McAfee Labs Threat Advisory for W32/DistTrack

W32/DistTrack is detection for a worm malware that has extremely destructive behaviour. Machines infected by it are rendered useless because most of the files, the Master Boot Record (MBR), and the partition tables are overwritten with random data. The overwritten data is lost and is not recoverable. The system is rendered unbootable.

McAfee Labs Threat Advisory for Ransomware-SAMAS

Ransomware-SAMAS is a detection for a family of ransomware that on execution encrypts certain file types present in the user’s system. The compromised user has to pay the attacker with a ransom to get the files decrypted.

Ransomware-SAMAS has been known to be used in targeted ransomware attacks on Organisations.

VirusScan 8.8 P8 release - Windows 10 Anniversary Edition

After some issues with VSE 8.8 not being compatible with Windows 10 Anniversary edition, Intel Security have now release Patch 8 which adds compatibility for the current build of Windows 10.

Patch 8 (build 8.8.0.1588) has been released to the update site, and if you are running ePO 5.1.1 or later the Software Manager will be able to pull this update into your Master Repository.

Full details for this release can be found in the release notes PD26631 and the supported platforms, environments and operating systems can be found in KB51111

ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities - July 2016

ePO is vulnerable to the following CVEs reported in Oracle's July 2016 Java SE update.

Collectively, these vulnerabilities affect integrity and availability of the server.

AFFECTED SOFTWARE
ePO 5.1.3 and earlier
ePO 5.3.2 and earlier

REMEDIATED/PATCHED VERSIONS

Oracle Java 7.0 officially reached End of Life (EOL) status in April of 2015. The Java version currently supported in ePO 5.1.x and 5.3.x has been upgraded to Java 8.0. This issue is remediated with ePO 5.x Hotfix 1151890. These fixes will be included in the next ePO patch when scheduled.

ePO 5.1.3 + Hotfix 1151890 (EPO5xHF1151890.zip)
ePO 5.3.1 + Hotfix 1151890 (EPO5xHF1151890.zip)
ePO 5.3.2 + Hotfix 1151890 (EPO5xHF1151890.zip)

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see McAfee Knowledge Base article SB10166.

ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities - May 2016

ePO is vulnerable to multiple CVEs reported in Oracle's April 2016 Java SE update. Collectively, these vulnerabilities affect confidentiality, integrity, and availability of the server.

Inside the Verizon Data Breach Investigations Reports Webcast

Verizon’s 2016 Data Breach Investigations Report (DBIR) provides a comprehensive analysis of data breach patterns seen in 2015. As a contributor, Intel Security provided anonymized breach data and co-authored a section focusing on post-breach fraud and what happens to data once it has been stolen from the breached entity.

Earn one CPE credit for attending the live webcast.

Wednesday, June 8, 2016 11:00AM PT | 1:00PM CT | 2:00PM ET
REGISTER: https://events.demand.intelsecurity.com/ISecWebcast-6-08-16?s=DFMSNS

McAfee to Intel Security Migration

On May 12, 2016, the SNS Internet domain migrated from snssecure.mcafee.com to sns.secure.intelsecurity.com.

Rogue System Detection 5.0.3 Now Available

McAfee Rogue System Detection sensors use passive and active network discovery techniques to detect systems connected to the network. When a sensor detects a system on the network, it sends a message to McAfee ePO software, which checks to see whether the detected system has an active McAfee agent installed. If the detected system is unknown to the server, McAfee Rogue System Detection provides information to McAfee ePO software to allow you to take remediation steps, which include alerting administrators and automatically deploying a McAfee agent to the system.

Rogue System Detection 5.0.3 is now available, rated Recommended.

Troubleshooting On-Demand Scan Performance with VSE 8.8 Patch 5 and 6

After upgrading an endpoint to VSE 8.8 (patch 5 or 6), the system becomes slow or unresponsive during On-Demand Scans.  System performance can be improved by making some changes to the System Utilisation settings to reduce resource use.

McAfee Labs has released an updated Threat Advisory for W97M/Downloader and X97M/Downloader.

W97M/Downloader and X97M/Downloader are Microsoft Office files that contain a malicious macro. The only difference between them is that W97M detections are related to Word files and X97M detections are related to Excel files. The macro downloads and executes other malware on the infected machine. The malicious Office file usually arrives on a machine as an attachment as part of spam or phish emails. The file can be a Word document (.doc file and .docx file) or an Excel workbook (.xls file and .xlsx file).

McAfee Labs Threat Advisory for Ransomware-Locky

Ransomware-Locky is a ransomware that upon execution encrypts certain file types present in the user’s system.
The compromised user has to pay the attacker to get the files decrypted.

End of Life for McAfee 5700 Anti-Malware Engine

The End of Life (EOL) and End of Support (EOS) date for the McAfee 5700 Anti-Malware Engine is February 29, 2016. Intel Security requests that all customers update to the McAfee 5800 Anti-Malware Engine as soon as possible.

For a product that uses the McAfee Anti-Malware Engine to be fully supported, a supported product version and a supported engine must both be deployed. If either the product version or the engine is not supported, then the total product configuration is not supported.

