D
David H. Lipman
McAfee had detected them under Heuristics as "New Poly Win32" but with v4585 the
new variants are now called; "W32/Bagle.ci", "W32/Bagle.cj" and "W32/Bagle.cl"
{ I couldn't find information on "W32/Bagle.ck" variant but based upon mcAfe's
naming convention, they wouldn't name the W32/Bagle.cl variant without first
having a W32/Bagle.ck variant }
I don't know if Stinger will be updated but no Bagle variants have been added to
Stinger since 5/02/2005 when; W32/Bagle.bo - W32/Bagle.bt were added. That
leaves; W32/Bagle.bt - W32/Bagle.cl needing to be added.
-------
The 4585 dat files have been released due to the mutliple variants of Bagle that
have been spammed out today.
The various 4585 dat file packages can be found at
http://www.mcafeesecurity.com/us/downloads/default.asp.
IS YOUR ENGINE UP-TO-DATE? - Anti-virus is only as good as its last update!
Current Engine Information by platform:
- Microsoft: 4400
- Netware: 4400
- UNIX: 4400
- Macintosh OS X: 4400
Engine Security Tips from AVERT and the McAfee Security Engine Development
Team
- Updating your DAT files regularly is essential and a MUST!
- Updating your scan engine is just as important and a MUST
- An old Engine WON'T catch some of today's threats
- Sometimes architectural changes to the way DAT files and scan
- engine work together make it critical for you to update your scan
engine
- AVERT says it makes sense to have as part of your Security Policy
- Program an Engine Update process to take advantage of the latest
technology and stay protected!
The Problem
Between 250 and 400 new detections are added to the DATs monthly by AVERT.
If you're not up-to-date, you are vulnerable to any one of them that gets a
foothold in the field (a.k.a. 'in the wild'). McAfee AVERT releases
regular DAT files, ensuring that full protection is added to all McAfee
products.
The DAT files contain the information required to detect and remove threats
- what to look for and where to look for it. However, today's threats are
evolving almost on a daily basis. Software providers continue to have
operating systems and applications changes that can change the way a
program acts or works and a virus-scanning program may not understand the
changes.
The Solution
Taking this into account McAfee Security regularly updates its scan engine
used by ALL McAfee Security virus detection and removal products. The
engine understands all the different structures in which a virus could lurk
- EXE files, MS Office files, Linux files, etc. Occasionally these changes
require us to make significant architectural changes to the engine as well
as the DAT files. AVERT strongly recommends users of ALL McAfee Security
virus scanning products update the scan engines in the products they have
deployed as part of a sound Security best practices program.
Here's how to check your engine version. Right-click on the McAfee shield
in the system tray, select 'About' and look at the 'Scan engine' version
number. If you need to update, you should update your scan engine
immediately.
McAfee Security Engine End-Of-Life (EOL) Program
Because of the evolving malicious code threat, users should update their
engines as soon as possible upon the release of McAfee Security's latest
scanning technology. When a new engine is released the existing engine
will begin its countdown to its EOL, and will therefore no longer be
supported by McAfee Security. Information on the McAfee Security Engine
End of Life policy and a full list of supported scan engines and products
can be found at:
http://www.mcafeesecurity.com/us/products/mcafee/end_of_life.htm
Best Regards,
McAfee AVERT - Anti Virus and Vulnerability Research, Analysis, and
Solutions visit us at www.avertlabs.com
new variants are now called; "W32/Bagle.ci", "W32/Bagle.cj" and "W32/Bagle.cl"
{ I couldn't find information on "W32/Bagle.ck" variant but based upon mcAfe's
naming convention, they wouldn't name the W32/Bagle.cl variant without first
having a W32/Bagle.ck variant }
I don't know if Stinger will be updated but no Bagle variants have been added to
Stinger since 5/02/2005 when; W32/Bagle.bo - W32/Bagle.bt were added. That
leaves; W32/Bagle.bt - W32/Bagle.cl needing to be added.
-------
The 4585 dat files have been released due to the mutliple variants of Bagle that
have been spammed out today.
The various 4585 dat file packages can be found at
http://www.mcafeesecurity.com/us/downloads/default.asp.
IS YOUR ENGINE UP-TO-DATE? - Anti-virus is only as good as its last update!
Current Engine Information by platform:
- Microsoft: 4400
- Netware: 4400
- UNIX: 4400
- Macintosh OS X: 4400
Engine Security Tips from AVERT and the McAfee Security Engine Development
Team
- Updating your DAT files regularly is essential and a MUST!
- Updating your scan engine is just as important and a MUST
- An old Engine WON'T catch some of today's threats
- Sometimes architectural changes to the way DAT files and scan
- engine work together make it critical for you to update your scan
engine
- AVERT says it makes sense to have as part of your Security Policy
- Program an Engine Update process to take advantage of the latest
technology and stay protected!
The Problem
Between 250 and 400 new detections are added to the DATs monthly by AVERT.
If you're not up-to-date, you are vulnerable to any one of them that gets a
foothold in the field (a.k.a. 'in the wild'). McAfee AVERT releases
regular DAT files, ensuring that full protection is added to all McAfee
products.
The DAT files contain the information required to detect and remove threats
- what to look for and where to look for it. However, today's threats are
evolving almost on a daily basis. Software providers continue to have
operating systems and applications changes that can change the way a
program acts or works and a virus-scanning program may not understand the
changes.
The Solution
Taking this into account McAfee Security regularly updates its scan engine
used by ALL McAfee Security virus detection and removal products. The
engine understands all the different structures in which a virus could lurk
- EXE files, MS Office files, Linux files, etc. Occasionally these changes
require us to make significant architectural changes to the engine as well
as the DAT files. AVERT strongly recommends users of ALL McAfee Security
virus scanning products update the scan engines in the products they have
deployed as part of a sound Security best practices program.
Here's how to check your engine version. Right-click on the McAfee shield
in the system tray, select 'About' and look at the 'Scan engine' version
number. If you need to update, you should update your scan engine
immediately.
McAfee Security Engine End-Of-Life (EOL) Program
Because of the evolving malicious code threat, users should update their
engines as soon as possible upon the release of McAfee Security's latest
scanning technology. When a new engine is released the existing engine
will begin its countdown to its EOL, and will therefore no longer be
supported by McAfee Security. Information on the McAfee Security Engine
End of Life policy and a full list of supported scan engines and products
can be found at:
http://www.mcafeesecurity.com/us/products/mcafee/end_of_life.htm
Best Regards,
McAfee AVERT - Anti Virus and Vulnerability Research, Analysis, and
Solutions visit us at www.avertlabs.com