President Trump's Mar a Lago winter White House had a woman invade it. As reported in the media, the Secret Service found a virus on Chinese woman's thumbnail drive Apr2,2019. I wish to know 3 things:
For ease of discussion, what is the name of the type of malware (e.g. "self-activating virus" is my term) for a virus that allows the thumbnail drive to start infecting as soon as it's attached. And then 3A) has McAfee tested such "self-activating viruses" on other thumbnails.
This was problem SR#2638521471 that I reported on Mon, May 13, 2019. And I posted this as a question on StackOverflow
What is really bad about the virus is that as soon as it's plugged in, it immediately starts writing to the laptop.
I think it is reasonable to expect an anti-virus company to handle an "in the wild" virus that is being used over 60 days ago. According to standards, a company should fix reported problems within 90 days.
Solved! Go to Solution.
Hello Peter,
Firstly, to answer to your questions in specific:
Question 1; Whether McAfee read the newspaper article on this virus in the wild?
Yes we were aware of the case
Questions 2 : name of virus, and
There were never any samples shared by the FBI, probably because they are classified. We cannot add detection for the actual USB exploit (if that was what was used) but we can detect the payload copied to the machine, but we need samples to confirm
Question 3: whether McAfee tested it.
No, we never received any sample or infected device to test
This infection seems to be related to a USB firmware infection, which exploits a vulnerability in the USB hardware implementation and allow a malicious device to run malicious code on the device without interference from the operating system.
The only way to test the attack is by getting the actual physical device that was infected, since even a file copy would not get the malicious code from the device firmware.
What we can do however is detect the malicious binaries copied to the system once the exploit happens. In this case, we would need the actual sample to confirm whether or not we have detection, but since no sample was ever shared publicly, we cannot comment on it. If you have information about what was copied to the machine, please submit us the information.
To answer in specific to the question in StackOverflow, there are two methods to run applications automatically from USB.
Regards,
Madhan M
Hello Peter,
I've sent you private message. Please check.
To: Madhan (the Moderator)
Thanks for your private message. I'm not sure why it is private, when public would do.
Basically, you're saying: yes we test for viruses. I know that, and
that's why I bought your package McAfee Antivirus.
However, you did not test the specific virus from Mar-a-Lago, and you don't even have a name for it yet.
Or know its name!
So, basically, I think you should say that publicly, and commit to fixing this virus within 90 days of the event
of it being discovered "in the wild."
Peter
PS: Since the Mar-a-Lago thumbnail self-activated virus was discovered May 13, 2019, you should have a fix for it in 90 days, which is Sun, Aug 11, 2019 (or the next business day: Mon, Aug 12, 2019).
Please publicly commit to a solution by that date of Mon Aug 12, 2019.
Hello Peter,
Firstly, to answer to your questions in specific:
Question 1; Whether McAfee read the newspaper article on this virus in the wild?
Yes we were aware of the case
Questions 2 : name of virus, and
There were never any samples shared by the FBI, probably because they are classified. We cannot add detection for the actual USB exploit (if that was what was used) but we can detect the payload copied to the machine, but we need samples to confirm
Question 3: whether McAfee tested it.
No, we never received any sample or infected device to test
This infection seems to be related to a USB firmware infection, which exploits a vulnerability in the USB hardware implementation and allow a malicious device to run malicious code on the device without interference from the operating system.
The only way to test the attack is by getting the actual physical device that was infected, since even a file copy would not get the malicious code from the device firmware.
What we can do however is detect the malicious binaries copied to the system once the exploit happens. In this case, we would need the actual sample to confirm whether or not we have detection, but since no sample was ever shared publicly, we cannot comment on it. If you have information about what was copied to the machine, please submit us the information.
To answer in specific to the question in StackOverflow, there are two methods to run applications automatically from USB.
Regards,
Madhan M
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: