2 Replies Latest reply on Oct 27, 2016 9:37 AM by bretzeli

    ATD: Winword and embedded OLE objects

    bretzeli

      We have seen a larger amount of 0day E-Mails incoming with customer running Fortimail and Fortigate PLUS ATD and TIE.

      ATD does not capture current Winword OLE malware around. Fortigate informed us that they are working on it. No comment from Mcafee to date.

       

      http://www.butsch.ch/post/Switzerland-Embedded-WinWord-OLE-Ransomware-active-aro und-Switzerland-26102016.aspx

       

       

       

       

        • 1. Re: ATD: Winword and embedded OLE objects
          Ryan Brady

          If you have a sample that ATD should have convicted but didn't, please follow https://kc.mcafee.com/agent/index?page=content&id=KB83659 to submit the sample for analysis.

          • 2. Re: ATD: Winword and embedded OLE objects
            bretzeli

            Yes?

             

            Now:

             

            * Fortigate

            * Malwaremustdie

            * Krebs

            * Most malware analyse services

             

            Do accept Malware with an Upload mechnism and a site.

             

            With Mcafee for a Aplliance that Costs 80'000.- we can ONLY send the samples as ZIP files. Which by the way is very convient in today secure enviroments (95% block ZIP)

             

            I am for sure not goind to use a corporate E-mail adddres to send in a sample. Ther eis no way we get that out of the building in an outbreak event.

             

            We had that once with a large hospital unable to get a file to TIER X once we reached top support.

             

            * Platinum Customer however seem to be abelt to upload

            * Not even mcafee Partners can upload samples

             

            * And no > we don't want to sent ATD Data to GTI we can use the cloud solution then

            * And no > GETSUSP did not find it and thus it can't get uploaded.

             

            ;-)