A few weeks ago McAfee Labs received samples of a Java dropper malware that can decrypt its payload on a specific computer or network. After an investigation, we discovered that the payload is also locked to run only on a specific machine. This threat uses interesting techniques to ensure it can run only on the […]

During the last couple of weeks I’ve come across three malware samples packed using compiled AutoIt scripts, so I decided to explore the connection between AutoIt and the malware world. I took the latest 50 samples marked as AutoIt that were submitted to the free scanning site VirusTotal. Here are the statistics: 11 wrongly classified as malware. […]

Nitol is a distributed denial of service (DDoS) botnet that seems to be small and not widely known. It mostly operates in China. McAfee Labs recently analyzed a few samples; we offer here the communications protocol and the Trojan’s capabilities. Most of the samples we encountered were not packed and were very easy to reverse […]