Blogs

Feeds & Podcasts

Meet the Bloggers

Archive

Tags

3G, 2012 London Olympics, Adobe, Advanced Persistent Threat, advanced persistent threats, adware, AET, AMTSO, analysis, Android, Android/FakeToken, Android/FakeUpdates, Android/NickiSpy, Android Bot analysis, Android Dropper, Android Exploit, Android Malware, Android Malware Analysis, Android Market, Android Mobile Malware, Android Rooting Exploit, Android SMS broadcast, Anonymous, Anonymous Group, Antievasion, antivirus, Apple, application security, APT, Arun Sabapathy, attack, attacks, AutoRun malware, AV-TEST.org, Backdoor, banking, banking fraud, Bitcoin, Bluetooth, bot, botnet, botnets, bots, Brazil, bueno, buffer overflow, CanSecWest, Charity Phishing Scams, Chile, chris barton, clickjacking, Compliance, conference, Conficker, Consumer, counter identity theft, credit card fraud and protection, credit card skimming, crimeware, critical infrastructure, cross-site scripting, currency, CVE-2012-0158, Cybercrime, Cyber Security Mom, cyberwar, Darkshell, database security, data breach, Data Protection, Dave DeWalt, DDoS, Deep Defender, DeepSAFE, denial of service, Digital Certificates, distributed denial of service, DoS, DougaLeaker, downloader, downloaders, Duqu, e-gold, eBay, EFF, election, email, Email & Web Security, embedded, encryption, Endpoint Protection, enterprise, Exif, exploit, Exploit for Android, exploits, facebook, fake-av, fake alert, fake anti-virus software, Fake AntiVirus, fake anti virus, fake updates, false, Family Safety, FBI, FIFA, Flash, flashback, free, french, gaming, gaming consoles, global threat intelligence, google, google code, Google Play, government, gratis, GSM, hacker, Hackers, hacking, Hacktivism, Hacktivity, hoax, host intrusion prevention, ICS, identity exposure, identity fraud, identity fraud scams, identity protection, identity theft, Identity thieves and cybercriminals, iframe, in.cgi, industrial control systems, Infrastructure, intellectual property, internet privacy, Internet Safety, in the cloud, IntruShield, iphone, IPS, IRCBOT for android, Japan, java, JavaScript, Kernel 0day vulnerability, king county, labs, LART, law enforcement, Linux, Linux/Exploit:Looter Analysis, Linux and Windows, lizamoon, Lloyds, LOIC, Looter Analysis, luckysploit, LulzSec, mac, mac/OSX, Mac OSX, Mac OS X, Malicious Android Application, Malicious QR Code, malware, Malware Experience, malware forums, Malware research, maps, mass mailing worm, mass sql injection, McAfee, McAfee Identity Protection, McAfee Initiative to Fight Cybercrime, McAfee Labs, McAfee MobileSecurity, McAfee Network Security Platform, McAfee NSP, McCain, Medical identity theft, Microsoft, Microsoft Security Bulletin, MMORPG, Mobile, mobile data protocols, mobile devices and security threats, mobile malware, mobile phone spyware, mobile security, mobile smartphone security, mobile spam, Mother’s day spam, MS12-020, msn spaces, ndr, near field communication, Network Evasions, Network Security, NFC, NickiSpy, Nitol, North Korea, NotCompatible, obama, OLE, olympics, Olympic scams, online banking, online child safety, online credit fraud, online gaming, online gangs, online safety, online security, online shopping, online threats, Open Source, Operation Aurora, Orange, OS/X, outlook, P2P, password stealer, Pastebin, patch, pay-per-install malware, Payload, payment, paypal, PCI, PDF, pedro bueno, peer to peer, Peer to Peer file sharing, personal information over mobile phones, personal information protection, phishing, phishing kits, phishing scams, phishing shareware, pinterest scam, piracy, pornography, Postcode Lottery, PostScript, Potentially unwanted program, predictions, Premium SMS Trojan, Printers, privacy, Public Sector, puget sound, pup, PWN2OWN, pws, Ramnit, RAT, rdp, Records phone conversations, regulations, research, RFID, risk, Risk and Compliance, Rogue Certificates, Rooting Exploit, rootkit, RootkitRemover, Rootkits, RTF, safe surfing, SCADA, scam, scams, scareware, SchmooCon, Search engine optimization, Search engine poisoning, security, Security-as-a-Service, Security 101, seo abuse, Shady RAT, SlowLoris, smartphones, sms, social engineering, social media, social network, social networking, social networks, South Korea, spam, spear, SpyEye, Spyware, sql attacks, SQL Injection, Stealth, Steve Jobs, Stinger, Stuxnet, subscription, Symbian, targeted attacks, Testing, text message, threat, tools, Total Protrection 2012, TPM, traffic manager, trojan, trojan banker, trojans, twitter, urchin.js, USB drives, vbs, vinoo thomas, virus, Viruses, VirusScan Enterprise with ePO 8.8, vista, vulnerability, waledac, water facility, water pumps hacked, water treatment facilities hacked, web, Web 2.0, web security, web threats, white hat hackers, windows, Windows Mobile, World Cup, world of warcraft, worm, Worms, xirtem, xss, Zbot, Zero-Day, ZeroAccess, zeus, zombie, zombie computers, zombies
McAfee Labs :

McAfee Labs

Get cutting-edge security as it happens. McAfee Labs Blog delivers the latest research, analysis and insights into the evolving threat landscape, powered by comprehensive, real-time Global Threat Intelligence and a dedicated team of multidisciplinary researchers. Read our experts’ tips and techniques to help you avoid and defeat the latest malware trends, and view portions of the actual research to stay even more informed.

