cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Roy_Ru
Level 7
Report Inappropriate Content
Message 1 of 7

When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Does anyone know when the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Or when is Mcafee anti-virus able to detect such malware?

Labels (1)
1 Solution

Accepted Solutions
McAfee Employee sovanpratihar
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

There were 24 samples submitted under this ticket and with the latest DAT (V2 and V3) all the files will be detected.

However when checked these were from W97M/Downloader family but was not present in our source during the PDF was released. It is a new variant of the same family and was added in our DATs starting from 10th Aug 2018 and now reclassified later as X97M/Laroux.au.a. 

Hope this helps. 

6 Replies
McAfee Employee sovanpratihar
McAfee Employee
Report Inappropriate Content
Message 2 of 7

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

@Roy_Ru, As per the detection name I can confirm it is added in DATs. It is re-classified and should be detecting as other names. 

If you have a specific sample that was submitted to McAfee Labs against which you have received the ED, please provide the submission ID and I can confirm further. 

Roy_Ru
Level 7
Report Inappropriate Content
Message 3 of 7

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Thank you for your quick response.

Could you help to search when it is initially added in DATs (eg which release version)? I wonder if it is newly detected malware in early Aug 2019 and the signature is added recently.  

BTW, I saw a Mcafee Threat Advisory report about W97M/Downloader and X97M/Downloader published on 2018.6.21 (PD25689). If this W97M/Downloader.crg is a new variant of the main malware thereafter?

If Mcafee Anti-virus with DATs released on 2018.6.21 may detect the variant "W97M/Downloader.crg" on that day?

McAfee Employee sovanpratihar
McAfee Employee
Report Inappropriate Content
Message 4 of 7

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

@Roy_Ru, As requested earlier could you share the submission ID for which the ED was provided  that would greatly help findindg detailed ifnormation about the specific variant of the malware.

Please note that we have coverage for this malware family as you have seen under the PD25689 since a while but when a new vairant of the same family is seen then we add them in the DATs. Over a period of time a generic signature is written for moass coverage for the same family. 

If we get the submission ID I can provided detailed ifnormation. 

Roy_Ru
Level 7
Report Inappropriate Content
Message 5 of 7

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Please refer to the Submission ID: 4-19115505491

McAfee Employee sovanpratihar
McAfee Employee
Report Inappropriate Content
Message 6 of 7

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

There were 24 samples submitted under this ticket and with the latest DAT (V2 and V3) all the files will be detected.

However when checked these were from W97M/Downloader family but was not present in our source during the PDF was released. It is a new variant of the same family and was added in our DATs starting from 10th Aug 2018 and now reclassified later as X97M/Laroux.au.a. 

Hope this helps. 

Roy_Ru
Level 7
Report Inappropriate Content
Message 7 of 7

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Thank you for your clarification.

Member Rewards
McAfee Community rewards active and helpful members just like you. Click here to take a look at the first community members who received a special reward and were recognized by McAfee leader, Aneel Jaeel, for their participation and trusted knowledge in the community.