The summer months usher in longer days, more sunshine, and sometimes a decline in creativity – often causing a lack of creative energy. For those of us who find ourselves working through the summer months...
McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS's) are listed below.
Endpoint Security, Part 1 of 5: The Risk of Going Unprotected
Making a business case for investments in information security has never been easy. We make these types of investments to protect against...
Get cutting-edge security as it happens. Read our experts’ tips and techniques to help you avoid and defeat the latest malware trends, and view portions of their actual research to stay even more informed.
Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a user clicks on the attachment. […]
The W32/Worm-AAEH family (aliases: Beebone, VObfus, Changeup) of Trojans/downloaders/worms has been notorious for consistently morphing itself and switching control servers since June 2009. In June 2013, the AAEH worm made its biggest cosmetic change since 2009 by packaging an entire encrypted binary (containing all the malicious W32/Worm-AAEH code) inside its signature cryptor, which previously held only […]
Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information. During […]
The Dofoil downloader (found in the wild since 2011) occasionally updates itself with new features and encryption techniques to hide communications with its control servers. The latest iteration uses a variation of XOR and RC4 algorithms similar to previous variants to encrypt the list of control servers within the binary and encrypt all traffic with […]
Last month many Internet users were suddenly forced to trade in Bitcoins. This was not for general purposes–they were paying to get their data back. Their systems had been hijacked by ransomware. Ransomware is a type of malware that infects a machine, locks data files or the entire system, and demands payment to free the […]