Clik here to view.
Macro Malware Targets Macs
Macro malware has been spreading for years. New techniques arise all the time to hide malicious code and thus increase the difficulty of analysis. However, just targeting Microsoft Windows no longer...
View ArticleClik here to view.
Spora Ransomware Infects ‘Offline’—Without Talking to Control Server
Spora is a ransomware family that encrypts victims’ files and demands money to decrypt the files. It has infected many computers in a short time due to a huge spam campaign. It has a very special...
View ArticleClik here to view.
Analyzing CVE-2017-3731: Truncated Packets Can Cause Denial of Service in...
OpenSSL is a popular open-source library for SSL and is used by various software and companies across the world. In January, OpenSSL released an update that fixed multiple vulnerabilities. One of them...
View ArticleClik here to view.
CHIPSEC Support Against Vault 7 Disclosure Scanning
Following recent WikiLeaks Vault 7 disclosures, including details regarding firmware vulnerabilities, there has been significant concern regarding the integrity of devices and operating systems used...
View ArticleClik here to view.
Analyzing a Fresh Variant of the Dorkbot Botnet
At McAfee Labs, we have recently observed a new variant of the Dorkbot botnet. Dorkbot is a well-known bot, famous for its various capabilities including backdoor, password stealing, and other...
View ArticleClik here to view.
Ransomware Families Use NSIS Installers to Avoid Detection, Analysis
Malware families are constantly seeking new ways to hide their code, thwart replication, and avoid detection. A recent trend for the delivery of ransomware is the use of the Nullsoft Scriptable Install...
View ArticleClik here to view.
McAfee Labs Threats Report Explores Threat Intelligence Sharing and Mirai,...
This blog post was written by Vincent Weafer. In the McAfee Labs Threats Report: April 2017, published today, we explore two key topics. Following an announcement by the Cyber Threat Alliance of its...
View ArticleClik here to view.
Critical Office Zero-Day Attacks Detected in the Wild
At McAfee, we have put significant efforts in hunting attacks such as advanced persistent threats and “zero days.” Yesterday, we observed suspicious activities from some samples. After quick but...
View ArticleClik here to view.
Mirai Botnet Creates Army of IoT Orcs
This post was based on analysis by Yashashree Gund and RaviKant Tiwari. There is a lot of speculation in the news about surveillance from home appliances, personal electronics, or other Internet of...
View ArticleClik here to view.
Banned Chinese Qvod Lives on in Malicious Fakes
Qvod used to be a popular video player and developer in China. Due to piracy allegations and a threatened fine, the company went out of business in 2014. In spite of this, we have recently seen a...
View ArticleClik here to view.
Cerber Ransomware Evades Detection With Many Components
This blog was co-written by Sapna Juneja. Cerber is a quickly evolving type of malware called crypto-ransomware. Cerber encrypts files on an infected computer and demands a ransom to restore them....
View ArticleClik here to view.
Mirai, BrickerBot, Hajime Attack a Common IoT Weakness
This blog post was written by Rick Simon. We know that devices in the Internet of Things make enticing targets for attack. They are often insecure and can act as open windows into trusted networks....
View ArticleClik here to view.
Vulnerable OpenSSL Handshake Renegotiation Can Trigger Denial of Service
OpenSSL, the popular general-purpose cryptographic library that implements SSL/TLS protocols for web authentication, has recently suffered from several vulnerabilities. We have written about...
View ArticleClik here to view.
An Analysis of the WannaCry Ransomware Outbreak
Charles McFarland was a coauthor of this blog. Over the course of Friday, May 12 we received multiple reports of organizations across multiple verticals being victim to a ransomware attack. By Friday...
View ArticleClik here to view.
WannaCry: The Old Worms and the New
The morning of Friday, May 12 multiple sources in Spain began reporting an outbreak of the ransomware now identified as WannaCry. Upon learning of these incidents, McAfee immediately began working to...
View ArticleClik here to view.
Further Analysis of WannaCry Ransomware
McAfee Labs has closely monitored the activity around the ransomware WannaCry. Many sources have reported on this attack and its behavior, including this post by McAfee’s Raj Samani and Christiaan Beek...
View ArticleClik here to view.
Analysis of Chrysaor Keylogging Mechanism Shows Power of Simple Malicious Code
Many attacks on mobile devices use social engineering to initially infect a victim’s system. They download malware and elevate privileges by exploiting vulnerabilities. Mobile malware often uses...
View ArticleClik here to view.
Adylkuzz CoinMiner Spreading Like WannaCry
The last few days have been very busy for security teams all around the globe due to the nasty ransomware WannaCry, which spread widely using an exploit for a Server Message Block v1 vulnerability...
View ArticleClik here to view.
How to Protect Against WannaCry Ransomware in a McAfee Environment
This post was updated on May 31 with links to three McAfee community videos concerning WannaCry ransomware. WannaCry Ransomware – McAfee ATP: Highlighting the value of Adaptive Threat Protection...
View ArticleClik here to view.
Fake WannaCry ‘Protectors’ Emerge on Google Play
Are Android devices affected by the self-propagating ransomware WannaCry? No—because this threat exploits a vulnerability in Microsoft Windows. This malware cannot harm mobile systems. Nonetheless,...
View Article