McAfee DAT v4585 dat files have been released due to mutliple new variants of Bagle

Discussion in 'Anti-Virus' started by David H. Lipman, Sep 19, 2005.

  1. McAfee had detected them under Heuristics as "New Poly Win32" but with v4585 the
    new variants are now called; "W32/Bagle.ci", "W32/Bagle.cj" and "W32/Bagle.cl"
    { I couldn't find information on "W32/Bagle.ck" variant but based upon mcAfe's
    naming convention, they wouldn't name the W32/Bagle.cl variant without first
    having a W32/Bagle.ck variant }

    I don't know if Stinger will be updated but no Bagle variants have been added to
    Stinger since 5/02/2005 when; W32/Bagle.bo - W32/Bagle.bt were added. That
    leaves; W32/Bagle.bt - W32/Bagle.cl needing to be added.


    -------
    The 4585 dat files have been released due to the mutliple variants of Bagle that
    have been spammed out today.

    The various 4585 dat file packages can be found at
    http://www.mcafeesecurity.com/us/downloads/default.asp.

    IS YOUR ENGINE UP-TO-DATE? - Anti-virus is only as good as its last update!

    Current Engine Information by platform:
    - Microsoft: 4400
    - Netware: 4400
    - UNIX: 4400
    - Macintosh OS X: 4400

    Engine Security Tips from AVERT and the McAfee Security Engine Development
    Team
    - Updating your DAT files regularly is essential and a MUST!
    - Updating your scan engine is just as important and a MUST
    - An old Engine WON'T catch some of today's threats
    - Sometimes architectural changes to the way DAT files and scan
    - engine work together make it critical for you to update your scan
    engine
    - AVERT says it makes sense to have as part of your Security Policy
    - Program an Engine Update process to take advantage of the latest
    technology and stay protected!

    The Problem
    Between 250 and 400 new detections are added to the DATs monthly by AVERT.
    If you're not up-to-date, you are vulnerable to any one of them that gets a
    foothold in the field (a.k.a. 'in the wild'). McAfee AVERT releases
    regular DAT files, ensuring that full protection is added to all McAfee
    products.

    The DAT files contain the information required to detect and remove threats
    - what to look for and where to look for it. However, today's threats are
    evolving almost on a daily basis. Software providers continue to have
    operating systems and applications changes that can change the way a
    program acts or works and a virus-scanning program may not understand the
    changes.

    The Solution
    Taking this into account McAfee Security regularly updates its scan engine
    used by ALL McAfee Security virus detection and removal products. The
    engine understands all the different structures in which a virus could lurk
    - EXE files, MS Office files, Linux files, etc. Occasionally these changes
    require us to make significant architectural changes to the engine as well
    as the DAT files. AVERT strongly recommends users of ALL McAfee Security
    virus scanning products update the scan engines in the products they have
    deployed as part of a sound Security best practices program.

    Here's how to check your engine version. Right-click on the McAfee shield
    in the system tray, select 'About' and look at the 'Scan engine' version
    number. If you need to update, you should update your scan engine
    immediately.

    McAfee Security Engine End-Of-Life (EOL) Program
    Because of the evolving malicious code threat, users should update their
    engines as soon as possible upon the release of McAfee Security's latest
    scanning technology. When a new engine is released the existing engine
    will begin its countdown to its EOL, and will therefore no longer be
    supported by McAfee Security. Information on the McAfee Security Engine
    End of Life policy and a full list of supported scan engines and products
    can be found at:
    http://www.mcafeesecurity.com/us/products/mcafee/end_of_life.htm

    Best Regards,

    McAfee AVERT - Anti Virus and Vulnerability Research, Analysis, and
    Solutions visit us at www.avertlabs.com
     
    David H. Lipman, Sep 19, 2005
    #1
    1. Advertisements

  2. Hey David-seems that Bagle.ck is the one that virusguy was talking
    about the other day(price.zip)
    http://vil.mcafeesecurity.com/vil/content/v_136039.htm
    -max
    --
    Playing Nice on Usenet:
    http://oakroadsystems.com/genl/unice.htm#xpost
    My Pages: http://home.neo.rr.com/manna4u/
    http://home.neo.rr.com/manna4u/keepingclean.html
    http://home.neo.rr.com/manna4u/virusprevention.html
    http://home.neo.rr.com/manna4u/tools.html
    Change nomail.afraid.org to yahoo.com to reply.
    Registered Linux User #393236
     
    What's in a Name?, Sep 20, 2005
    #2
    1. Advertisements

  3. From: "What's in a Name?" <>


    | Hey David-seems that Bagle.ck is the one that virusguy was talking
    | about the other day(price.zip)
    | http://vil.mcafeesecurity.com/vil/content/v_136039.htm
    | -max

    Why did I miss that ? Oh well, Go figure....

    Thanx Max !
     
    David H. Lipman, Sep 20, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.