cancel
Showing results for 
Search instead for 
Did you mean: 
epository
Level 10
Report Inappropriate Content
Message 1 of 20

When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

Despite this laughable headline at McAfee Labs

http://blogs.mcafee.com/mcafee-labs/intel-security-protecting-customers-takes-precedence-seeking-hea...

At Intel Security, Protecting Customers Takes Precedence Over Seeking Headlines

They obviously dont care much about us EPO admins who get called into meeting to address a threat making headlines around the world.

Please please please McAfee ...issue some sort of statement on this so I dont walk into a meeting with just a pencil in my hand.

sniff, sniff....smells a lot like McAfee clown response to Heartbleed.

Not the way an Enterprise Solution behaves.

1 Solution

Accepted Solutions
vinoo
Level 13
Report Inappropriate Content
Message 8 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

For whatever hashes that have been publically posted, we've had detection as Regin!sys in the DAT files since March 2011.

http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=412473

   

MD5DetectionType
01c2f321b6bfdb9473c079b0797567baRegin!sysTROJAN
06665b96e293b23acc80451abb413e50Regin!sysTROJAN
187044596bc1328efa0ed636d8aa4a5cRegin!sysTROJAN
1c024e599ac055312a4ab75b3950040aRegin!sysTROJAN
26297dc3cd0b688de3b846983c5385e5Regin!sysTROJAN
2c8b9d2885543d7ade3cae98225e263bRegin!sysTROJAN
47d0e8f9d7a6429920329207a32ecc2eRegin!sysTROJAN
4b6b86c7fec1c574706cecedf44abdedRegin!sysTROJAN
6662c390b2bbbd291ec7987388fc75d7Generic.dxTROJAN
744c07e886497f7b68f6f7fe57b7ab54Regin!sysTROJAN
b269894f434657db2b15949641a67532Regin!sysTROJAN
b29ca4f22ae7b7b25f79c1d4a421139dRegin!sysTROJAN
b505d65721bb2453d5039a389113b566Regin!sysTROJAN
ba7bb65634ce1e30c1e5415be3d1db1dRegin!sysTROJAN
bfbe8c3ee78750c3a520480700e440f8Regin!sysTROJAN
d240f06e98c8d3e647cbf4d442d79475Regin!sysTROJAN
db405ad775ac887a337b02ea8b07fddcRegin!sysTROJAN
ffb0b9b5b610191051a7bdf0806e1e47Regin!sysTROJAN
8486ec3112e322f9f468bdea3005d7b5Generic.dx!bb3gTROJAN
19 Replies
jj4sec
Level 9
Report Inappropriate Content
Message 2 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

I do agree to some extend.

I do miss communication from McAfee indeed to answer management that we are protected or not.  this information is in most cases not possible to find and it is an impossible task to create incidents for this who are in most cases answered with unsatisfied result.

On the other hand I do understand McAfee that not communication about the protection is indeed protecting is more than just publish everything on the internet making it very interesting for hackers to change their behaviour.

Maybye just an announcement that for instance "regin" is protected or not by what products is somewhere in between.

We can answer management.  No information concerning the protection is released.

exbrit
Level 21
Report Inappropriate Content
Message 3 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

Malware is named differently by every anti-malware company but is this any help?  Look down to McAfee:  https://www.virustotal.com/en/file/b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e3c23008399a4a50c047/...

The software protects against millions of different infections so they all can't be listed, especially in the blog.  I believe the answer is, they already have done so.

jj4sec
Level 9
Report Inappropriate Content
Message 4 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

You're right

But I also struggle like epository to find in an easy way if I have protection or not and what products (VSE DAT version, HIPS signature, cloud reputation level , ...)

epository
Level 10
Report Inappropriate Content
Message 5 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

How are we supposed to figure out if VSE addresses a specific threat?  No more DAT release notes, search engine at McAfee Threat Center is not showing anything for Regin...just seems weird we have to go to 3rd party sites like ThreatExpert or VirusTotal to find out if McAfee has a signature for a specific threat.

the DAT page no longer addresses specific malware anymore either as of Aug. 2014

NOTES:

  • Threat description pages will no longer list a “minimum DAT version” because there will no longer be a single DAT package available. Instead, they will include a ‘Protection From’ field that shows the date when McAfee originally offered protection for that threat.
  • The DAT Release Notes page will be updated to show version information about the latest McAfee DATs only.  The remaining content on this page will be retired. Because of the way that anti-malware content is now authored and tested for V2 and V3 DATs, it is no longer possible to describe new and updated threat coverage information in a comprehensive and accurate fashion via DAT release notes.

