Featured, McAfee Labs

Product Coverage and Mitigation for ICSA-14-178-01 (Havex/ICS-Focused Malware)

2
By on Jul 01, 2014

McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS’s) are listed below.

The Havex remote access tool is common across these associated attacks or campaigns–including Dragonfly. We have seen Havex in ICS-specific targeted campaigns. It can detect and affect ICS- and SCADA-specific services, such as OPCServer (OLE for Process Control).

McAfee Product Coverage and Mitigation

  • McAfee VirusScan (AV):  Known, associated, malware samples are covered by the current DAT set (7486).   Updated coverage will be included in the July 2 DAT set
  • McAfee Web Gateway (AV): Same as VirusScan coverage.
  • McAfee Application Control: Provides coverage via whitelisting.  Nonconforming executables will not run.
  • McAfee Next Generation Firewall: Partial coverage (for malware artifacts) is available via built-in McAfee AV inspection of  mail, web, and file transfers.

 

Please check back often for updated technical details and product coverage.

 

 

2 Comments

  • Bill Hayes

    What are the VSE signature names for ICSA-14-178-01 related malware? These are not readily apparent in the signatures listed for DAT file set 7486,.

  • Ricardo

    Is there, or is it planned to be released any IPS signature for Mcafee AFW?

    Best regards
    Ricardo Meireles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>