You can download the 5800 Engine from the Security Updates page

McAfee Agent 5.0.2 Hotfix 1110392 is now available

Multiple McAfee endpoint products include a private mechanism to access settings and files protected by self-protection rules. This mechanism is not sufficiently secure and may be misused to access registry keys and files that should be protected from tampering.
When VirusScan Enterprise (VSE) is present on the device, processes that attempt to use this private mechanism are scanned upon access, but if not detected as malware could gain access to McAfee products protected resources.
This trusted access bypass vulnerability allows access to resources normally protected by the vulnerable products.
Though McAfee Agent 5.0.x, ship the vulnerable technology, it has already transitioned to a new self-protection mechanism that doesn’t rely on the vulnerable technology. However it requires an update to fully disable the vulnerable technology.
This release includes:

• Fixes as described in PD26386 - McAfee Agent 5.0.2 Hotfix 1110392 Release Notes
• Hotfix 1110392 is rated mandatory due to a security fix as described in the release notes.

To download McAfee Agent 5.0.2 Hotfix 1110392 (MA502HF1110392WIN.zip), go to the product downloads site Refer to Security Bulletin SB10151 for additional details

VirusScan Enterprise 8.8 Patch 7 Now Available

VirusScan Enterprise 8.8 Patch 7 is now available. 

This update has been scored 'mandatory' by Intel Security. This score is based on the Security Vulnerability which has been previously identified and since patch in this release.

Multiple McAfee endpoint products include a private mechanism to access settings and files protected by self-protection rules. This mechanism is not sufficiently secure and may be misused to access registry keys and files that should be protected from tampering.

This release includes new features, fixes, and enhancements including:

• A vulnerability is addressed in this release. See SB10151 for details.
• This release is rated “Mandatory”.
• See release notes for MA 5.x version restrictions. 
• TIE customers are advised to use 1.0.140 or later.
• Adds Windows 10 TH2 Support, including the Secure/UEFI feature.
• Adds 5800 engine (for new installations)
• Please review your Windows service dependencies practices. See KB85374.

For a full list of changes, see the Release Notes in PD26382

For a list of known issues, see KB70393

McAfee Customer Submission Tool 2.4 Now Available

This tool integrates into Microsoft Outlook. It allows users to quickly and easily submit missed spam samples and samples that were wrongly categorized as spam to McAfee Labs. McAfee Customer Submission Tool version 2.4 can also be used with McAfee Quarantine Manager to black or white list email addresses when submitting the samples.

McAfee Customer Submission Tool (MCST) 2.4 is now available. This release includes new features, fixes, and enhancements including:

• Support for Outlook 2013
• Support for Exchange 2013
• Bug fixes

To download MCST 2.4, go to the Product Downloads site.

For a full list of changes, see the Release Notes in PD26356

SiteAdvisor Enterprise now supports Firefox 44

SiteAdvisor Enterprise 3.5 Patch 4 HF1076106 is now available.

This hotfix includes a signed SAE extension for use in Firefox with Firefox 44 support.

To download SiteAdvisor Enterprise 3.5 Patch 4 HF1076106, go to the Product Downloads site

McAfee DAT Reputation 1.0.4 Mandatory Upgrade AutoUpdate Schedule

A new version of McAfee DAT Reputation for Enterprise, v1.0.4, will be available from the CommonUpdater3 download sites with DAT Reputation ON and Safety Pulse OFF.

This release is a mandatory upgrade for all customers running DAT Reputation and will include reported issues listed in the following Knowledge Base articles:

• KB85648
• KB85155

It will also include a new certificate required because of an upcoming expiry date.

An updated DAT Reputation ePO Extension (v1.0.2) will also be posted for DAT Reputation 1.0.4. This new extension is an optional update for existing DAT Reputation users and provides Windows 10 OS endpoint support.

Customers can test this release in a representative subset of their production environment by configuring the systems in this group to update from CommonUpdater3 locations. For details on how to configure AutoUpdate to use a different update location, see KB86251:

This update will be phased as follows:

CommonUpdater3 - Planned for February 9, 2016:

• ftp://ftp.nai.com/commonupdater3
• http://update.nai.com/products/commonupdater3

CommonUpdater - Planned for February 16, 2016:

• http://update.nai.com/products/commonupdater
• ftp://ftp.mcafee.com/commonupdater

CommonUpdater2 - Posting of DAT Reputation to CommonUpdater2 locations remains postponed:

• ftp://ftp.nai.com/commonupdater2
• http://update.nai.com/products/commonupdater2

McAfee Labs has released an updated Threat Advisory for W32/Pinkslipbot.

The W32/Pinkslipbot worm is capable of spreading over network shares, downloading files, and updating its software. Additionally, it is capable of receiving back door command from its IRC command and control center. It attempts to steal user information and upload it to FTP sites.

ePolicy Orchestrator update fixes multiple Oracle Java vulnerabilities

ePO is vulnerable to the multiple CVEs reported in Oracle's January 2016 Java SE update. Collectively, these vulnerabilities affect confidentiality, integrity, and availability of the server.

AFFECTED SOFTWARE

• ePO 5.1.3 and earlier
• ePO 5.3.1 and earlier

REMEDIATED/PATCHED VERSIONS
The vulnerability is remediated in these versions:

• ePO 5.1.3 + Hotfix 1117371 (EPO5xHF1117371.zip)
• ePO 5.3.1 + Hotfix 1117371 (EPO5xHF1117371.zip) 

McAfee recommends that all customers verify that they have applied the latest updates. Impacted users should install the relevant patches or hotfixes. For full instructions and information, see McAfee Knowledge Base article SB10148.

Intel Security - SNS Product Digest Jan 2016

This months Product Digest from Intel is out, this issue covers:

• Threat Projections for 2016 Webcast
• Endpoint Security 10.1 FAQ's
• New fileless Malware true to name
• Technical Product Updates

To read the online version please visit the  January 2016 SNS Journal