McAfee Labs

Read McAfee Labs blogs for the latest threat research, threat intelligence, and thought leadership from the Advanced Threat Research team.

McAfee Labs

Jumping Into the Flames of Skywiper

There has been quite a bit of analysis and speculation about the Flamer/Skywiper threat. As we started to analyze this threat, we knew from the very beginning that this was going to be a giant undertaking and potentially very long term. Now we want to pause to help the people ...

McAfee Labs

Evolution of Android Malware: IRCBot Joins the Party

We all know how fast the smart phone market is growing. Along with it, the complexity and the numbers of mobile malware are also on the rise. While I was going through our mobile malware collection, I found an interesting piece of malware for Android. This malware acts as an ...

McAfee Labs

‘Android/NotCompatible’ Looks Like Piece of PC Botnet

A lot of recent attacks on Android users are attributed to fake websites of popular applications such as Cut the Rope, Instagram, Angry Birds, or Grand Theft Auto III. However, the very recently discovered malware NotCompatible uses a distribution method not previously seen in the mobile world. The malware hacks ...

McAfee Labs

Pastebin Shares Botnet Source Code

Few days back, we found another Pastebin entry that contains a source which looks to be malicious botnet code. As I wrote in my earlier blog, malware authors also use Pastebin to trade botnet kits. Many times, snippets of a botnet help researchers understand the workings of the botnet and ...

McAfee Labs

CVE-2012-0158 Exploit in the Wild

Since last week, we have seen many specially crafted files exploiting CVE-2012-0158, a vulnerability in MSCOMCTL.OCX in Microsoft Office and some other Microsoft products. This exploit can be implemented in a variety of file formats, including RTF, Word, and Excel files. We have already found crafted RTF and Word files ...

McAfee Labs

Latest SpyEye Botnet Active and Cheaper

On April 16, we found a Pastebin entry selling the latest version of the infamous SpyEye botnet (Version 1.3.48) for a much lower price than we’ve seen elsewhere. (This botnet is mainly used to steal banking information.) The quote was just US$150 including three months hosting, after that it’s $15 ...

McAfee Labs

Digging Into the Nitol DDoS Botnet

Nitol is a distributed denial of service (DDoS) botnet that seems to be small and not widely known. It mostly operates in China. McAfee Labs recently analyzed a few samples; we offer here the communications protocol and the Trojan’s capabilities. Most of the samples we encountered were not packed and ...

McAfee Labs

Hacker Leaves Online Trail, Loses Anonymity

Since March 20, the @Anonw0rmer Twitter account has been silent. Its owner, w0rmer, is known as a member of the CabinCr3w group, a hacker team linked to Anonymous. In early February, as part of the Operations PiggyBank and PigRoast, the CabinCr3w members were suspected of hacking various police department- or ...

McAfee Labs

Android Malware Promises Video While Stealing Contacts

Recently we discovered a new Android Trojan in the official Google Play market that displays a video downloaded from the Internet–but only if some sensitive information is previously sent to a remote server. The malicious applications are designed for Japanese users and display “trailers” of upcoming video games for Android. ...

McAfee Labs

Darkshell DDOS Botnet Evolves With Variants

Darkshell is a distributed denial of service (DDoS) botnet targeting Chinese websites. It was found in 2011 and was first analyzed by Arbor Networks. McAfee Labs recently analyzed a few new samples that turned out to be variants of Darkshell, and we found extensive variations in network traffic and control ...

Subscribe to McAfee Securing Tomorrow Blogs