Category Archives: McAfee Labs

Phishing Attack Replaces Android Banking Apps With Malware

Mobile devices are also increasingly being used to manage a critical and important asset for all of us: our money. According to the Federal Reserve Board report “Consumers and Mobile Financial Services 2013,” in the United States “48 percent of smartphone owners have used mobile banking in the past 12 months, up from 42 percent Read more…

Delving Deeply Into a Bitcoin Botnet

Bitcoin is a virtual decentralized currency that was created in 2009 by developer Satoshi Nakamoto, who described the currency in a paper. Recently Bitcoin has gotten lots of attention. In early 2013, the prices reached a high of US$265 per Bitcoin. The following chart shows the currency’s historical price:   Because Bitcoin is a virtual Read more…

House Keys Under the Doormat? Nope, in Your Phone

One of my friends recently locked himself out of his apartment. I found this out when I called him, because while he didn’t have his keys he did have his smartphone. This was one of those times he wished he lived in one of those hotels with the Assa Abloy NFC enabled locks.

It turns out he doesn’t need to go to a hotel to open his door with a phone. Kwikset will soon be selling Kevo, a new deadbolt that can be unlocked with a bluetooth enabled phone. You can switch out your old door locks with one of these newer models

Bank Account Logins for Sale, Courtesy of Citadel Botnet

Financial theft is one of the most lucrative forms of cybercrime. Malware authors continue to deliver sophisticated tools and techniques to unlock online bank accounts. Attackers design and develop botnets to perform financial fraud, targeting banks and other institutions for profit. These botnets traditionally have monitored victims’ Internet activities and intercepted banking transactions to extract Read more…

Travnet Botnet Controls Victims With Remote Admin Tool

The malicious binary behind the Travnet botnet has been updated. The new code has a new compression algorithm, steals the list of running processes, adds new file extensions to its list of files to steal, and has improved its control commands. Also, after the malware has uploaded the stolen files on its remote server, the Read more…

NCCDC 2013 – Red Team Recap

          This past April (4/19 to 4/21) I had the great pleasure and experience of joining the Red Team at 9th NCCDC competition.   It was actually my 2nd year on the Red Team and 4th year to attend in total (I judged in 2010 and 2011).  McAfee is actually a perpetual Read more…

Emerging ‘Stack Pivoting’ Exploits Bypass Common Security

[This blog was primarily written by Xiaoning Li of Intel Labs, with assistance from Peter Szor of McAfee Labs.] In February 2013, the Adobe Product Security Incident Response Team (PSIRT) released security advisory APSA13-02. In that report they listed two vulnerabilities (CVE-2013-0640 and CVE-2013-0641) that were widely exploited. At Intel Labs and McAfee Labs we Read more…

Tracking PDF Usage Poses a Security Problem

Looking back this year’s RSA Conference, you might have the feeling that the current threat landscape is primarily a series of advanced attacks. This concept includes well-known advanced persistent threats (APTs) and zero-day vulnerability exploits. To respond to this trend in threats, McAfee Labs has launched several innovative projects, one of which we call the Read more…

Travnet Botnet Steals Huge Amount of Sensitive Data

In a McAfee Labs blog by my colleague Vikas Taneja last month, he discussed high-level functioning in the malware Travnet. Since then we have continued to analyze different samples and now classify Travnet as a botnet rather than a Trojan because of the presence of control code, and the malware’s ability to wait for further Read more…

Cybercriminals Exploit News of Boston Marathon Bombing, Texas Fertilizer Plant Explosion

McAfee Labs Messaging Security recently observed a spam campaign based on the Boston Marathon bombing and the Texas fertilizer plant explosion. The messages take advantage of our interest in these tragic events to lure victims to malware and exploits. Last week my colleague Paras Gupta blogged about the use of the Black Hole exploit kit Read more…