Author: Vikas Taneja

Vikas Taneja Vikas Taneja is a Senior Research Engineer in McAfee Labs, focused on several areas of advanced threat research including botnets and network traffic for McAfee Network Security Platform. He has filed various patents in malware detection technologies. Prior to joining McAfee he has worked in various Antivirus companies and as forensic analyst in Big4 KPMG India. He is GREM (GIAC Reverse Engineering Malware) certified professional and has enjoyed reverse engineering and malware forensic for the last ten years.

The Ramnit worm appeared in 2010. Within a year more than eight million PCs were infected worldwide. Initially the malware was just file infector spread by removable drives. Later it became better know for stealing user data via browser injection, targeting banking or game users. While reviewing the malware recently, we found new samples with […]

Hesperus, or Hesperbot, is a newly discovered banker malware that steals user information, mainly online banking credentials. In function it is similar to other “bankers” in the wild, especially Zbot. Hesperus means evening star in Greek. It is very active in Turkey and the Czech Republic and is slowly spreading across the globe. This sophisticated […]

Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are not limited to only zero-day vulnerabilities. Malware authors often exploit old vulnerabilities because a large number of organizations still use old vulnerable software. The Trojan Travnet, which steals information, is a classic example of malware that takes advantage […]

While working on the release of the latest version of the McAfee Network Security Platform, which offers advanced malware and botnet protection, we tested a sample of the malware Red October. With the help of our in-house advanced botnet analysis framework, we analyzed the network traffic generated by this sample and tracked its communications with the […]

As we see new threats arrive daily employing unique and complex capabilities, it is surprising to find a Swedish bot using a control server that was active in 2009. Generally malware authors keep changing their control servers–especially after reports about them surface–but not in this case. This network belongs to, which hosts at IP […]