On August 9th McAfee issued the following Threat Advisory for W32/XDocCrypt.aMcAfee Labs has released a Threat Advisory for W32/XDocCrypt.a.
W32/XDocCrypt.a belongs to a family of malware which encrypts Microsoft Office Word, Excel and executable files. It encrypts these files using RC4 encryption algorithm. On successful encryption, the original file is replaced with the infector followed by encrypted data; and if the original file name has “.doc”/”.docx” then it is replaced by “U+202Ecod.scr”. If the original filename has “.xls/.xlsx” then it is replaced by “U+202Eslx.scr”.
I did not deploy the superDAT and am trying to figure out if W32/XDocCrypt.a was included in the regular DAT deployed the following Friday or over the weekend. Where can I find that information - either on the McAfee site, in ePO4.6 console, or in VSE 8.8 on a local machine.
Also, in general, is there a list of what is included in a DAT? Where?
I find a quick google of what malware your looking for normally turns up a mcafee link with which DAT you need: http://home.mcafee.com/virusinfo/virusprofile.aspx?key=1411863
As for what is in each DAT i dont think they provide that, also I would enable Artemis (GTI lookups) as this is where quite a few of my detections are getting picked up these days. and you will see in some of the recommendations that if your artemis is medium then dont worry about this super DAT update etc....
follow this link to find exact DAT definations.
Each DAT file released also has an associated readme http://www.mcafee.com/apps/mcafee-labs/release-notes/datreadme.aspx?region=uk which shows the changed detections.