Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

3G, 2012 London Olympics, Adobe, Advanced Persistent Threat, advanced persistent threats, adware, AET, AMTSO, analysis, Android, Android/FakeUpdates, Android/NickiSpy, Android Exploit, Android Malware, Android Malware Analysis, Android Market, Android Mobile Malware, Android Rooting Exploit, Anonymous, Anonymous Group, Antievasion, Apple, application security, APT, attack, attacks, AutoRun malware, Backdoor, Bitcoin, Bluetooth, bot, botnet, botnets, bots, Brazil, buffer overflow, CanSecWest, Charity Phishing Scams, Chile, clickjacking, Compliance, conference, Conficker, counter identity theft, credit card fraud and protection, crimeware, critical infrastructure, cross-site scripting, currency, cybercrime, Cybercrime, Cyber Security Mom, cyberwar, database security, data breach, Data Protection, Dave DeWalt, DDoS, Digital Certificates, distributed denial of service, DoS, downloader, downloaders, Duqu, e-gold, eBay, EFF, election, email, Email & Web Security, embedded, encryption, Endpoint Protection, enterprise, exploit, Exploit for Android, exploits, facebook, fake-av, fake alert, fake anti-virus software, fake anti virus, Fake AntiVirus, fake updates, false, Family Safety, FIFA, Flash, free, french, gaming, gaming consoles, global threat intelligence, google, google code, government, gratis, GSM, hacker, Hackers, hacking, Hacktivism, Hacktivity, hoax, host intrusion prevention, ICS, identity exposure, identity fraud, identity protection, identity theft, Identity thieves and cybercriminals, iframe, in.cgi, industrial control systems, Infrastructure, intellectual property, internet privacy, Internet Safety, in the cloud, IntruShield, iphone, IPS, java, JavaScript, Kernel 0day vulnerability, king county, LART, law enforcement, Linux, Linux/Exploit:Looter Analysis, Linux and Windows, lizamoon, Lloyds, LOIC, Looter Analysis, luckysploit, mac, Mac OSX, Mac OS X, Malicious QR Code, malware, Malware Experience, malware forums, Malware research, maps, mass mailing worm, mass sql injection, McAfee, McAfee Identity Protection, McAfee Initiative to Fight Cybercrime, McAfee Labs, McAfee Network Security Platform, McAfee NSP, McCain, Medical identity theft, Microsoft, MMORPG, Mobile, mobile data protocols, mobile devices and security threats, mobile malware, mobile phone spyware, mobile security, mobile smartphone security, mobile spam, msn spaces, ndr, near field communication, Network Evasions, Network Security, NFC, NickiSpy, North Korea, obama, olympics, Olympic scams, online banking, online child safety, online credit fraud, online gaming, online gangs, online safety, online security, online shopping, online threats, Operation Aurora, Orange, OS/X, outlook, P2P, password stealer, patch, pay-per-install malware, Payload, payment, paypal, PCI, PDF, peer to peer, Peer to Peer file sharing, personal information over mobile phones, personal information protection, phishing, phishing kits, phishing scams, phishing shareware, piracy, Postcode Lottery, PostScript, Potentially unwanted program, Printers, privacy, Public Sector, puget sound, pup, PWN2OWN, pws, Ramnit, RAT, rdp, Records phone conversations, regulations, research, RFID, risk, Risk and Compliance, rogue anti-virus software, Rogue Certificates, rootkit, RootkitRemover, Rootkits, safe surfing, SCADA, scam, scams, scareware, SchmooCon, Search engine optimization, Search engine poisoning, security, Security-as-a-Service, Security 101, seo abuse, Shady RAT, SlowLoris, smartphones, sms, social engineering, social media, social network, social networking, social networks, South Korea, spam, spear, SpyEye, Spyware, sql attacks, SQL Injection, Steve Jobs, Stinger, Stuxnet, subscription, Symbian, targeted attacks, Testing, text message, threat, tools, TPM, traffic manager, trojan, trojan banker, trojans, twitter, urchin.js, USB drives, vbs, virus, Viruses, vista, vulnerability, waledac, water facility, water pumps hacked, water treatment facilities hacked, web, Web 2.0, web security, web threats, white hat hackers, windows, Windows Mobile, World Cup, world of warcraft, worm, Worms, xirtem, xss, Zbot, Zero-Day, ZeroAccess, zeus, zombie, zombie computers, zombies
McAfee Labs :

McAfee Labs

Get cutting-edge security as it happens. McAfee Labs Blog delivers the latest research, analysis and insights into the evolving threat landscape, powered by comprehensive, real-time Global Threat Intelligence and a dedicated team of multidisciplinary researchers. Read our experts’ tips and techniques to help you avoid and defeat the latest malware trends, and view portions of the actual research to stay even more informed.

