Blogs

Feeds & Podcasts

Meet the Bloggers

Archive

Tags

3G, 2012 London Olympics, Adobe, Advanced Persistent Threat, advanced persistent threats, adware, AET, AMTSO, analysis, Android, Android/FakeToken, Android/FakeUpdates, Android/NickiSpy, Android Bot analysis, Android Dropper, Android Exploit, Android Malware, Android Malware Analysis, Android Market, Android Mobile Malware, Android Rooting Exploit, Android SMS broadcast, Anonymous, Anonymous Group, Antievasion, Apple, application security, APT, Arun Sabapathy, attack, attacks, AutoRun malware, AV-TEST.org, Backdoor, banking, banking fraud, Bitcoin, Bluetooth, bot, botnet, botnets, bots, Brazil, bueno, buffer overflow, CanSecWest, Charity Phishing Scams, Chile, chris barton, clickjacking, Compliance, conference, Conficker, counter identity theft, credit card fraud and protection, credit card skimming, crimeware, critical infrastructure, cross-site scripting, currency, CVE-2012-0158, Cybercrime, Cyber Security Mom, cyberwar, Darkshell, database security, data breach, Data Protection, Dave DeWalt, DDoS, Deep Defender, DeepSAFE, denial of service, Digital Certificates, distributed denial of service, DoS, DougaLeaker, downloader, downloaders, Duqu, e-gold, eBay, EFF, election, email, Email & Web Security, embedded, encryption, Endpoint Protection, enterprise, Exif, exploit, Exploit for Android, exploits, facebook, fake-av, fake alert, fake anti-virus software, Fake AntiVirus, fake anti virus, fake updates, false, Family Safety, FBI, FIFA, Flash, flashback, free, french, gaming, gaming consoles, global threat intelligence, google, google code, Google Play, government, gratis, GSM, hacker, Hackers, hacking, Hacktivism, Hacktivity, hoax, host intrusion prevention, ICS, identity exposure, identity fraud, identity protection, identity theft, Identity thieves and cybercriminals, iframe, in.cgi, industrial control systems, Infrastructure, intellectual property, internet privacy, Internet Safety, in the cloud, IntruShield, iphone, IPS, IRCBOT for android, Japan, java, JavaScript, Kernel 0day vulnerability, king county, labs, LART, law enforcement, Linux, Linux/Exploit:Looter Analysis, Linux and Windows, lizamoon, Lloyds, LOIC, Looter Analysis, luckysploit, LulzSec, mac, mac/OSX, Mac OS X, Mac OSX, Malicious Android Application, Malicious QR Code, malware, Malware Experience, malware forums, Malware research, maps, mass mailing worm, mass sql injection, McAfee, McAfee Identity Protection, McAfee Initiative to Fight Cybercrime, McAfee Labs, McAfee MobileSecurity, McAfee Network Security Platform, McAfee NSP, McCain, Medical identity theft, Microsoft, Microsoft Security Bulletin, MMORPG, Mobile, mobile data protocols, mobile devices and security threats, mobile malware, mobile phone spyware, mobile security, mobile smartphone security, mobile spam, Mother’s day spam, MS12-020, msn spaces, ndr, near field communication, Network Evasions, Network Security, NFC, NickiSpy, Nitol, North Korea, NotCompatible, obama, OLE, olympics, Olympic scams, online banking, online child safety, online credit fraud, online gaming, online gangs, online safety, online security, online shopping, online threats, Open Source, Operation Aurora, Orange, OS/X, outlook, P2P, password stealer, Pastebin, patch, pay-per-install malware, Payload, payment, paypal, PCI, PDF, pedro bueno, peer to peer, Peer to Peer file sharing, personal information over mobile phones, personal information protection, phishing, phishing kits, phishing scams, phishing shareware, piracy, pornography, Postcode Lottery, PostScript, Potentially unwanted program, Premium SMS Trojan, Printers, privacy, Public Sector, puget sound, pup, PWN2OWN, pws, Ramnit, RAT, rdp, Records phone conversations, regulations, research, RFID, risk, Risk and Compliance, Rogue Certificates, Rooting Exploit, rootkit, RootkitRemover, Rootkits, RTF, safe surfing, SCADA, scam, scams, scareware, SchmooCon, Search engine optimization, Search engine poisoning, security, Security-as-a-Service, Security 101, seo abuse, Shady RAT, SlowLoris, smartphones, sms, social engineering, social media, social network, social networking, social networks, South Korea, spam, spear, SpyEye, Spyware, sql attacks, SQL Injection, Stealth, Steve Jobs, Stinger, Stuxnet, subscription, Symbian, targeted attacks, Testing, text message, threat, tools, Total Protrection 2012, TPM, traffic manager, trojan, trojan banker, trojans, twitter, urchin.js, USB drives, vbs, vinoo thomas, virus, Viruses, VirusScan Enterprise with ePO 8.8, vista, vulnerability, waledac, water facility, water pumps hacked, water treatment facilities hacked, web, Web 2.0, web security, web threats, white hat hackers, windows, Windows Mobile, World Cup, world of warcraft, worm, Worms, xirtem, xss, Zbot, Zero-Day, ZeroAccess, zeus, zombie, zombie computers, zombies
McAfee Labs :

McAfee Labs

Get cutting-edge security as it happens. McAfee Labs Blog delivers the latest research, analysis and insights into the evolving threat landscape, powered by comprehensive, real-time Global Threat Intelligence and a dedicated team of multidisciplinary researchers. Read our experts’ tips and techniques to help you avoid and defeat the latest malware trends, and view portions of the actual research to stay even more informed.