Posts in McAfee Labs

Latest SpyEye Botnet Active and Cheaper

Friday, April 20, 2012 at 10:39am by Umesh Wanve
Umesh Wanve

On April 16, we found a Pastebin entry selling the latest version of the infamous SpyEye botnet (Version 1.3.48) for a much lower price than we’ve seen elsewhere. (This botnet is mainly used to steal banking information.) The quote was just US$150 including three months hosting, after that it’s $15 per month. This version was Read more…

Tags: , ,

Digging Into the Nitol DDoS Botnet

Thursday, April 19, 2012 at 1:30pm by Itai Liba
Itai Liba

Nitol is a distributed denial of service (DDoS) botnet that seems to be small and not widely known. It mostly operates in China. McAfee Labs recently analyzed a few samples; we offer here the communications protocol and the Trojan’s capabilities. Most of the samples we encountered were not packed and were very easy to reverse Read more…

Tags: , ,

Hacker Leaves Online Trail, Loses Anonymity

Tuesday, April 17, 2012 at 10:12am by Francois Paget
Francois Paget

Since March 20, the @Anonw0rmer Twitter account has been silent. Its owner, w0rmer, is known as a member of the CabinCr3w group, a hacker team linked to Anonymous. In early February, as part of the Operations PiggyBank and PigRoast, the CabinCr3w members were suspected of hacking various police department- or law enforcement-related websites including: West Read more…

Tags: , , ,

Darkmegi: This Is Not the Rootkit You’re Looking For

Monday, April 16, 2012 at 5:38pm by Craig Schmugar
Craig Schmugar

Darkmegi was in the news a couple of months back; it was the first known threat to be delivered through the Microsoft vulnerability CVE-2012-0003 (MIDI Remote Code Execution Vulnerability) exploitation. More recently Darkmegi has been seen in CVE-2011-3544 (Java Runtime Remote Code Execution) drive-by attacks as part of the Gong Da Pack exploit kit. Darkmegi uses Read more…

Tags: , , ,

Android Malware Promises Video While Stealing Contacts

Friday, April 13, 2012 at 1:55pm by Carlos Castillo
Carlos Castillo

Recently we discovered a new Android Trojan in the official Google Play market that displays a video downloaded from the Internet–but only if some sensitive information is previously sent to a remote server. The malicious applications are designed for Japanese users and display “trailers” of upcoming video games for Android. Here’s one example: Or anime/adult Read more…

Tags: , , , ,

Variant of Mac Flashback Malware Making the Rounds

Wednesday, April 11, 2012 at 3:22pm by David Marcus
David Marcus

Unless you have been living under a nondigital rock recently, you have probably heard of the Flashback Trojan, which attacks Macs. Around April 4 we saw reports of more than 500,000 infections by this malware. Further, McAfee Labs has recently come across a new variant making the rounds. This is no surprise: Whenever a piece Read more…

Tags: , , , ,

Darkshell DDOS Botnet Evolves With Variants

Thursday, April 5, 2012 at 10:00am by Umesh Wanve
Umesh Wanve

Darkshell is a distributed denial of service (DDoS) botnet targeting Chinese websites. It was found in 2011 and was first analyzed by Arbor Networks. McAfee Labs recently analyzed a few new samples that turned out to be variants of Darkshell, and we found extensive variations in network traffic and control commands. The Darkshell bot follows Read more…

Tags: , , ,

Mobile ‘Wallets’ Attract Greater Interest From Thieves, Researchers

Monday, April 2, 2012 at 9:00am by Jimmy Shah
Jimmy Shah

As mobile phones allow us to carry our money in an electronic “wallet,” they will also become a greater target for crooks. Picking a pocket is a risky endeavor for a thieves, but it will be much less so if all they need to do is bump into their victims or brush by them with Read more…

Tags: , , ,

New Endpoint Test Results from AV-TEST.org

Tuesday, March 27, 2012 at 12:26pm by Doug McLean
Doug McLean

This is one of these days that make me really proud to be a member of the McAfee family. I just received the very latest third-party test results from AV-TEST.org. AV-TEST has built a reputation for doing very thorough, “real world” tests of endpoint security products. They’ve been testing consumer endpoint products for a long Read more…

Tags: , ,

Signed Malware: You Can Run, But You Can’t Hide

Friday, March 23, 2012 at 5:44pm by Craig Schmugar
Craig Schmugar

It’s been more than a year since McAfee became an Intel company, and the team and I have been privileged to be a part of designing and developing our DeepSAFE technology, as well as Deep Defender, the first available product that leverages this advancement. Recent threats in the news validate what we’ve been working on, Read more…

Tags: ,