McAfee Labs

Taking a Close Look at Data-Stealing NionSpy File Infector

W32/NionSpy is a family of malware that steals information from infected machines and replicates to new machines over networks and removable thumb drives. Aside from stealing keystrokes, passwords, Bitcoins, system information, and files on disk, NionSpy (also known as Mewsei and MewsSpy) can record video (using the webcam), audio (using the microphone), take screenshots, and …

McAfee Labs

W32/Worm-AAEH Replaces Cryptor With One Used by Dofoil Downloaders

The W32/Worm-AAEH family (aliases: Beebone, VObfus, Changeup) of Trojans/downloaders/worms has been notorious for consistently morphing itself and switching control servers since June 2009. In June 2013, the AAEH worm made its biggest cosmetic change since 2009 by packaging an entire encrypted binary (containing all the malicious W32/Worm-AAEH code) inside its signature cryptor, which previously held only …

Consumer Threat Notices, McAfee Labs

‘Heartbleed’ Vulnerability Opens the Door to SSL Heartbeat Exploits

  Update: 4/11/2014 McAfee’s Heartbleed Test tool has been posted and enables users to test sites for the presence of this vulnerability. ———- A recent vulnerability in OpenSSL is causing quite a stir. Documented as CVE-2014-0160, this vulnerability has a significant impact on the perceived security of a number servers across the globe. One of …

McAfee Labs

Polymorphic AutoRun Worm Evolves and Obfuscates

Recently we have seen a spike in a Visual Basic 6-compiled AutoRun worm family. The family is both client- and server-side polymorphic. (For more on this family, refer to our VIL and Advisory entries.) The W32/Autorun.worm.aaeh family usually gets on a victim’s machine through email spam, Blacole drive-by downloads, or downloads by BackDoor-FJW. From a behavioral …