Posts in McAfee Labs

Mother’s Day a Lure for Fake Gift Offers

Thursday, May 10, 2012 at 11:12pm by Paras Gupta
Paras Gupta

Mother’s Day is normally celebrated by people to express their love for their mothers. We sometimes buy them special gifts such as watches, antiques, greeting cards, or flowers. Spammers also celebrate Mother’s Day, but with a different goal in mind. As always, spammers like to take advantage of special occasions and festivals. Currently we see Read more…

Tags: ,

Unwanted Apps in Google Play Pose as Fake AV

Thursday, May 10, 2012 at 11:47am by Carlos Castillo
Carlos Castillo

In recent years one of the most prevalent malware threats for PCs (and lately Mac users) is fake-antivirus software, which pretends to be a legitimate security program. Its real purpose is to charge victims a fee to remove a nonexistent threat. The same threat has now been ported to mobile devices. In some cases we Read more…

Tags: , , , , ,

Evolution of Android Malware: IRCBot Joins the Party

Wednesday, May 9, 2012 at 4:50am by Arun Sabapathy
Arun Sabapathy

We all know how fast the smart phone market is growing. Along with it, the complexity and the numbers of mobile malware are also on the rise. While I was going through our mobile malware collection, I found an interesting piece of malware for Android. This malware acts as an IRC Bot, just as we Read more…

Tags: , , , , , , , , , , , ,

‘Android/NotCompatible’ Looks Like Piece of PC Botnet

Tuesday, May 8, 2012 at 3:27pm by Fernando Ruiz
Fernando Ruiz

A lot of recent attacks on Android users are attributed to fake websites of popular applications such as Cut the Rope, Instagram, Angry Birds, or Grand Theft Auto III. However, the very recently discovered malware NotCompatible uses a distribution method not previously seen in the mobile world. The malware hacks into vulnerable websites to inject Read more…

Tags: , , ,

Pastebin Shares Botnet Source Code

Monday, May 7, 2012 at 11:33am by Umesh Wanve
Umesh Wanve

Few days back, we found another Pastebin entry that contains a source which looks to be malicious botnet code. As I wrote in my earlier blog, malware authors also use Pastebin to trade botnet kits. Many times, snippets of a botnet help researchers understand the workings of the botnet and write detections for it. The Read more…

Tags: ,

Targeting ZeroAccess Rootkit’s Achilles’ Heel

Monday, April 30, 2012 at 4:17pm by Aditya Kapoor
Aditya Kapoor

Proliferation ZeroAccess is one of the most talked and blogged,[1][2] about rootkits in recent times. It is also one of the most complex and highly prevalent rootkits we have encountered, and it is continuing to evolve. The ZeroAccess rootkit is distributed via both social engineering as well as by exploitation. A recent blog post by our colleagues at McAfee describes some Read more…

Tags: , ,

CVE-2012-0158 Exploit in the Wild

Monday, April 23, 2012 at 11:56am by Shinsuke Honjo
Shinsuke Honjo

Since last week, we have seen many specially crafted files exploiting CVE-2012-0158, a vulnerability in MSCOMCTL.OCX in Microsoft Office and some other Microsoft products. This exploit can be implemented in a variety of file formats, including RTF, Word, and Excel files. We have already found crafted RTF and Word files in the wild. In the Read more…

Tags: , , ,

Latest SpyEye Botnet Active and Cheaper

Friday, April 20, 2012 at 10:39am by Umesh Wanve
Umesh Wanve

On April 16, we found a Pastebin entry selling the latest version of the infamous SpyEye botnet (Version 1.3.48) for a much lower price than we’ve seen elsewhere. (This botnet is mainly used to steal banking information.) The quote was just US$150 including three months hosting, after that it’s $15 per month. This version was Read more…

Tags: , ,

Digging Into the Nitol DDoS Botnet

Thursday, April 19, 2012 at 1:30pm by Itai Liba
Itai Liba

Nitol is a distributed denial of service (DDoS) botnet that seems to be small and not widely known. It mostly operates in China. McAfee Labs recently analyzed a few samples; we offer here the communications protocol and the Trojan’s capabilities. Most of the samples we encountered were not packed and were very easy to reverse Read more…

Tags: , ,

Hacker Leaves Online Trail, Loses Anonymity

Tuesday, April 17, 2012 at 10:12am by Francois Paget
Francois Paget

Since March 20, the @Anonw0rmer Twitter account has been silent. Its owner, w0rmer, is known as a member of the CabinCr3w group, a hacker team linked to Anonymous. In early February, as part of the Operations PiggyBank and PigRoast, the CabinCr3w members were suspected of hacking various police department- or law enforcement-related websites including: West Read more…

Tags: , , ,