Re: Can someone confirm whether Juniper IPS has signature for Monero Mining Malware?
I would not expect the IPS to block this kind of malware.
This is more a task for the AV-engine or the Sky ATP file emulation service combined with the threatfeed for C&C servers (actually I do not know if C&C for crypto miners are in this category, you will have to ask Juniper SE's to get this information).
It could also to some extend be accomplished by the enhanced webfilter blocking categories like "Compromised Websites", "Suspicious Content", "Bot Networks", "Potentially Unwanted Software" or similar.
It's look like the signture attack just been released yesterday. So my second question how to check whether this signature attack already bundle into "Recommnded" policy template or not. Because currently i'm using "Recommended" polic template. Appreciate any one feedback
srx5800> show security idp attack detail HTTP:BIT-COIN-MINING Display Name: HTTP: Bit-Coin Cryptocurrency Mining Severity: Major Category: HTTP Recommended: true Recommended Action: Drop Type: signature Direction: CTS False Positives: unknown Shellcode: no Flow: control Context: http-first-data-chunk Negate: false TimeBinding: Scope: none Count: 1 Hidden Pattern: True Pattern: Protected