have their default action set to "Block".

affected-products-logoAffected Products

Cisco Routers

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

If required, the signature's action can be set to "Block".
Refer to the vendor's advisory for updates:
http://www.cisco.com/web/about/security/intelligence/ERP_SYNfulKnock.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html
ID 41402
Created Sep 30, 2015
Updated Dec 02, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Default Action drop
Active
Affected OS Other
Affected App Cisco
Profile Type Malware