The summer months usher in longer days, more sunshine, and sometimes a decline in creativity – often causing a lack of creative energy. For those of us who find ourselves working through the summer months...
McAfee product coverage and mitigations for malware or indicators associated with the recent attacks (a.k.a. Dragonfly, Energetic Bear, Havex/SYSMain) on industrial control systems (ICS's) are listed below.
Endpoint Security, Part 1 of 5: The Risk of Going Unprotected
Making a business case for investments in information security has never been easy. We make these types of investments to protect against...
In 2012, my colleagues Deepak Gupta and Xiaoning Li explained in a white paper how some malware can operate at the kernel level to bypass Microsoft’s security for 64-bit Windows systems. Today a small utility program named KPP-Destroyer can be found online. Previous versions of KPP-Destroyer had some bugs on a Windows 8.1 computer, but […]
Hang ten, dude! It’s summertime and surfers are taking to the ocean to go catch some gnarly waves. Experienced surfers know that there are dangers out in the water and are trained to look out for them. These dangers include rip currents, shallow water, and of course, sharks. Just like there are dangers in the […]
The W32/Worm-AAEH family (aliases: Beebone, VObfus, Changeup) of Trojans/downloaders/worms has been notorious for consistently morphing itself and switching control servers since June 2009. In June 2013, the AAEH worm made its biggest cosmetic change since 2009 by packaging an entire encrypted binary (containing all the malicious W32/Worm-AAEH code) inside its signature cryptor, which previously held only […]
Porta-Johns, King’s Commode, Royal Throne, Porta-Potties—there are countless names for the portable restroom, but they all share two traits: they’re useful when needed, but they often leave the user feeling unclean. The same principal, sadly, also applies to publicly available computers. Libraries, universities and hotels are all used by a large number of people in […]
The Dofoil downloader (found in the wild since 2011) occasionally updates itself with new features and encryption techniques to hide communications with its control servers. The latest iteration uses a variation of XOR and RC4 algorithms similar to previous variants to encrypt the list of control servers within the binary and encrypt all traffic with […]