McAfee Labs Security Advisory: MTIS10-013

Version 1

    Executive Summary


    Since the last McAfee® Labs  Security Advisory (January 16), the following noteworthy events have taken  place:

    • This is a special "Operation Aurora" Advisory. McAfee product coverage for  vulnerabilities and malware associated with this specific attack are outlined in  full.
      • Microsoft Internet Explorer DOM Operation Memory Corruption Vulnerability
      • Exploit-Comele Trojan
      • Roarur.dr Trojan
      • Roarur.dll Trojan

     

    • Extended McAfee Product Coverage Details:

       

      • McAfee Web Gateway – TrustedSource has coverage for domains and IP  addresses that the malware contacts. Coverage for associated malware was  released January 15 (as "BehavesLike.JS.Obfuscated.E"). Proactive coverage  existed for some components (as "Trojan.Crypt.XDR.Gen").
      • McAfee Application Control - All versions of McAfee Application  Control protect against infection, without updates, and will prevent all  versions of the "Aurora" attack witnessed to date.
      • McAfee Firewall Enterprise - TrustedSource has coverage for domains  and IP addresses that the malware contacts. The embedded McAfee AV scanning  engine in Firewall Enterprise version 7.0.1.02 and later provides coverage for  supported protocols via standard McAfee DAT updates. Coverage for known exploits  and associated malware is provided as Exploit-Comele, Roarur.dr, and Roarur.dll  in the 5862 DATs, released January 15.
      • McAfee SiteAdvisor, SiteAdvisor Plus, SiteAdvisor Enterprise -  TrustedSource has coverage for domains and IP addresses that the malware  contacts.
      • McAfee Email and Web Security Appliances - TrustedSource has coverage  for domains and IP addresses that the malware contacts.