Author: Chintan Shah

Chintan Shah Chintan Shah is a security research lead with McAfee Labs, focused on several areas of advanced threat research, including botnets and network security. He specializes in reverse engineering malicious code, exploit analysis, and network traffic and protocol analysis of C&C communications. For his work in the security research field, he received the Wave 3 Technology Innovation award for the McAfee Firewall Enterprise product launch in 2010. Prior to his role at McAfee, Shah was a security researcher at Nevis Networks and researcher at Elitecore Technologies. Outside of work, he enjoys expanding his photography skills, specifically with landscape photography.

Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information. During […]

A number of recent botnets and advanced threats use HTTP as their primary communications channel with their control servers. McAfee Labs research during the last couple of years reveals that more than 60 percent of the top botnet families depend on HTTP. These numbers have increased significantly over the last few quarters. The following pie […]

Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit. These botnets traditionally have monitored victims’ Internet activities and intercepted banking transactions to extract […]

April 2 This blog has been updated with McAfee’s NSP detection. See end of blog. While monitoring a Russian underground forum recently, we came across a discussion about a Trojan for sale that can steal credit card information from machines running Windows for financial transactions and credit card payments. The malware, vSkimmer, can detect the […]

Iranian infrastructure has been on the radar of cyberattackers for a couple of years. We have already witnessed organized and sophisticated attacks such as Stuxnet, Duqu, and similar assaults. Now we have seen yet another attack against Iran, this one primarily targeting the Microsoft SQL Server databases of some Iranian financial software. This attack has […]