McAfee Labs

Get cutting-edge security as it happens. McAfee Labs Blog delivers the latest research, analysis and insights into the evolving threat landscape, powered by comprehensive, real-time Global Threat Intelligence and a dedicated team of multidisciplinary researchers. Read our experts’ tips and techniques to help you avoid and defeat the latest malware trends, and view portions of the actual research to stay even more informed.

Networked Printers at Risk

Multifunction printers (MFPs) have been common in offices for years. They let employees print, scan, and copy documents. Two separate talks at the 28th Chaos Communications Congress (28c3) show how attackers can infect these trusted office devices. Hacking MFPs In Andrei Costin’s presentation “Hacking MFPs,” he covered the history of printer and copier hacks from the Read more…

Tags: Malware research, PostScript, Printers, white hat hackers

Fighting Mobile Phone Impersonation and Surveillance

Yesterday at the 28th Chaos Communications Congress (28C3), in Berlin, security researchers along with Karsten Nohl and Luca Melette showcased a number of flaws and solutions in GSM mobile phone networks. Day 1 Defeating GSM encryption is not new. Nohl and Melette detailed how attackers can use known network control messages to help decrypt SMS Read more…

Tags: Hackers, mobile security, sms

Zeus Spam Changes Tactics

McAfee Labs Messaging Security recently observed a new malicious spam campaign pushing password-stealing Trojans associated with the Zeus/Zbot family. This campaign leverages several notable social engineering techniques. For admins and netizens familiar with contemporary email-borne threats, a message purporting an undeliverable DHL, FedEx, or USPS package triggers an immediate red flag. Though still prevalent, those Read more…

Tags: king county, password stealer, puget sound, social engineering, spam, Zbot, zeus

Inside Adobe Reader Zero-Day Exploit CVE 2011-2462

Recently a critical vulnerability has been identified in Adobe Reader X and Adobe Acrobat X Versions 10.1.1 and earlier for Windows and Mac OS, Reader 9.4.6 and Reader 9.x Versions for Unix. This zero-day vulnerability (CVE-2011-2462) could allow an attacker to execute arbitrary code and silently take the control of a victim’s machine. This flaw is currently Read more…

Tags: Adobe, Data Protection, PDF, Zero-Day

‘Hacktivity 2011′ Keynote Examines 25 Years of Malware

In September, I had the pleasure of giving the keynote speech at “Hacktivity 2011″ in Budapest, Hungary. I was very excited to see the large audience, about 1,000 visitors, among them very serious and well-known security professionals, instructors, and security enthusiasts. It was also exciting for me because I made the presentation in my native Read more…

Tags: conference, fake anti-virus software, hacking, Hacktivity, ICS, industrial control systems, malware, Rootkits, Stuxnet

ZeroAccess Rootkit Launched by Signed Installers

Digital certificates and certificate authorities have been much in the news recently. Attacks–such as those used by Stuxnet, Duqu, and other malware–involving stolen certificates show an increasingly worrisome new security trend. Certificate authorities have been targeted several times in the recent past with some success. There is a large chunk of known malware signed by Read more…

Tags: Adobe, Digital Certificates, Duqu, Rogue Certificates, rootkit, RootkitRemover, Stuxnet, ZeroAccess

Is This SCADA Hacking Friday?

Today’s infosec news focuses on several possible incidents of penetrations at water utility companies. Elinor Mills at C|Net posted a story on a potential compromise last week at a Springfield, Ill., water company that may have resulted in physical damage. Meanwhile Gareth Halfacree at thinq has a writeup on a potential South Houston water supply Read more…

Tags: hacker, hacking, ICS, SCADA, water facility, water pumps hacked, water treatment facilities hacked

Security 101: Attack Vectors, Part 1

In the first part of this series, we discussed the entry points that an intruder could use to attack our “building,” our metaphor for network security. In the next few posts, we shall focus on the next level: attack vectors. If vulnerabilities are the entry points, then attack vectors are the ways attackers can launch Read more…

Tags: buffer overflow, cross-site scripting, SQL Injection, xss

Combating Distributed Denial of Service Attacks in Brazil, Latin America, and Everywhere Else

One of the most disruptive attacks to deal with in today’s threat landscape is the distributed denial of service attack, often called DDoS. Using the resources of many other computers, an attacker can focus a vast amount of packets and power at a single resource and effectively knock it offline for as long a time Read more…

Tags: Brazil, DDoS, distributed denial of service, DoS, LOIC, SlowLoris

French Magazine Suffers Web Hack, Firebombing

To celebrate the recent victory of the Tunisian Islamist party, the French satirical magazine “Charlie Hebdo” published a special issue in which it named the prophet Muhammad (also spelled Mohammad) as its editor-in-chief. Late night, the magazine’s offices in Paris were destroyed by a Molotov cocktail attack. The entire French political establishment has condemned this Read more…

Tags: hacking, Hacktivism