1 2 Previous Next 19 Replies Latest reply on Dec 1, 2014 9:06 PM by epository

    When Will Mcafee VSE actually Acknowledge REGIN?

    epository

      Despite this laughable headline at McAfee Labs

       

      http://blogs.mcafee.com/mcafee-labs/intel-security-protecting-customers-takes-pr ecedence-seeking-headlines#comment-3872318

       

      At Intel Security, Protecting Customers Takes Precedence Over Seeking Headlines

       

      They obviously dont care much about us EPO admins who get called into meeting to address a threat making headlines around the world.

       

      Please please please McAfee ...issue some sort of statement on this so I dont walk into a meeting with just a pencil in my hand.

       

      sniff, sniff....smells a lot like McAfee clown response to Heartbleed.

       

      Not the way an Enterprise Solution behaves.

        • 1. Re: When Will Mcafee VSE actually Acknowledge REGIN?
          jj4sec

          I do agree to some extend.

          I do miss communication from McAfee indeed to answer management that we are protected or not.  this information is in most cases not possible to find and it is an impossible task to create incidents for this who are in most cases answered with unsatisfied result.

          On the other hand I do understand McAfee that not communication about the protection is indeed protecting is more than just publish everything on the internet making it very interesting for hackers to change their behaviour.

          Maybye just an announcement that for instance "regin" is protected or not by what products is somewhere in between.

          We can answer management.  No information concerning the protection is released.

          • 2. Re: When Will Mcafee VSE actually Acknowledge REGIN?
            Peter M

            Malware is named differently by every anti-malware company but is this any help?  Look down to McAfee:  https://www.virustotal.com/en/file/b12c7d57507286bbbe36d7acf9b34c22c96606ffd904e 3c23008399a4a50c047/analysis/

             

            The software protects against millions of different infections so they all can't be listed, especially in the blog.  I believe the answer is, they already have done so.

            • 3. Re: When Will Mcafee VSE actually Acknowledge REGIN?
              jj4sec

              You're right

              But I also struggle like epository to find in an easy way if I have protection or not and what products (VSE DAT version, HIPS signature, cloud reputation level , ...)

              • 4. Re: When Will Mcafee VSE actually Acknowledge REGIN?
                epository

                Well, their release was on 11/26, so if it was released before my post..it was a close call..

                 

                Secondly, their blog does address individual infections, especially when they are high-profile.

                 

                My frustration is that they must know how high-profile this is, but do not even acknowledge it or post an expected date of remediation.

                 

                As any Google search will show you, this has been reported on world-wide in both print and television media...so categorizing it as "just another virus" isn't really valid.

                1 of 1 people found this helpful
                • 5. Re: When Will Mcafee VSE actually Acknowledge REGIN?
                  epository

                  How are we supposed to figure out if VSE addresses a specific threat?  No more DAT release notes, search engine at McAfee Threat Center is not showing anything for Regin...just seems weird we have to go to 3rd party sites like ThreatExpert or VirusTotal to find out if McAfee has a signature for a specific threat.

                   

                   

                  the DAT page no longer addresses specific malware anymore either as of Aug. 2014

                   

                  SNS Weekly Roundup (August 14)

                   

                  NOTES:

                  • Threat description pages will no longer list a “minimum DAT version” because there will no longer be a single DAT package available. Instead, they will include a ‘Protection From’ field that shows the date when McAfee originally offered protection for that threat.
                  • The DAT Release Notes page will be updated to show version information about the latest McAfee DATs only.  The remaining content on this page will be retired. Because of the way that anti-malware content is now authored and tested for V2 and V3 DATs, it is no longer possible to describe new and updated threat coverage information in a comprehensive and accurate fashion via DAT release notes.

                  So that kind of jacks things up as well.....even if you go to McAfee's Threat Center and attempt to look up a specific malware, it doesnt return anything for Regin despite its detection being named Regin!Sys

                  • 6. Re: When Will Mcafee VSE actually Acknowledge REGIN?
                    Peter M

                    Ask the support portal for help.   I would imagine it's impossible to list all the infections covered.

                    • 7. Re: When Will Mcafee VSE actually Acknowledge REGIN?
                      vinoo

                      For whatever hashes that have been publically posted, we've had detection as Regin!sys in the DAT files since March 2011.

                      http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=412473

                         

                      MD5DetectionType
                      01c2f321b6bfdb9473c079b0797567baRegin!sysTROJAN
                      06665b96e293b23acc80451abb413e50Regin!sysTROJAN
                      187044596bc1328efa0ed636d8aa4a5cRegin!sysTROJAN
                      1c024e599ac055312a4ab75b3950040aRegin!sysTROJAN
                      26297dc3cd0b688de3b846983c5385e5Regin!sysTROJAN
                      2c8b9d2885543d7ade3cae98225e263bRegin!sysTROJAN
                      47d0e8f9d7a6429920329207a32ecc2eRegin!sysTROJAN
                      4b6b86c7fec1c574706cecedf44abdedRegin!sysTROJAN
                      6662c390b2bbbd291ec7987388fc75d7Generic.dxTROJAN
                      744c07e886497f7b68f6f7fe57b7ab54Regin!sysTROJAN
                      b269894f434657db2b15949641a67532Regin!sysTROJAN
                      b29ca4f22ae7b7b25f79c1d4a421139dRegin!sysTROJAN
                      b505d65721bb2453d5039a389113b566Regin!sysTROJAN
                      ba7bb65634ce1e30c1e5415be3d1db1dRegin!sysTROJAN
                      bfbe8c3ee78750c3a520480700e440f8Regin!sysTROJAN
                      d240f06e98c8d3e647cbf4d442d79475Regin!sysTROJAN
                      db405ad775ac887a337b02ea8b07fddcRegin!sysTROJAN
                      ffb0b9b5b610191051a7bdf0806e1e47Regin!sysTROJAN
                      8486ec3112e322f9f468bdea3005d7b5Generic.dx!bb3gTROJAN
                      1 of 1 people found this helpful
                      • 8. Re: When Will Mcafee VSE actually Acknowledge REGIN?
                        Peter M

                        Thanks Vinoo ;-)

                        • 9. Re: When Will Mcafee VSE actually Acknowledge REGIN?
                          epository

                          So....what is the real story here?

                           

                          If McAfee has been detecting REGIN since 2011, why is Symantec getting so much press for finding an advanced possibly state-sponsored spyware threat?

                           

                          Secondly, why, when I go to Mcafee's Threat Center, nothing comes up when I search for Regin?

                           

                          Something is not adding up.....and, at the very least, the "search engine" feature of Mcafee Threat Intelligence center needs some work.

                           

                          Vinoo, would you mind sharing what you searched for and where to find out that there were actual protections for this spyware from McAfee for at least 4 years?.

                           

                          For instance, when I search for hash 744c07e886497f7b68f6f7fe57b7ab54 and limit search results for pre-2012, I get nothing.....

                           

                          Same for hash ba7bb65634ce1e30c1e5415be3d1db1d


                          I do see that the link you posted, how you found it I have no idea, mentions that this description was modified yesterday.....so mind elaborating on exactly what it was detecting from 2011 up until 2 days ago?


                          Seems strange if these hashes were being detected by McAfee for several years, it would be documented somewhere.

                          1 2 Previous Next