How do I detect and remove the S_Gozi infection?
Posted on 2012-08-23
I have been informed by Spamhaus that the IP address we use for corporate email has communicated with a known spam site and is either infected by, or NATing for, a computer that is infected by the S_Gozi trojan / downloader.
It states that the infection is extremely difficult to detect and is not seen by most commercial AV or EndPoint protection suites. We are using McAfee Enterprise and all of the computers on the system are clean according to that.
What particular tracks does this infection leave on a machine? How do I detect and remove it? Is there a tool that works for finding this infection?