I do agree to some extend.
I do miss communication from McAfee indeed to answer management that we are protected or not. this information is in most cases not possible to find and it is an impossible task to create incidents for this who are in most cases answered with unsatisfied result.
On the other hand I do understand McAfee that not communication about the protection is indeed protecting is more than just publish everything on the internet making it very interesting for hackers to change their behaviour.
Maybye just an announcement that for instance "regin" is protected or not by what products is somewhere in between.
We can answer management. No information concerning the protection is released.
Malware is named differently by every anti-malware company but is this any help? Look down to McAfee: https://www.virustotal.com/en/file/b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e 3c23008399a4a50c047/analysis/
The software protects against millions of different infections so they all can't be listed, especially in the blog. I believe the answer is, they already have done so.
But I also struggle like epository to find in an easy way if I have protection or not and what products (VSE DAT version, HIPS signature, cloud reputation level , ...)
1 of 1 people found this helpful
Well, their release was on 11/26, so if it was released before my post..it was a close call..
Secondly, their blog does address individual infections, especially when they are high-profile.
My frustration is that they must know how high-profile this is, but do not even acknowledge it or post an expected date of remediation.
As any Google search will show you, this has been reported on world-wide in both print and television media...so categorizing it as "just another virus" isn't really valid.
How are we supposed to figure out if VSE addresses a specific threat? No more DAT release notes, search engine at McAfee Threat Center is not showing anything for Regin...just seems weird we have to go to 3rd party sites like ThreatExpert or VirusTotal to find out if McAfee has a signature for a specific threat.
the DAT page no longer addresses specific malware anymore either as of Aug. 2014
- Threat description pages will no longer list a “minimum DAT version” because there will no longer be a single DAT package available. Instead, they will include a ‘Protection From’ field that shows the date when McAfee originally offered protection for that threat.
- The DAT Release Notes page will be updated to show version information about the latest McAfee DATs only. The remaining content on this page will be retired. Because of the way that anti-malware content is now authored and tested for V2 and V3 DATs, it is no longer possible to describe new and updated threat coverage information in a comprehensive and accurate fashion via DAT release notes.
So that kind of jacks things up as well.....even if you go to McAfee's Threat Center and attempt to look up a specific malware, it doesnt return anything for Regin despite its detection being named Regin!Sys
Ask the support portal for help. I would imagine it's impossible to list all the infections covered.
1 of 1 people found this helpful
For whatever hashes that have been publically posted, we've had detection as Regin!sys in the DAT files since March 2011.
MD5 Detection Type 01c2f321b6bfdb9473c079b0797567ba Regin!sys TROJAN 06665b96e293b23acc80451abb413e50 Regin!sys TROJAN 187044596bc1328efa0ed636d8aa4a5c Regin!sys TROJAN 1c024e599ac055312a4ab75b3950040a Regin!sys TROJAN 26297dc3cd0b688de3b846983c5385e5 Regin!sys TROJAN 2c8b9d2885543d7ade3cae98225e263b Regin!sys TROJAN 47d0e8f9d7a6429920329207a32ecc2e Regin!sys TROJAN 4b6b86c7fec1c574706cecedf44abded Regin!sys TROJAN 6662c390b2bbbd291ec7987388fc75d7 Generic.dx TROJAN 744c07e886497f7b68f6f7fe57b7ab54 Regin!sys TROJAN b269894f434657db2b15949641a67532 Regin!sys TROJAN b29ca4f22ae7b7b25f79c1d4a421139d Regin!sys TROJAN b505d65721bb2453d5039a389113b566 Regin!sys TROJAN ba7bb65634ce1e30c1e5415be3d1db1d Regin!sys TROJAN bfbe8c3ee78750c3a520480700e440f8 Regin!sys TROJAN d240f06e98c8d3e647cbf4d442d79475 Regin!sys TROJAN db405ad775ac887a337b02ea8b07fddc Regin!sys TROJAN ffb0b9b5b610191051a7bdf0806e1e47 Regin!sys TROJAN 8486ec3112e322f9f468bdea3005d7b5 Generic.dx!bb3g TROJAN
Thanks Vinoo ;-)
So....what is the real story here?
If McAfee has been detecting REGIN since 2011, why is Symantec getting so much press for finding an advanced possibly state-sponsored spyware threat?
Secondly, why, when I go to Mcafee's Threat Center, nothing comes up when I search for Regin?
Something is not adding up.....and, at the very least, the "search engine" feature of Mcafee Threat Intelligence center needs some work.
Vinoo, would you mind sharing what you searched for and where to find out that there were actual protections for this spyware from McAfee for at least 4 years?.
For instance, when I search for hash 744c07e886497f7b68f6f7fe57b7ab54 and limit search results for pre-2012, I get nothing.....
Same for hash ba7bb65634ce1e30c1e5415be3d1db1d
I do see that the link you posted, how you found it I have no idea, mentions that this description was modified yesterday.....so mind elaborating on exactly what it was detecting from 2011 up until 2 days ago?
Seems strange if these hashes were being detected by McAfee for several years, it would be documented somewhere.