31.05.2012, 19:42
Znowu update:McAfee product coverage has been updated for the Skywiper worm.
McAfee product coverage has been updated for vulnerabilities in Microsoft, PHP, Symantec, Apple, and IBM products.
McAfee product coverage for these events:
================================================== =====
McAfee Product Coverage *
================================================== =====
Threat:MTIS12-087-A
Name:Symantec PHPSQL 0297
Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: UA
McAfee Vulnerability Manager:UA
McAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Firewall Enterprise:Exp
-------------------------------------------------- -----
Threat:MTIS12-087-B
Name:Apple iOS DoS 529
Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: UA
McAfee Vulnerability Manager:UA
McAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Firewall Enterprise:N/A
-------------------------------------------------- -----
Threat:MTIS12-087-C
Name:IBM Quickr RCE 2176
Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: UA
McAfee Vulnerability Manager:UA
McAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Firewall Enterprise:Exp
================================================== =====
McAfee Product Coverage Updates *
================================================== =====
Threat:MTIS12-085-M
Name:Skywiper
Importance:High
DAT:Yes
BOP:UA => N/A
Host IPS:UA => N/A
McAfee Network Security Platform: UA => Yes
McAfee Vulnerability Manager:No
McAfee Web Gateway:Yes
McAfee Remediation Manager:N/A
McAfee Policy Auditor:N/A
MNAC:N/A
McAfee Firewall Enterprise:N/A => UA
McAfee Application Control:UA => Exp
-------------------------------------------------- -----
Threat:MTIS12-076-G
Name:MS Exl RCE 1847
Importance:Medium
DAT:UA => N/A
BOP:Exp
Host IPS:Exp
McAfee Network Security Platform: Yes
McAfee Vulnerability Manager:Yes
McAfee Web Gateway:UA => N/A
McAfee Remediation Manager
end => Yes
McAfee Policy Auditorend => UA
MNACend => UA
McAfee Firewall Enterprise:UA
McAfee Application Control:Exp
-------------------------------------------------- -----
Threat:MTIS12-078-A
NameHP-CGI RCE 1823
Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: Yes
McAfee Vulnerability Managerend => Yes
McAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Application Control:UA => Exp
================================================== =============================
[MTIS12-087-A]
Symantec Web Gateway HTTP Access Log SQL Injection Remote Code Execution
================================================== =============================
Threat Identifier(s):CVE-2012-0297
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:LAN
User Interaction Required:No
Description:A vulnerability in some versions of Symantec Web Gateway Management could lead to remote code execution. The vulnerability is specific to the validation of external input by the GUI management console. Successful exploitation could allow an attacker to execute remote code. The exploit requires the attacker to be an authorized network user or to gain remote access to the network.
Importance:Low. On May 17, Symantec released an update to address this vulnerability.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: Under analysis
McAfee Vulnerability Manager:Under analysis
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
Symantec: Security Advisories Relating to Symantec Products - Symantec Web Gateway Multiple Security Issues
================================================== =============================
[MTIS12-087-B]
Apple iOS Safari match() Buffer Denial of Service
================================================== =============================
Threat Identifier(s):Apple iOS DoS 529
Threat Type:Vulnerability
Risk Assessment:Low
Main Threat Vectors:WAN; Web; LAN
User Interaction Required:Yes
Description:A vulnerability in some versions of Apple iOS could lead to remote code execution. The flaw lies in the Safari browser. Specifically a buffer overflow condition in the JavaScript function match() can be invoked via a maliciously crafted web page or request.
