McAfee Labs

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Advanced Threat Research team.

McAfee Labs

Multiple Java Exploits Hide in a Jar (File)

Exploits of the Java Runtime Environment (JRE) have been extensively used in drive-by-download toolkits such as Blackhole and Red Kit. New vulnerabilities discovered in 2013, such as CVE-2013-1493 and CVE-2013-0422, are popular, and we still see lots of older exploits such as CVE-2012-1723, CVE-2012-4681, and CVE-2012-0507.  These vulnerabilities are already ...

McAfee Labs

VSkimmer Botnet Targets Credit Card Payment Terminals

April 2 This blog has been updated with McAfee’s NSP detection. See end of blog. While monitoring a Russian underground forum recently, we came across a discussion about a Trojan for sale that can steal credit card information from machines running Windows for financial transactions and credit card payments. The ...

McAfee Labs

Travnet Trojan Could Be Part of APT Campaign

This blog post was written by Vikas Taneja. Attackers use all kinds of attack vectors to steal sensitive information from their targets. Their efforts are not limited to only zero-day vulnerabilities. Malware authors often exploit old vulnerabilities because a large number of organizations still use old vulnerable software. The Trojan ...

McAfee Labs

An Overview of Messaging Botnets

In the quarterly McAfee Threats Reports we offer our readers some charts on the prevalence of messaging botnets. For the last quarter of 2012, we announced the continuing decline in global messaging botnet infections as well as in former leaders Festi and Cutwail. In this blog, I will detail the ...

McAfee Labs

Android Malware Goes Bollywood

We already know that mobile malware is growing at a fantastic rate, but we now see a new trend that concerns us: specific regions targeted by mobile threats. Just last week McAfee Labs blogged about a new malware threat targeting phone owners in South Korea. Today we have identified another ...

McAfee Labs

Malware Behaves Oddly in Automated Analysis Environment

While testing malware recently, we got some logs from our automated analysis system showing a few samples that are only partially replicated. We have heuristics that predict the behavior of a sample; but if that prediction fails, then the heuristics identify the state of a sample and decide if it ...

McAfee Labs

Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit

As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader “sandbox-escape” plan. In order to help readers understand what’s going on there, we first need to provide some background. Adobe Reader’s Sandbox Architecture The Adobe Reader ...

McAfee Labs

Analyzing the First ROP-Only, Sandbox-Escaping PDF Exploit

The winter of 2013 seems to be “zero-day” season. Right after my colleague Haifei Li analyzed the powerful Flash zero day last week, Adobe sent a security alert for another zero-day attack targeting the latest (and earlier) versions of Adobe Reader. Unlike Internet Explorer zero-day exploits that we have seen ...

McAfee Labs

Fake Cleaning Apps in Google Play: an AutoRun Attack and More

Almost exactly one year ago, Google announced the addition of a “new layer to Android security,” a service codenamed Bouncer that was intended to provide automated scanning of the Android Market for potentially malicious software. However, as my colleague Jimmy Shah wrote in a previous blog post, Bouncer has not ...

McAfee Labs

Evasion Techniques: Encoded JavaScript Attacks PDF Files

Last week I kicked off a series of blogs with a discussion of how an effective IPS solution can fight obfuscation techniques by malware. This week, we’ll look at how JavaScript poses a danger when combined with PDF files. One of the easiest and most powerful ways to customize PDF ...

Subscribe to McAfee Securing Tomorrow Blogs