McAfee Labs Security Advisory: MTIS09-131

Version 1

    December 15, 2009

    MTIS09-131
    Executive Summary
    Since the last McAfee® Labs Security Advisory (December 12), the following noteworthy events have taken place:
    • The BackDoor-DOQ.gen.y Trojan has gained media attention.
    • McAfee product coverage has been updated for the FakeAlert-DefenceLab Trojan.

    McAfee product coverage for these events:

    McAfee Product Coverage *
    ThreatName     Impor-
    tance
    DAT  BOP  Host
    IPS
    McAfee
    Network
    Security
    Platform
    McAfee
    Vulnerability
    Manager
    MNAC 2.xMcAfee
    Remediation
    Manager
    McAfee
    Policy
    Auditor
    SCAP
    MNAC
    SCAP
    MTIS09-131-ABackDoor-DOQ.gen.y

    Low

    Yes

    N/A

    N/A

    N/A

    N/A

    No

    N/A

    N/A

    No



    McAfee Product Coverage Updates *
    ThreatAdvisoryImpor-
    tance
    DAT  BOP  Host
    IPS
    McAfee
    Network
    Security
    Platform
    McAfee
    Vulnerability
    Manager
    MNAC 2.xMcAfee
    Remediation
    Manager
    McAfee
    Policy
    Auditor
    SCAP
    MNAC
    SCAP
    MTIS09-130-A
    FakeAlert-DefenceLab
    Previous

    Low

    UA

    UA

    UA

    N/A

    UA

    UA

    N/A

    UA

    UA

    Current

    Low

    Yes

    UA

    UA

    N/A

    No

    No

    N/A

    N/A

    No

    BackDoor-DOQ.gen.y Trojan[MTIS09-131-A]
     
    Threat Identifier(s)BackDoor-DOQ.gen.y
    Threat TypeMalware
    Risk AssessmentLow-profiled
    Main Threat VectorsWeb
    User Interaction RequiredYes
    Description
    BackDoor-DOQ.gen.y is a Trojan that installs itself as a system service. This Trojan also downloads additional malware programs from various websites.
    ImportanceLow. This threat has gained media attention.
    McAfee Product Coverage *
       DAT filesCoverage is provided as BackDoor-DOQ.gen.y in the 5830 DATs, released December 12.
       VSE BOPOut of scope
       Host IPSOut of scope
       McAfee Network Security
       Platform
    Out of scope
       McAfee Vulnerability
       Manager
    Out of scope
       MNAC 2.xOut of scope
       McAfee Remediation
       Manager
    Out of scope
       McAfee Policy Auditor SCAPOut of scope
       MNAC SCAPOut of scope
    Additional InformationMcAfee: BackDoor-DOQ.gen.y Trojan
    The Register: Potent malware link infects almost 300,000 webpages

    Back to top
    FakeAlert-DefenceLab[MTIS09-130-A]
     
    Threat Identifier(s)FakeAlert-DefenceLab
    Threat TypeMalware
    Risk AssessmentLow-profiled
    Main Threat VectorsWeb
    User Interaction RequiredYes
    Description
    The FakeAlert-DefenceLab Trojan conducts a fake scan of a system and generates fake messages reporting infections. The Trojan encourages victims to purchase a registered copy of the product to clean those infections. Unsuspecting users may respond to these scare tactics.
    ImportanceLow. This threat has gained media attention.
    McAfee Product Coverage *
       DAT filesCoverage is provided as FakeAlert-DefenceLab in the 5829 DATs, released December 11.
       VSE BOPUnder analysis
       Host IPSUnder analysis
       McAfee Network Security
       Platform
    Out of scope
       McAfee Vulnerability
       Manager
    Out of scope
       MNAC 2.xOut of scope
       McAfee Remediation
       Manager
    Out of scope
       McAfee Policy Auditor SCAPOut of scope
       MNAC SCAPOut of scope
    Additional InformationThe Register: Scareware slingers flaunt fake MS endorsement
    McAfee: FakeAlert-DefenceLab

    Back to top
    Detailed descriptions of the Security Advisories can be found in the Users Guide: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_UsersGuid e.pdf

    For more information on McAfee Avert Labs Security Advisories, see: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_FAQ.pdf

    For McAfee Technical Support, click here.

    For Multi-National Phone Support, click here.

    McAfee values your feedback on this Security Advisory. Please reply to this mail with your comments.

    *The information provided is only for the use and convenience of McAfee's customers in connection with their McAfee products, and applies only to the threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.

    The information contained herein is the property of McAfee, Inc. and may not be reproduced or disseminated without the expressed written consent of McAfee, Inc.

    McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

    McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054 888.847.8766 www.mcafee.com

    ® 2009 McAfee, Inc. All rights reserved.