McAfee Labs

Trillium Exploit Kit Update Offers ‘Security Tips’

McAfee Labs has previously blogged about the Trillium Exploit Kit Version 3.0, which is commonly used to create and distribute malware. Last week, Version 4.0 appeared on several underground forums. We have analyzed the new version of the tool and it contains new functionality. These include: PDF downloader Password generator Security tips PDF downloader The user …

McAfee Labs

Hacktivists Turn to Phishing to Fund Their Causes

At Intel Security we recently observed a phishing campaign targeting Apple account holders. The link directed the user to a compromised WordPress site used to serve the fake Apple ID login page. Users are asked to log in with their Apple IDs, and then are requested to update billing information and credit card details. In the following …

McAfee Labs

Trillium Toolkit Leads to Widespread Malware

Any aspiring cybercriminal can buy one of many malicious toolkits to craft a downloader and distribute malware. After a time these downloaders are leaked to forums and other download sites and become available to the masses. This is often when we see a spike in their use. The toolkit Trillium Security MultiSploit Tool v3 was cracked last week …

McAfee Labs

Malicious Forums Turn Amateur Hackers Into Cybercriminals

Security researchers are aware of forums that offer downloads of malicious software such as keyloggers and remote access tools. Some inexperienced hackers may visit these forums and decide to chase the money and create a malicious agenda. The following is a snippet from a popular hacking forum. We recently received a submission with the filename 17_02_16~_HKL_Purchase_Order.ace. This …

McAfee Labs

File-Hosting Site Turns Your File Into Adware

We recently received a sample from a customer and upon initial analysis it looked like a bundled software installer. Upon execution, the installer launches a website and then attempts to download an executable—an installer for FLV Player. Nothing out of the ordinary, but what grabbed our attention was the website that had loaded after execution. …