The summer months usher in longer days, more sunshine, and sometimes a decline in creativity – often causing a lack of creative energy. For those of us who find ourselves working through the summer months...
McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS's) are listed below.
Endpoint Security, Part 1 of 5: The Risk of Going Unprotected
Making a business case for investments in information security has never been easy. We make these types of investments to protect against...
Get cutting-edge security as it happens. Read our experts’ tips and techniques to help you avoid and defeat the latest malware trends, and view portions of their actual research to stay even more informed.
One of the most common methods for distributing PC malware is the use of email spam messages that pose as tracking notifications from popular delivery companies such as DHL Express, FedEx, or UPS. The reason for this popularity is the malware’s effectiveness. Most of the time the victim receiving the message can’t resist opening the […]
In 2012, my colleagues Deepak Gupta and Xiaoning Li explained in a white paper how some malware can operate at the kernel level to bypass Microsoft’s security for 64-bit Windows systems. Today a small utility program named KPP-Destroyer can be found online. Previous versions of KPP-Destroyer had some bugs on a Windows 8.1 computer, but […]
Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a user clicks on the attachment. […]
The W32/Worm-AAEH family (aliases: Beebone, VObfus, Changeup) of Trojans/downloaders/worms has been notorious for consistently morphing itself and switching control servers since June 2009. In June 2013, the AAEH worm made its biggest cosmetic change since 2009 by packaging an entire encrypted binary (containing all the malicious W32/Worm-AAEH code) inside its signature cryptor, which previously held only […]
Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information. During […]