Importance:Low. On May 25, details of this vulnerability were publicly disclosed. Proof-of-concept exploit code is available.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: Under analysis
McAfee Vulnerability Manager:Under analysis
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Out of scope
Additional Information
Exploit-DB: iOS <= v5.1.1 Safari Browser JS match, search Crash PoC
================================================== =============================
[MTIS12-087-C]
IBM Lotus Quickr qp2.cab ActiveX Control Remote Code Execution
================================================== =============================
Threat Identifier(s):CVE-2012-2176
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:WAN; LAN; Web
User Interaction Required:Yes
Description:A vulnerability in some versions of IBM Lotus Quickr could lead to remote code execution. The flaw is due to a boundary error within the QuickPlace ActiveX control. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
Importance:Low. On May 23, IBM released an update to address this vulnerability.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: Under analysis
McAfee Vulnerability Manager:Under analysis
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
IBM Security Bulletin: IBM Lotus Quickr 8.2 for Domino ActiveX control buffer overflow vulnerability
================================================== =============================
[MTIS12-085-M]
Skywiper
================================================== =============================
Threat Identifier(s):Flame; Flamer; Wiper; M70492
Threat Type:Malware
Risk Assessment:Low
Main Threat Vectors:LAN; Web; WAN
User Interaction Required:Yes
Description:Skywiper covers malware associated with a long-standing and highly evolved information-theft and monitoring campaign that is targeted at specific entities in the Middle East and Europe. McAfee Labs has observed publicly available reports from antispyware companies and log files in public help forums that could indicate infections of early variants of Skywiper in Europe and Iran several years ago (for example, March 2010). The threat propagates via its own native mechanisms, and leverages vulnerabilities described in MS10-061 and MS10-046. Skywiper is a modular, extendable, and updateable threat. It is capable of, but not limited to, the following key espionage functions:
- Scanning network resources
- Stealing information as specified
- Communicating with command and control (C&C) servers over SSH and HTTPS protocols
- Detecting the presence of more than 100 security products (antivirus, antispyware, firewalls, etc.)
- Using both kernel- and user-mode logic
- Employing complex internal functionality using Windows APC calls and and threads start manipulation, and code injections to key processes. Loading as part of Winlogon.exe and then injecting itself into explorer.exe and services.
- Concealing its presence as ~ named temp files, just as Stuxnet and Duqu
- Attacking new systems via USB flash memory and local networks (spreading slowly)
- Creating screen captures
- Recording voice conversations
- Running on Windows XP, Windows Vista, and Windows 7 systems
- Containing known exploits, such as the print spooler and lnk exploits found in Stuxnet
- Using the SQLite database to store collected information
- Using a custom database for attack modules (this is very unusual, but shows the modularity and extendability of the malware)
- Often located on nearby systems: a local network for both C&C and target-infection cases
- Uses multiple encryption methods (for example, XOR and RC4)
Importance:High. This threat has gained media attention. Analysis is ongoing as of May 30.
McAfee Product Coverage *
DAT files:Coverage is provided in the 6726 DATs (released on May 29) as "Skywiper." The Stinger release of May 30 also provides detection of associated malware and repair.
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: A Network Security Emergency User Defined Signature (HTTP: W32/Skywiper Activity Detected) has been created to detect this threat. The UDS is available for download via McAfee Knowledge Base article KB55447:
McAfee Vulnerability Manager:Out of scope
McAfee Web Gateway:Coverage is provided in the 6726 DATs (released on May 29) as "Skywiper."
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Out of scope
MNAC:Out of scope
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
McAfee Labs: Attack - Flame
McAfee Labs: Jumping Into the Flames of Skywiper
McAfee Labs: Skywiper ? Fanning the Flames of Cyberwarfare
CrySyS: sKyWIper -A complex malware for targeted attacks
IR CERT: Identification of a New Targeted Cyber-Attack
================================================== =============================
[MTIS12-076-G]
(MS12-030) Microsoft Office Excel Record Parsing Type Mismatch Remote Code Execution (2663830)
================================================== =============================
Threat Identifier(s):CVE-2012-1847; MS12-030
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:LAN; Web; WAN; E-Mail; Peer-to-Peer Networks
User Interaction Required:Yes
Description:A vulnerability in some versions of Microsoft Excel could lead to remote code execution. The flaw lies in the mismatch of records parsing of an Excel file. Successful exploitation could allow an attacker to execute remote code. The exploit file requires the user to open a malicious Excel file.
Importance:Medium. On May 8, Microsoft released an update to address this vulnerability.
McAfee Product Coverage *
DAT files:Out of scope
VSE BOP:Generic buffer overflow protection is expected to cover code execution exploits.
Host IPS:Generic buffer overflow protection is expected to cover code execution exploits.
McAfee Network Security Platform: The sigset release of May 8 includes the signature "HTTP: Microsoft Office Excel Record Parsing Type Mismatch Remote Code Execution Vulnerability," which provides coverage.
McAfee Vulnerability Manager:The FSL/MVM package of May 8 includes a vulnerability check to assess if your systems are at risk.
