Adobe released a security advisory warning the users of a zero-day vulnerability in Adobe Flash Player Versions 10.2.152.33 and earlier. An exploit targeting this vulnerability was embedded inside Microsoft Excel documents and was used to deliver the malicious code to the victims. McAfee Labs performed a detailed technical analysis of the exploit and learned that ...
Read Blog
I suppose this was inevitable. The reported death of Osama Bin Laden is just too good a lure for cybercriminals and scammers to pass up. We at McAfee Labs certainly anticipated this and have been tracking it since the first reports came out of Washington early this morning. We have seen variations of what I ...
Read Blog
Working in the security industry brings about a myriad of challenges. This is especially true for vendors. We must do our best to educate and inform. At the same time, we want to avoid laying on the FUD--or scaring customers into making poorly educated security decisions. Which brings us to the recent LizaMoon attacks. There ...
Read Blog
Over the weekend Google released the Android Market Security Tool to help clean up  devices infected with the DroidDream malware. The Android/DrdDream family of malware used a pair of exploits (Expoit/LVedu and Exploit/DiutesEx) to gain root access on vulnerable Android devices.  More than 50 Android applications were reported to be infected; all were pulled from the Android ...
Read Blog
W32/Xirtem@@MM is a fast-spreading and active worm, discovered in late 2008, that uses a variety of methods to propagate. The principal way of infecting other machines is by sending a copy of itself via email. To do that, the malware uses its own SMTP client. In addition, one of the most well-known methods employed by ...
Read Blog
Yesterday, at the Web 2.0 Summit, Google's CEO Eric Schmidt presented the Nexus S. This wasn't just about a new phone, he also talked about how Gingerbread (Android OS Version 2.3) would have support for NFC (Near Field Communications) built in. In light of the mobile-phone hotel-key (NFC-based) trial going on at the Clarion hotel in ...
Read Blog
If you are like me, there are times when you will misplace your hotel key. Times when you're switching a bucket of ice between hands while searching your pockets or bag. Wondering if you've left the key in your room or possibly the lobby. Thinking "I've always got my phone on me, wouldn't it be ...
Read Blog
The world’s most heavily trafficked web domain, .COM, is now the riskiest, according to our fourth annual Mapping the Mal Web report released today. A staggering fifty-six percent of all risky sites end in .COM! Researcher at our very own McAfee Labs analyzed more than 27 million websites to uncover which domains are the most ...
Read Blog

Stuxnet Update

By on
Stuxnet has received a lot of attention since McAfee first blogged about it in July. This post will answer some of the frequently asked questions we've received. Q: What is Stuxnet? A: Stuxnet is a highly complex virus targeting Siemens' SCADA software. The threat exploits a previously unpatched vulnerability in Siemens SIMATIC WinCC/STEP 7 (CVE-2010-2772) and four ...
Read Blog

Zeus Crimeware Toolkit

By on
The Zeus botnet has been in the wild since 2007 and it is among the top botnets active today. This bot has an amazing and rarely observed means of stealing personal information--by infecting users' computers and capturing all the information entered on banking sites. Apart from stealing passwords, this bot has variety of methods implemented ...
Read Blog