Home /
Mohinder Gill
Subscribe to Mohinder Gill BlogsMore from Mohinder Gill
Phishing Attacks Employ Old but Effective Password Stealer
A few months ago we received a sample from a customer that turned out to be a password stealer (PWS). One thing about this malware stood out: the subdirectory used in the access panel URL. It contained the string “***=**U=TEAM” (which we have obfuscated). Our investigations lead us to believe this may ...
Trillium Exploit Kit Update Offers ‘Security Tips’
McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware. Last week, Version 4.0 appeared on several underground forums. We have analyzed the new version of the tool and it contains new functionality. These include: PDF downloader Password generator Security ...
Hacktivists Turn to Phishing to Fund Their Causes
At McAfee we recently observed a phishing campaign targeting Apple account holders. The link directed the user to a compromised WordPress site used to serve the fake Apple ID login page. Users are asked to log in with their Apple IDs, and then are requested to update billing information and credit card ...
Trillium Toolkit Leads to Widespread Malware
Any aspiring cybercriminal can buy one of many malicious toolkits to craft a downloader and distribute malware. After a time these downloaders are leaked to forums and other download sites and become available to the masses. This is often when we see a spike in their use. The toolkit Trillium Security MultiSploit Tool ...
Malicious Forums Turn Amateur Hackers Into Cybercriminals
Security researchers are aware of forums that offer downloads of malicious software such as keyloggers and remote access tools. Some inexperienced hackers may visit these forums and decide to chase the money and create a malicious agenda. The following is a snippet from a popular hacking forum. We recently received a submission ...
File-Hosting Site Turns Your File Into Adware
We recently received a sample from a customer and upon initial analysis it looked like a bundled software installer. Upon execution, the installer launches a website and then attempts to download an executable—an installer for FLV Player. Nothing out of the ordinary, but what grabbed our attention was the website ...