Posts in McAfee Labs

Google Code Projects Host Android Malware

Thursday, March 1, 2012 at 9:54am by Carlos Castillo
Carlos Castillo

[March 1: See update at end] Google Code is a well-known platform that provides a collaborative environment for developers working on open source projects. It’s also a target for malware developers. Contrary to what you may think, this is not the first time that Google Code has been used to spread or store malware. (You Read more…

Tags: , , , , , ,

Another Overview of Exploit Packs

Friday, February 24, 2012 at 5:27am by Francois Paget
Francois Paget

Recently I blogged about some exploit packs. In that post I showed a table that had 10 common malware kits. I listed the vulnerabilities used, referenced by their Common Vulnerabilities & Exposures (CVE) names. There were 45 vulnerabilities in the table. From the data, this idea was taken up by Mila Parkour via her Contagio Read more…

Tags: , , , , , , , ,

McAfee Q4 Threats Report Shows Malware Surpassed 75 Million Samples in 2011

Tuesday, February 21, 2012 at 12:24pm by David Marcus
David Marcus

Today we released our Fourth Quarter 2011 Threat Report, revealing that malware surpassed the our estimate of 75 million unique malware samples last year. Although the release of new malware slowed a bit in Q4, mobile malware continued to increase and recorded its busiest year to date. Malware The overall growth of PC-based malware actually Read more…

Tags: , , , , , , , , , , , , , , , ,

Android DIY DoS App Boosts Hacktivism in South America

Friday, February 17, 2012 at 8:09am by Carlos Castillo
Carlos Castillo

Hacktivism has become very popular in recent years; one of its leading agents is the online community Anonymous. Hacktivist groups use digital tools to perform denial of service (DoS) attacks for pursue political ends or to protest against controversial laws in countries around the world. One of the most common tools they use Low Orbit Read more…

Tags: , , , ,

Adware on Mobile Devices an Evolving Privacy Threat

Monday, February 13, 2012 at 9:40am by Carlos Castillo
Carlos Castillo

Potentially Unwanted Programs (PUPs) are often legitimate software that pose a risk to users’ privacy or systems. A reasonably secure–or privacy-minded–user may want to be informed of the presence of certain PUPs and in some cases remove them. One very common type of PUP is adware, which exists to make revenue through advertising. Some adware Read more…

Tags: , , , ,

Cracking Open Your (Google) Wallet

Thursday, February 9, 2012 at 9:45am by Jimmy Shah
Jimmy Shah

We suggested earlier that instead of going after the Secure Element chip and the information it keeps safe, attackers would go after the weaker point of the Google Wallet app. Security researcher Joshua Rubin has now created a proof-of-concept app, Google Wallet Cracker, that can recover the Google Wallet PIN on a rooted phone. Once Read more…

Tags: , ,

Security 101: Attack Vectors Take Advantage of User Interaction

Wednesday, February 8, 2012 at 3:02pm by Francisca Moreno
Francisca Moreno

Welcome back to Security 101. Our New Year’s recess is over, and it’s time to offer another lesson. So far we have discussed vulnerabilities and some types of low-interaction attack vectors. In this lesson we shall continue with attack vectors that require medium or high levels of user interaction to succeed. These attack vectors are Read more…

Tags: , , ,

Safer Internet Day 2012 Offers a Lesson for All of Us

Tuesday, February 7, 2012 at 12:17pm by Toralv Dirro
Toralv Dirro

Many of you may have already noted this from Google’s home page, but for those not reading the fine print or not using Google: Today is International Safer Internet Day, which will have its 10th anniversary next year (if I counted right). Started in Europe by Insafe with funding from the European Commission, this day has become Read more…

Tags: , ,

Android Market Gets a Bouncer to Kick Out Malware

Friday, February 3, 2012 at 10:17am by Jimmy Shah
Jimmy Shah

Today Google announced its Bouncer security service for the Android Market. This is a good initial step in protecting Android users. Respect the Bouncer To keep out known troublesome apps, the service performs a malware and spyware scan on all submitted material. It also uses behavioral analysis to determine if a given app is trying Read more…

Tags: , , ,

SchmooCon to Cover Hot Mobile Security Topics

Thursday, January 26, 2012 at 9:32am by Jimmy Shah
Jimmy Shah

The ShmooCon security conference takes place in Washington D.C. this weekend. There will be a good number of mobile and embedded talks, covering attacks on and defense of Bluetooth, Android, NFC, RFID, and more. Disposable computers A number of years ago at DefCon a team of penetration testers showed how to infiltrate a corporate network Read more…

Tags: , , , , , ,