McAfee Web Gateway:Out of scope
McAfee Remediation Manager:The V-Flash package of May 10 includes a vulnerability check to assess if your systems are at risk.
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
================================================== =============================
[MTIS12-078-A]
PHP-CGI Nullcon CTF Remote Code Execution
================================================== =============================
Threat Identifier(s):CVE-2012-1823
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:Web
User Interaction Required:Yes
Description:A vulnerability in some versions of PHP could lead to remote code execution. The flaw lies in CGI-based setups. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
Importance:Low. On May 2, details of this vulnerability were publicly disclosed. Proof-of-concept exploit code is available.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: The sigset release of May 8 includes the signature "HTTP: Detect PHP-CGI Remote Code Execution Vulnerability I," which provides coverage.
McAfee Vulnerability Manager:The FSL/MVM package of May 4 includes a vulnerability check to assess if your systems are at risk.
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
PHP Security: NEW PHP-CGI EXPLOIT: CVE-2012-1823, POC EXPLOIT.
-------------------------------------------------- -------------------------
Detailed descriptions of the Security Advisories can be found in the Users Guide:
For more information on McAfee Labs Security Advisories, see:
For McAfee Technical Support:
McAfee values your feedback on this Security Advisory. Please reply to this mail with your comments
*The information provided is only for the use and convenience of McAfee''s customers in connection with their McAfee products, and applies only to the threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.
The information contained herein is the property of McAfee, Inc. and may not be reproduced or disseminated without the expressed written consent of McAfee, Inc.
McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Dodano: 31 maja 2012, 18:09
I zakonczyłem swoje testy
Norton Internet Security wykrył jednego Trojan.Gen.2, PrevX nie widział żadnego zagrożenia, Hitman Pro podobnie jak Norton-1 zagrożenie(to samo). Biorąc pod uwagę, że pobrałem i uruchomiłem ponad 2500 wirusów(Sandbox), to chyba niezły wynik?
McAfee działał na moim komputerze 2 tygodnie, miał stały dostęp do aktualizacji.
Program polecam. Jest multifunkcjonalny i można go mieć za free.
Nie ma praktycznie heurystyki, jest tylko chmura Artemis. Jednak wykrycia na paczkach są na godnym poziomie. Nie sypie FP, aktualizuje się w czasie rzeczywistym (chmura). Czas dodania wirusa do bazy Artemisa od 2 godzin do 72!
Nie jest ciężki, ale lekki tez nie. Norton przy nim to piórko, ale NiS jednak nie ma tylu funkcji. Bardzo dobra ochrona sieci, skanuje USb, nie przeszkadza. Tworzy magazyny zaszyfrowane hasłem- pełna prywatnośc, nie da sie dostac do tych plikow nieuprawnionym.
Polecam!
Dodano: 31 maja 2012, 19:42
Chciałbym jeszcze dodac ,że na drugim dysku (mam połączone dwa ze sobą z osobnymi Windowsami) mojego brata McAfee jest wgrany od początku. Program zachowuje się skrajnie lekko, choć parametry komputera identyczne.
Wniosek , nie można go wgrywac po innym pakiecie , nawet po dokładnym czyszczeniu rejestru :-(
( żeby osiągnąc najlepszy efekt wydajności oczywiście)
McAfee product coverage has been updated for vulnerabilities in Microsoft, PHP, Symantec, Apple, and IBM products.
