Category Archives: McAfee Labs

Alerte aux Faux Sites de Vente en Ligne de Médicaments

Il y a quelques jours de cela, l’ordre national des pharmaciens signalait l’existence de sites illégaux proposant des médicaments, essentiellement des stimulants sexuels ou des pilules de régime, et utilisant des noms de domaine reprenant ceux de diverses pharmacies existant réellement dans l’hexagone. Ces arnaques se sont en effet multipliées depuis le 12 juillet, date Read more…

Android App Contains Windows Worm

      No Comments on Android App Contains Windows Worm

When developers are unaware of security they open the door to threats against their customers and users. We are not just talking about exploitable vulnerabilities in their code, but about something much more obvious than that. Here is the curious case of an Android application on Google Play that contains some traces of malware, but Read more…

Java Back Door Acts as Bot

      No Comments on Java Back Door Acts as Bot

The current threat landscape is often driven by web-based malware and exploit kits that are regularly updated with newly found vulnerabilities. Recently, we received an interesting malware binary–a JAR package that opens a back door for an attacker to execute commands and acts as a bot after infection. This archive does not exploit any Java Read more…

Bitcoin Miners Use AutoIt-Complied Programs With Antianalysis Code

Last year, my colleague Itai Liba blogged about the association between malware and AutoIt, a very convenient environment for malware and tools development. AutoIt allows both easy interface creation for rapid development and full Windows API access for whatever is not directly supported. We have seen an increase in the use of AutoIt scripts by Read more…

Short-URL Services May Hide Threats

In a recent post, AppAppeal ranked the most popular URL shorteners. The top five includes TinyURL, Goo.gl, Bit.ly, Ow.ly and is.gd. Unfortunately, these helpful services are also used to hide a large number of malicious URLs. This result has made me want to learn more about malicious links that may be hidden behind these shortcuts. Read more…

The Dangers of a Royal Baby: Scams Abound

Big news stories are always an opportunity for scammers and spammers, who attempt to redirect users to malicious exploit kits or other unwanted services. Britain’s royal baby is the latest news to offer cover for malware. We have already found a lot of spam messages regarding the birth and baby that lead users to the Read more…

Malware Manipulates Procedure Prologue and Epilogue to Evade Security

Techniques used by malware developers to evade detection by security software have changed drastically in recent years. Encryption, packers, wrappers, and other methods were effective for various lengths of time. But eventually antimalware programs gained detection techniques to combat these steps. Malware authors next started frequently changing code and other data; now malware binaries are Read more…

Operation Troy: OpenIOC Release

      No Comments on Operation Troy: OpenIOC Release

  In conjunction with our investigation into Operation Troy, we will be releasing IOC data in the open and highly flexible OpenIOC Framework format. The McAfee Operation Troy IOC can be downloaded here.       In addition to various open/free tools, OpenIOC data can be consumed by:             McAfee Read more…

New Zero-Day Attack Copies Earlier Flash Exploitation

Late on July 10, Microsoft released a blog post disclosing that they were aware of a zero-day attack in the wild. This attack exploits a previously unpatched Internet Explorer vulnerability (CVE-2013-3163). It’s interesting that the vulnerability was just patched in this month’s Patch Tuesday (July 9), which is perhaps only a coincidence. Although we do Read more…

Dissecting Operation Troy: Cyberespionage in South Korea

Today we announce the McAfee Labs report Dissecting Operation Troy: Cyberespionage in South Korea, the results of a four-month investigation into the events surrounding the cyberattack Dark Seoul, which occurred on March 20. The group behind Dark Seoul was involved in more than what previous reports have covered: DDoS attacks dating from 2009 and the Read more…