Posts Tagged 'endpoint protection'

In 2012, my colleagues Deepak Gupta and Xiaoning Li explained in a white paper how some malware can operate at the kernel level to bypass Microsoft’s security for 64-bit Windows systems. Today a small utility program named KPP-Destroyer can be found online. Previous versions of KPP-Destroyer had some bugs on a Windows 8.1 computer, but […]

Spear phishing email is a major worry to any organization. Messages that appear legitimate and specific fool us more often than random phishing attempts. Exploits that use patched vulnerabilities delivered via spear phishing email are one of the most successful combinations used by attackers to infiltrate targeted organizations and gain access to confidential information. During […]

The Dofoil downloader (found in the wild since 2011) occasionally updates itself with new features and encryption techniques to hide communications with its control servers. The latest iteration uses a variation of XOR and RC4 algorithms similar to previous variants to encrypt the list of control servers within the binary and encrypt all traffic with […]

McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS’s) are listed below. The Havex remote access tool is common across these associated attacks or campaigns–including Dragonfly. We have seen Havex in ICS-specific targeted campaigns. It can detect and affect ICS- […]

Every organization has deployed anti-virus/anti-malware solutions, but how much you have actually reduced your risk? To recap what we’ve covered in this 5-part blog series, Aberdeen’s analysis and Monte Carlo modeling: Confirms the high risk of unprotected endpoints Demonstrates that endpoint protection really does reduce risk Confirms that “free” endpoint protection (e.g., Microsoft) is better […]