McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS's) are listed below.
Get cutting-edge security as it happens. Read our experts’ tips and techniques to help you avoid and defeat the latest malware trends, and view portions of their actual research to stay even more informed.
The W32/Worm-AAEH family (aliases: Beebone, VObfus, Changeup) of Trojans/downloaders/worms has been notorious for consistently morphing itself and switching control servers since June 2009. In June 2013, the AAEH worm made its biggest cosmetic change since 2009 by packaging an entire encrypted binary (containing all the malicious W32/Worm-AAEH code) inside its signature cryptor, which previously held only […]
Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information. During […]
The Dofoil downloader (found in the wild since 2011) occasionally updates itself with new features and encryption techniques to hide communications with its control servers. The latest iteration uses a variation of XOR and RC4 algorithms similar to previous variants to encrypt the list of control servers within the binary and encrypt all traffic with […]
Last month many Internet users were suddenly forced to trade in Bitcoins. This was not for general purposes–they were paying to get their data back. Their systems had been hijacked by ransomware. Ransomware is a type of malware that infects a machine, locks data files or the entire system, and demands payment to free the […]
Recent headlines (here and here) may have struck fear into those living near major energy installations due to references about the Stuxnet malware. In 2009, this particular strain of malware caused significant damage to the Nantanz nuclear facility, reportedly destroying a fifth of Iran’s nuclear centrifuges. Recent reports about Operation Dragonfly, however, appear to be […]