McAfee product coverage for these events:
================================================== =====
McAfee Product Coverage *
================================================== =====
Threat:MTIS12-087-A
Name:Symantec PHPSQL 0297
Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: UA
McAfee Vulnerability Manager:UA
McAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Firewall Enterprise:Exp
-------------------------------------------------- -----
Threat:MTIS12-087-B
Name:Apple iOS DoS 529
Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: UA
McAfee Vulnerability Manager:UA
McAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Firewall Enterprise:N/A
-------------------------------------------------- -----
Threat:MTIS12-087-C
Name:IBM Quickr RCE 2176
Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: UA
McAfee Vulnerability Manager:UA
McAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Firewall Enterprise:Exp
================================================== =====
McAfee Product Coverage Updates *
================================================== =====
Threat:MTIS12-085-M
Name:Skywiper
Importance:High
DAT:Yes
BOP:UA => N/A
Host IPS:UA => N/A
McAfee Network Security Platform: UA => Yes
McAfee Vulnerability Manager:No
McAfee Web Gateway:Yes
McAfee Remediation Manager:N/A
McAfee Policy Auditor:N/A
MNAC:N/A
McAfee Firewall Enterprise:N/A => UA
McAfee Application Control:UA => Exp
-------------------------------------------------- -----
Threat:MTIS12-076-G
Name:MS Exl RCE 1847
Importance:Medium
DAT:UA => N/A
BOP:Exp
Host IPS:Exp
McAfee Network Security Platform: Yes
McAfee Vulnerability Manager:Yes
McAfee Web Gateway:UA => N/A
McAfee Remediation Manager
end => YesMcAfee Policy Auditor
end => UAMNAC
end => UAMcAfee Firewall Enterprise:UA
McAfee Application Control:Exp
-------------------------------------------------- -----
Threat:MTIS12-078-A
Name
HP-CGI RCE 1823Importance:Low
DAT:UA
BOP:N/A
Host IPS:N/A
McAfee Network Security Platform: Yes
McAfee Vulnerability Manager
end => YesMcAfee Web Gateway:UA
McAfee Remediation Manager:N/A
McAfee Policy Auditor:UA
MNAC:UA
McAfee Firewall Enterprise:UA
McAfee Application Control:UA => Exp
================================================== =============================
[MTIS12-087-A]
Symantec Web Gateway HTTP Access Log SQL Injection Remote Code Execution
================================================== =============================
Threat Identifier(s):CVE-2012-0297
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:LAN
User Interaction Required:No
Description:A vulnerability in some versions of Symantec Web Gateway Management could lead to remote code execution. The vulnerability is specific to the validation of external input by the GUI management console. Successful exploitation could allow an attacker to execute remote code. The exploit requires the attacker to be an authorized network user or to gain remote access to the network.
Importance:Low. On May 17, Symantec released an update to address this vulnerability.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: Under analysis
McAfee Vulnerability Manager:Under analysis
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
Symantec: Security Advisories Relating to Symantec Products - Symantec Web Gateway Multiple Security Issues
[Aby zobaczyć linki, zarejestruj się tutaj]
================================================== =============================
[MTIS12-087-B]
Apple iOS Safari match() Buffer Denial of Service
================================================== =============================
Threat Identifier(s):Apple iOS DoS 529
Threat Type:Vulnerability
Risk Assessment:Low
Main Threat Vectors:WAN; Web; LAN
User Interaction Required:Yes
Description:A vulnerability in some versions of Apple iOS could lead to remote code execution. The flaw lies in the Safari browser. Specifically a buffer overflow condition in the JavaScript function match() can be invoked via a maliciously crafted web page or request.
Importance:Low. On May 25, details of this vulnerability were publicly disclosed. Proof-of-concept exploit code is available.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: Under analysis
McAfee Vulnerability Manager:Under analysis
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Out of scope
Additional Information
Exploit-DB: iOS <= v5.1.1 Safari Browser JS match, search Crash PoC
[Aby zobaczyć linki, zarejestruj się tutaj]
================================================== =============================
[MTIS12-087-C]
IBM Lotus Quickr qp2.cab ActiveX Control Remote Code Execution
================================================== =============================
Threat Identifier(s):CVE-2012-2176
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:WAN; LAN; Web
User Interaction Required:Yes
Description:A vulnerability in some versions of IBM Lotus Quickr could lead to remote code execution. The flaw is due to a boundary error within the QuickPlace ActiveX control. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
Importance:Low. On May 23, IBM released an update to address this vulnerability.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: Under analysis
McAfee Vulnerability Manager:Under analysis
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
IBM Security Bulletin: IBM Lotus Quickr 8.2 for Domino ActiveX control buffer overflow vulnerability
[Aby zobaczyć linki, zarejestruj się tutaj]
================================================== =============================
[MTIS12-085-M]
Skywiper
================================================== =============================
Threat Identifier(s):Flame; Flamer; Wiper; M70492
Threat Type:Malware
Risk Assessment:Low
Main Threat Vectors:LAN; Web; WAN
User Interaction Required:Yes
Description:Skywiper covers malware associated with a long-standing and highly evolved information-theft and monitoring campaign that is targeted at specific entities in the Middle East and Europe. McAfee Labs has observed publicly available reports from antispyware companies and log files in public help forums that could indicate infections of early variants of Skywiper in Europe and Iran several years ago (for example, March 2010). The threat propagates via its own native mechanisms, and leverages vulnerabilities described in MS10-061 and MS10-046. Skywiper is a modular, extendable, and updateable threat. It is capable of, but not limited to, the following key espionage functions:
- Scanning network resources
- Stealing information as specified
- Communicating with command and control (C&C) servers over SSH and HTTPS protocols
- Detecting the presence of more than 100 security products (antivirus, antispyware, firewalls, etc.)
