McAfee Labs

McAfee Labs is one of the leading sources for threat research, threat intelligence, and cybersecurity thought leadership. See our blog for more information.
January 21, 2014:  As more information comes to light, surrounding these events, we continue to identify and analyze additional components and behaviors.   To shed more detailed light on the malware specific to these events, our team in McAfee Labs has released an updated Threat Advisory entitled "McAfee Labs Threat Advisory: EPOS Data Theft".  The ...
Read Blog
This post is one in a series of articles that expand on the recently released McAfee Labs 2014 Threats Predictions. In this and related posts, McAfee Labs researchers offer their views of new and evolving threats we expect to see in the coming year. This article was written by Ramnath Venugopalan. We foresee three broad threat ...
Read Blog
On November 5, Microsoft posted Security Advisory 2896666. This vulnerability, discovered by Haifei Li of McAfee Labs, affects multiple versions of Microsoft Office, Windows, and Lync. Successful exploitation could result in the ability to execute arbitrary code on a vulnerable host (a remote code execution vulnerability). The issue (an integer overflow) lies in the handling of maliciously ...
Read Blog
  In conjunction with our investigation into Operation Troy, we will be releasing IOC data in the open and highly flexible OpenIOC Framework format.       In addition to various open/free tools, OpenIOC data can be consumed by:             McAfee Network Security Platform             ...
Read Blog
This blog was written by Sanchit Karve. Last week, we noticed thousands of malware files in the wild that employ a simple phishing attack by modifying the hosts file on Windows systems. What's interesting, however, is the technique chosen by the malware authors to distribute their payload. The samples in question (Example MD5: 34d9b42bfd64c6f752fe27eef8d80c5f) are ...
Read Blog
As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader "sandbox-escape" plan. In order to help readers understand what’s going on there, we first need to provide some background. Adobe Reader’s Sandbox Architecture The Adobe Reader sandbox consists of two processes: ...
Read Blog
Late last week, reports began to surface that the Israeli police (along with other regional law enforcement) were targeted by a malware attack.  The entry vector was described as a phishing campaign sent from Benny Gantz (head of the Israeli Defense Forces).  Initially, details and indicators around the malware were beyond sparse. Aside from the FROM: address, ...
Read Blog