Yesterday, I received an alert from McAfee with a Medium threat level on this new worm w32/pift worm. There is a mcafee kb article on it. https://kc.mcafee.com/corporate/index?page=content&id=KB75742 There is an extra.dat as well as an updated stinger.
Now to my question
I have been monitoring the AvertLabs threat advisories website and so far there has been no right up on this worm that i can see.
Been checking the daily dats to see if when it is included and the latest dats 6770 released yesterday http://www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx has no mention of new virus signatures.
So here is my problem, I do not deploy extra.dats as a norm unless i have discovered an infection / outbreak..
With nothing up on the McAfee virus library page on this worm and there is nothing in the Dats, how am I and my company going to know what the minimum requirements are for protection on this worm. When will it be included in the normal dats?
Thank you for your input.
Ok then, the 6771 dats have now been released and there is no mention of the w32/pift worm. checked the vil.nai.com and it still has nothing on it. Can someone update us or the VIL with some information on this worm? I have upper management breathing down my neck on this.
Hi, we have gold partner support. I asked if it is in 6770 and no, for some reason it is highly recommended to apply the extra dat as not in upcoming DATS - no idea why and info is scarce. I did that as an emergency change as its out of band for us, we just normally do DATs. running on a few hundred production servers and lots of clients now without issue. I could not get an answer on how widespread this virus is - if anyone knows that then please post up.
We are on the same boat, i.e., only deploy extra.dat when we have a new discovery/outbreak.
Checking DAT 6772 and 6773 no sign of W32/Pift
I might give support a ring to find out what to do........
Any news anyone???
Have just received this reply from McAfee support:
Currently VSE On demand scanner is detecting this threat but not OAS.
Below is ETA to include in out scanners.
o McAfee Gateway and Command Line Scanners – available in 6771 DATs
o VSE On Demand Scanner – available in 6771 DATs
o VSE On Access Scanner – tentative ETA is July 17, 2012.
OAS scanner will start detecting it in tomorrow's DAT file.
Currently if you have W32/pift infection then please run the stringer file/ED which will resolve the issue."