December 30, 2011 - Multifunction printers (MFPs) have been common in offices for years. They let employees print, scan, and copy documents. Two separate talks at the 28th Chaos Communications Congress (28c3) show how attackers can infect these trusted office devices. Hacking MFPs In Andrei Costin’s (continue reading...) Read more
April 20, 2011 - At McAfee Labs every day we monitor millions of intrusion prevention systems (IPS) alerts from our sensors around the world. From these alerts, we often see interesting global data and trends. Recently, ISC noticed a sudden decline of Slammer (continue reading...) Read more
January 28, 2011 - One common technique used by malware researchers is to analyze a sample using virtual machines. In recent years, malware developers have created “checks” against environments and common malware-analysis tools. If the malware detects a security application, the former will not execute (continue reading...) Read more
October 9, 2010 - While the latest CommWarrior variants continues to entice mobile phone users into clicking "Yes" to grant it permission to install, Collin Mulliner published the first remote exploit for Windows Mobile phones using MMS as the attack vector, at the Defcon (continue reading...) Read more
October 9, 2010 - The US-VISIT network consists of mainframe servers and Windows-based workstations installed at nearly 300 strategic locations in the US like airports and seaports. It is used by Department of Homeland Security (DHS) to take fingerprints and digital photos of visitors coming (continue reading...) Read more
October 4, 2010 - Today we’re going to take a look at an interesting file-infector virus. W32/Ramnit infects EXE, DLL and HTML files. That last one is right; W32/Ramnit also infects HTML files to replicate itself. Let’s start with the components of this thread. W32/Ramnit (continue reading...) Read more
October 1, 2010 - The Storm worm marked its presence in early 2007 and became an infamous robot network primarily known for its spamming and phishing activities. Also known as Nuwar/Zhelatin/FakeAV/Peacomm, this bot reappeared early this year, distributed by fake AV software and (continue reading...) Read more
September 30, 2010 - It looks like some of the recent success in taking down Zeus-using cybercriminals is coming to the United States. The FBI has recently announced that it has charged as many as 60 people and has arrested 10 as part (continue reading...) Read more
September 30, 2010 - I was analyzing a piece of malware the other day and came across a unique method to place malware locally on a host without using the network to transfer it. This is something that is so simple in design, and (continue reading...) Read more
September 29, 2010 - During the last six years, botnets have become one of the biggest threats to security professionals, businesses, and consumers. We at McAfee Labs have just released more information about how cybercriminals can use common social networks and common web applications, (continue reading...) Read more
September 24, 2010 - Stuxnet has received a lot of attention since McAfee first blogged about it in July. This post will answer some of the frequently asked questions we’ve received. Q: What is Stuxnet? A: Stuxnet is (continue reading...) Read more
September 20, 2010 - The Zeus botnet has been in the wild since 2007 and it is among the top botnets active today. This bot has an amazing and rarely observed means of stealing personal information–by infecting users’ computers and capturing all the information (continue reading...) Read more
September 17, 2010 - McAfee Labs has been monitoring a spam run that was launched earlier today. The message follows: Subject: A very warm invitation to you Body: Hello, Hope your week has been wonderfull well. I would like to extend a very warm invitation to you to (continue reading...) Read more
September 13, 2010 - Over the weekend I had the chance to put some work into my lowbie dwarf paladin named Boulderbrain. I was at the Stormwind bank minding my own business when I suddenly get this whisper: (continue reading...) Read more
September 9, 2010 - – Latest updates moved to the bottom – McAfee Labs is currently investigating a new threat commonly referred to as the “Here you have” virus due to the email subject line the worm uses during propagation. It looks like multiple (continue reading...) Read more
September 8, 2010 - Just after Adobe released its out-of-band patch for CVE-2010-2862, we discovered a malware exploiting a new zero-day vulnerability in the wild. Similar to the iOS PDF jailbreak vulnerability and CVE-2010-2862, this zero day occurs while Adobe Reader is parsing TrueType (continue reading...) Read more
September 1, 2010 - Two weeks ago, I posted a blog entry talking about the counterfeiting of legal documents. I have received many comments and requests for further data related to this type of fraud from various Eastern Europe countries, France, and even (continue reading...) Read more
August 31, 2010 - Yesterday we discovered a new Zeus campaign. Most of the messages associated with the new spam campaign are linked to the Asprox botnet. This time, the focus is on FedEx. Most of the attachments start with either FedExDoc.exe or FedExInvoice.exe. Those (continue reading...) Read more
August 31, 2010 - The Anti-Malware engine is a critical and core piece of the McAfee anti-malware solutions. As with any core technology, the engine must be rock-solid stable, fast, and functionally rich. A new McAfee Labs whitepaper outlines these engine technologies and values, (continue reading...) Read more
August 24, 2010 - While reading Microsoft’s confirmation of the DLL preloading risks in arbitrary Windows applications vulnerability, somehow it reminded me of the wave of LD_PRELOAD vulnerabilities that were exploited many years back on multiple non-Windows-based systems. It’s not a new (continue reading...) Read more