cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Roy_Ru
Level 7
Report Inappropriate Content
Message 1 of 7
‎08-29-2018 08:46 PM

When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Does anyone know when the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Or when is Mcafee anti-virus able to detect such malware?

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Accepted Solutions
sovanpratihar
Employee
Employee
Report Inappropriate Content
Message 6 of 7
‎08-30-2018 02:35 AM

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

There were 24 samples submitted under this ticket and with the latest DAT (V2 and V3) all the files will be detected.

However when checked these were from W97M/Downloader family but was not present in our source during the PDF was released. It is a new variant of the same family and was added in our DATs starting from 10th Aug 2018 and now reclassified later as X97M/Laroux.au.a. 

Hope this helps. 

View solution in original post

0 Kudos
Reply
6 Replies
sovanpratihar
Employee
Employee
Report Inappropriate Content
Message 2 of 7
‎08-29-2018 10:14 PM

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

@Roy_Ru, As per the detection name I can confirm it is added in DATs. It is re-classified and should be detecting as other names. 

If you have a specific sample that was submitted to McAfee Labs against which you have received the ED, please provide the submission ID and I can confirm further. 

0 Kudos
Reply
Roy_Ru
Level 7
Report Inappropriate Content
Message 3 of 7
‎08-29-2018 10:41 PM

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Thank you for your quick response.

Could you help to search when it is initially added in DATs (eg which release version)? I wonder if it is newly detected malware in early Aug 2019 and the signature is added recently.  

BTW, I saw a Mcafee Threat Advisory report about W97M/Downloader and X97M/Downloader published on 2018.6.21 (PD25689). If this W97M/Downloader.crg is a new variant of the main malware thereafter?

If Mcafee Anti-virus with DATs released on 2018.6.21 may detect the variant "W97M/Downloader.crg" on that day?

0 Kudos
Reply
sovanpratihar
Employee
Employee
Report Inappropriate Content
Message 4 of 7
‎08-29-2018 11:13 PM

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

@Roy_Ru, As requested earlier could you share the submission ID for which the ED was provided  that would greatly help findindg detailed ifnormation about the specific variant of the malware.

Please note that we have coverage for this malware family as you have seen under the PD25689 since a while but when a new vairant of the same family is seen then we add them in the DATs. Over a period of time a generic signature is written for moass coverage for the same family. 

If we get the submission ID I can provided detailed ifnormation. 

0 Kudos
Reply
Roy_Ru
Level 7
Report Inappropriate Content
Message 5 of 7
‎08-30-2018 01:08 AM

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Please refer to the Submission ID: 4-19115505491

0 Kudos
Reply
sovanpratihar
Employee
Employee
Report Inappropriate Content
Message 6 of 7
‎08-30-2018 02:35 AM

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

There were 24 samples submitted under this ticket and with the latest DAT (V2 and V3) all the files will be detected.

However when checked these were from W97M/Downloader family but was not present in our source during the PDF was released. It is a new variant of the same family and was added in our DATs starting from 10th Aug 2018 and now reclassified later as X97M/Laroux.au.a. 

Hope this helps. 

0 Kudos
Reply
Roy_Ru
Level 7
Report Inappropriate Content
Message 7 of 7
‎08-30-2018 06:11 PM

Re: When the malware "W97M/Downloader.crg (ED)” is added in Mcafee anti-virus Signature file?

Jump to solution

Thank you for your clarification.

0 Kudos
Reply

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC