Author: Chintan Shah

Chintan Shah Chintan Shah is a security research lead with McAfee Labs, focused on several areas of advanced threat research, including botnets and network security. He specializes in reverse engineering malicious code, exploit analysis, and network traffic and protocol analysis of C&C communications. For his work in the security research field, he received the Wave 3 Technology Innovation award for the McAfee Firewall Enterprise product launch in 2010. Prior to his role at McAfee, Shah was a security researcher at Nevis Networks and researcher at Elitecore Technologies. Outside of work, he enjoys expanding his photography skills, specifically with landscape photography.

During the last couple of months, we’ve observed several RTF exploits that target Indian organizations. The first RTF exploit was found by McAfee researchers on August 21. Subsequently, we saw multiple variants of the same exploit through October. The contents of the decoy documents are politically themed, targeted at several local and overseas Indian establishments. […]

Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information. During […]

A number of recent botnets and advanced threats use HTTP as their primary communications channel with their control servers. McAfee Labs research during the last couple of years reveals that more than 60 percent of the top botnet families depend on HTTP. These numbers have increased significantly over the last few quarters. The following pie […]

Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit. These botnets traditionally have monitored victims’ Internet activities and intercepted banking transactions to extract […]

April 2 This blog has been updated with McAfee’s NSP detection. See end of blog. While monitoring a Russian underground forum recently, we came across a discussion about a Trojan for sale that can steal credit card information from machines running Windows for financial transactions and credit card payments. The malware, vSkimmer, can detect the […]