So that kind of jacks things up as well.....even if you go to McAfee's Threat Center and attempt to look up a specific malware, it doesnt return anything for Regin despite its detection being named Regin!Sys

exbrit
Level 21
Report Inappropriate Content
Message 6 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

Ask the support portal for help.   I would imagine it's impossible to list all the infections covered.

epository
Level 10
Report Inappropriate Content
Message 7 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

Well, their release was on 11/26, so if it was released before my post..it was a close call..

Secondly, their blog does address individual infections, especially when they are high-profile.

My frustration is that they must know how high-profile this is, but do not even acknowledge it or post an expected date of remediation.

As any Google search will show you, this has been reported on world-wide in both print and television media...so categorizing it as "just another virus" isn't really valid.

vinoo
Level 13
Report Inappropriate Content
Message 8 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

For whatever hashes that have been publically posted, we've had detection as Regin!sys in the DAT files since March 2011.

http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=412473

   

MD5DetectionType
01c2f321b6bfdb9473c079b0797567baRegin!sysTROJAN
06665b96e293b23acc80451abb413e50Regin!sysTROJAN
187044596bc1328efa0ed636d8aa4a5cRegin!sysTROJAN
1c024e599ac055312a4ab75b3950040aRegin!sysTROJAN
26297dc3cd0b688de3b846983c5385e5Regin!sysTROJAN
2c8b9d2885543d7ade3cae98225e263bRegin!sysTROJAN
47d0e8f9d7a6429920329207a32ecc2eRegin!sysTROJAN
4b6b86c7fec1c574706cecedf44abdedRegin!sysTROJAN
6662c390b2bbbd291ec7987388fc75d7Generic.dxTROJAN
744c07e886497f7b68f6f7fe57b7ab54Regin!sysTROJAN
b269894f434657db2b15949641a67532Regin!sysTROJAN
b29ca4f22ae7b7b25f79c1d4a421139dRegin!sysTROJAN
b505d65721bb2453d5039a389113b566Regin!sysTROJAN
ba7bb65634ce1e30c1e5415be3d1db1dRegin!sysTROJAN
bfbe8c3ee78750c3a520480700e440f8Regin!sysTROJAN
d240f06e98c8d3e647cbf4d442d79475Regin!sysTROJAN
db405ad775ac887a337b02ea8b07fddcRegin!sysTROJAN
ffb0b9b5b610191051a7bdf0806e1e47Regin!sysTROJAN
8486ec3112e322f9f468bdea3005d7b5Generic.dx!bb3gTROJAN
exbrit
Level 21
Report Inappropriate Content
Message 9 of 20

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

Thanks Vinoo ;-)

Re: When Will Mcafee VSE actually Acknowledge REGIN?

Jump to solution

So....what is the real story here?

If McAfee has been detecting REGIN since 2011, why is Symantec getting so much press for finding an advanced possibly state-sponsored spyware threat?

Secondly, why, when I go to Mcafee's Threat Center, nothing comes up when I search for Regin?

Something is not adding up.....and, at the very least, the "search engine" feature of Mcafee Threat Intelligence center needs some work.

Vinoo, would you mind sharing what you searched for and where to find out that there were actual protections for this spyware from McAfee for at least 4 years?.

For instance, when I search for hash 744c07e886497f7b68f6f7fe57b7ab54 and limit search results for pre-2012, I get nothing.....

Same for hash ba7bb65634ce1e30c1e5415be3d1db1d


I do see that the link you posted, how you found it I have no idea, mentions that this description was modified yesterday.....so mind elaborating on exactly what it was detecting from 2011 up until 2 days ago?


Seems strange if these hashes were being detected by McAfee for several years, it would be documented somewhere.