Brazilian Banking Malware Hides in SQL Database
Spam is a plague that has given headaches to system administrators and users for years. A lot of spam tries to sell “performance enhancement” medicine or lure us to suspicious websites. But one of the main uses of spam, which appears to be making a comeback, is the distribution of ...
Cyber Threat Management: A Perfect Fit for McAfee SIEM
This blog was written by Bart Lenaerts-Bergman. Driven by the misfortune of many, Cyber Threat Intelligence exchange and consumption is becoming more proliferated, accessible and standardized. Together with legacy security technologies like Firewall, IPS and Vulnerability Assessment tools, SIEMs have used threat intelligence initially for the most common use-case of ...
Chinese Trojan Hooks Macs, iPhones
“Distrust and caution are the parents of security”–Benjamin Franklin A recent threat targeting Chinese users of Mac OS X and iPhone came to light yesterday. The malware, called WireLurker, is distributed by the Chinese third-party app store Maiyadi. Since the threat’s discovery, more than 400 applications containing the Trojan were ...
Dropping Files Into Temp Folder Raises Security Concerns
Recently, the McAfee Advanced Exploit Detection System (AEDS) has delivered some interesting RTF files to our table. These RTFs have executables “attached” to the documents. Usually, some words in the documents try to convince users to click and run the attachments. The following figure shows the point at which a ...
Examining Your Very Own Sefnit Trojan
Most malware is created for economic purposes. To name just a few of our reports and blogs on this topic, we have written about Cybercrime Exposed, stolen data, and the Target point-of-sale malware. But sometimes it’s not clear to our customers how much time and skill malware authors invest in ...
Updates and Mitigation to Microsoft Office Zero-Day Threat (CVE-2013-3906)
On November 5, Microsoft posted Security Advisory 2896666. This vulnerability, discovered by Haifei Li of McAfee Labs, affects multiple versions of Microsoft Office, Windows, and Lync. Successful exploitation could result in the ability to execute arbitrary code on a vulnerable host (a remote code execution vulnerability). The issue (an integer overflow) lies ...
Using the McAfee SIEM to Augment Successful Detection of Financial Fraud
Financial fraud has a wide range of impact across a society: Providers of financial services may incur the largest losses, but the users of financial services who become victims may be hit much harder. Fraud victims range across the income scale, and even a small fraud can be catastrophic to ...
New in SIEM – Advanced Correlation Features
Now that 9.2 has been out for some time, it’s time to document some of the very cool things the McAfee SIEM can do. While the documentation is a must read for the how, this post is meant to bring you up to speed of the why of some advanced ...
Quarian Group Targets Victims With Spearphishing Attacks
This blog post was written by Rahul Mohandas. The current generation of targeted attacks are getting more sophisticated and evasive. These attacks employ media-savvy stories in their social engineering themes to lure unsuspecting users. We have seen heightened activity by one of the groups, dubbed Quarian. It is believed to ...
Tool Talk: Cracking the Code on XtremeRAT
Late last week, reports began to surface that the Israeli police (along with other regional law enforcement) were targeted by a malware attack. The entry vector was described as a phishing campaign sent from Benny Gantz (head of the Israeli Defense Forces). Initially, details and indicators around the malware were beyond sparse. ...