- Using both kernel- and user-mode logic
- Employing complex internal functionality using Windows APC calls and and threads start manipulation, and code injections to key processes. Loading as part of Winlogon.exe and then injecting itself into explorer.exe and services.
- Concealing its presence as ~ named temp files, just as Stuxnet and Duqu
- Attacking new systems via USB flash memory and local networks (spreading slowly)
- Creating screen captures
- Recording voice conversations
- Running on Windows XP, Windows Vista, and Windows 7 systems
- Containing known exploits, such as the print spooler and lnk exploits found in Stuxnet
- Using the SQLite database to store collected information
- Using a custom database for attack modules (this is very unusual, but shows the modularity and extendability of the malware)
- Often located on nearby systems: a local network for both C&C and target-infection cases
- Uses multiple encryption methods (for example, XOR and RC4)
Importance:High. This threat has gained media attention. Analysis is ongoing as of May 30.
McAfee Product Coverage *
DAT files:Coverage is provided in the 6726 DATs (released on May 29) as "Skywiper." The Stinger release of May 30 also provides detection of associated malware and repair.
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: A Network Security Emergency User Defined Signature (HTTP: W32/Skywiper Activity Detected) has been created to detect this threat. The UDS is available for download via McAfee Knowledge Base article KB55447:
[Aby zobaczyć linki, zarejestruj się tutaj]
.McAfee Vulnerability Manager:Out of scope
McAfee Web Gateway:Coverage is provided in the 6726 DATs (released on May 29) as "Skywiper."
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Out of scope
MNAC:Out of scope
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
McAfee Labs: Attack - Flame
[Aby zobaczyć linki, zarejestruj się tutaj]
McAfee Labs: Jumping Into the Flames of Skywiper
[Aby zobaczyć linki, zarejestruj się tutaj]
McAfee Labs: Skywiper ? Fanning the Flames of Cyberwarfare
[Aby zobaczyć linki, zarejestruj się tutaj]
CrySyS: sKyWIper -A complex malware for targeted attacks
[Aby zobaczyć linki, zarejestruj się tutaj]
IR CERT: Identification of a New Targeted Cyber-Attack
[Aby zobaczyć linki, zarejestruj się tutaj]
================================================== =============================
[MTIS12-076-G]
(MS12-030) Microsoft Office Excel Record Parsing Type Mismatch Remote Code Execution (2663830)
================================================== =============================
Threat Identifier(s):CVE-2012-1847; MS12-030
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:LAN; Web; WAN; E-Mail; Peer-to-Peer Networks
User Interaction Required:Yes
Description:A vulnerability in some versions of Microsoft Excel could lead to remote code execution. The flaw lies in the mismatch of records parsing of an Excel file. Successful exploitation could allow an attacker to execute remote code. The exploit file requires the user to open a malicious Excel file.
Importance:Medium. On May 8, Microsoft released an update to address this vulnerability.
McAfee Product Coverage *
DAT files:Out of scope
VSE BOP:Generic buffer overflow protection is expected to cover code execution exploits.
Host IPS:Generic buffer overflow protection is expected to cover code execution exploits.
McAfee Network Security Platform: The sigset release of May 8 includes the signature "HTTP: Microsoft Office Excel Record Parsing Type Mismatch Remote Code Execution Vulnerability," which provides coverage.
McAfee Vulnerability Manager:The FSL/MVM package of May 8 includes a vulnerability check to assess if your systems are at risk.
McAfee Web Gateway:Out of scope
McAfee Remediation Manager:The V-Flash package of May 10 includes a vulnerability check to assess if your systems are at risk.
