Author: Umesh Wanve

Umesh Wanve Umesh Wanve is a Principal Research Engineer in McAfee Labs, specialize in several areas of advanced threat research including Botnet and APT attacks.He specializes in botnet/malware analysis, reverse-engineering, IPS and enjoys technical blogging on advanced threats. Prior to joining McAfee he has worked with advanced threat research teams in companies like Zscaler and Symantec. You can follow Umesh on Twitter @Umesh_Wanve.

Lately, McAfee Labs has observed a lot of active samples detected as Trojan Laziok by many security vendors. According to online reports, the Trojan Laziok is dropped via an exploit of the Microsoft Windows Common Controls ActiveX Control Remote Code Execution Vulnerability (CVE-2012-0158), which arrives via a spam email. In contrast, we have identified the […]

Lately, we have seen a number of communications through our automated framework from the Neutrino botnet. While analyzing this botnet, we found that it has a number of anti-debugging, anti-virtual machine, and sandbox-detection techniques that we have seen before. The botnet looks to be at an early stage, based on factors such as no obfuscation/packer […]

Last year we reported on the Athena HTTP botnet, which targets Windows XP systems, mostly for distributed denial-of-service attacks. Now we have examined the botnet Plasma HTTP, whose infections seem to be widespread and target all Windows systems. Attacker use this HTTP-based botnet primarily as a CPU and GPU cryptocurrency miner. Once a machine is […]

A new banking Trojan in the news, known as Neverquest, is active and being used to attack a number of popular banking websites. This Trojan can identify target sites by searching for specific keywords on web pages that victims are browsing. After infecting a system, the malware gives an attacker control of the infected machine […]

Lately, we have seen a lot of active samples of the Athena HTTP botnet. The builder tool for Athena has already been leaked to Internet forums; we got a hold of a few active samples that have caused some pretty serious infections. The statistics found for the following web panel shows that an HTTP botnet […]