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
[Aby zobaczyć linki, zarejestruj się tutaj]
[Aby zobaczyć linki, zarejestruj się tutaj]
================================================== =============================
[MTIS12-078-A]
PHP-CGI Nullcon CTF Remote Code Execution
================================================== =============================
Threat Identifier(s):CVE-2012-1823
Threat Type:Vulnerability
Risk Assessment:High
Main Threat Vectors:Web
User Interaction Required:Yes
Description:A vulnerability in some versions of PHP could lead to remote code execution. The flaw lies in CGI-based setups. Successful exploitation by a remote attacker could result in the execution of arbitrary code.
Importance:Low. On May 2, details of this vulnerability were publicly disclosed. Proof-of-concept exploit code is available.
McAfee Product Coverage *
DAT files:Under analysis
VSE BOP:Out of scope
Host IPS:Out of scope
McAfee Network Security Platform: The sigset release of May 8 includes the signature "HTTP: Detect PHP-CGI Remote Code Execution Vulnerability I," which provides coverage.
McAfee Vulnerability Manager:The FSL/MVM package of May 4 includes a vulnerability check to assess if your systems are at risk.
McAfee Web Gateway:Under analysis
McAfee Remediation Manager:Out of scope
McAfee Policy Auditor:Under analysis
MNAC:Under analysis
McAfee Firewall Enterprise:Under analysis
McAfee Application Control:Run-Time Control locks down systems and provides protection in the form of Execution Control and Memory Protection.
Additional Information
PHP Security: NEW PHP-CGI EXPLOIT: CVE-2012-1823, POC EXPLOIT.
[Aby zobaczyć linki, zarejestruj się tutaj]
-------------------------------------------------- -------------------------
Detailed descriptions of the Security Advisories can be found in the Users Guide:
[Aby zobaczyć linki, zarejestruj się tutaj]
For more information on McAfee Labs Security Advisories, see:
[Aby zobaczyć linki, zarejestruj się tutaj]
For McAfee Technical Support:
[Aby zobaczyć linki, zarejestruj się tutaj]
For Multi-National Phone Support :[Aby zobaczyć linki, zarejestruj się tutaj]
McAfee values your feedback on this Security Advisory. Please reply to this mail with your comments
*The information provided is only for the use and convenience of McAfee''s customers in connection with their McAfee products, and applies only to the threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.
The information contained herein is the property of McAfee, Inc. and may not be reproduced or disseminated without the expressed written consent of McAfee, Inc.
McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.
Dodano: 31 maja 2012, 18:09
I zakonczyłem swoje testy
Norton Internet Security wykrył jednego Trojan.Gen.2, PrevX nie widział żadnego zagrożenia, Hitman Pro podobnie jak Norton-1 zagrożenie(to samo). Biorąc pod uwagę, że pobrałem i uruchomiłem ponad 2500 wirusów(Sandbox), to chyba niezły wynik?
McAfee działał na moim komputerze 2 tygodnie, miał stały dostęp do aktualizacji.
Program polecam. Jest multifunkcjonalny i można go mieć za free.
Nie ma praktycznie heurystyki, jest tylko chmura Artemis. Jednak wykrycia na paczkach są na godnym poziomie. Nie sypie FP, aktualizuje się w czasie rzeczywistym (chmura). Czas dodania wirusa do bazy Artemisa od 2 godzin do 72!
Nie jest ciężki, ale lekki tez nie. Norton przy nim to piórko, ale NiS jednak nie ma tylu funkcji. Bardzo dobra ochrona sieci, skanuje USb, nie przeszkadza. Tworzy magazyny zaszyfrowane hasłem- pełna prywatnośc, nie da sie dostac do tych plikow nieuprawnionym.
Polecam!
Dodano: 31 maja 2012, 19:42
Chciałbym jeszcze dodac ,że na drugim dysku (mam połączone dwa ze sobą z osobnymi Windowsami) mojego brata McAfee jest wgrany od początku. Program zachowuje się skrajnie lekko, choć parametry komputera identyczne.
Wniosek , nie można go wgrywac po innym pakiecie , nawet po dokładnym czyszczeniu rejestru :-(
( żeby osiągnąc najlepszy efekt wydajności oczywiście)