Nitol is a distributed denial of service (DDoS) botnet that seems to be small and not widely known. It mostly operates in China. McAfee Labs recently analyzed a few samples; we offer here the communications protocol and the Trojan’s capabilities. Most of the samples we encountered were not packed and were very easy to reverse ...
Read Blog
Since March 20, the @Anonw0rmer Twitter account has been silent. Its owner, w0rmer, is known as a member of the CabinCr3w group, a hacker team linked to Anonymous. In early February, as part of the Operations PiggyBank and PigRoast, the CabinCr3w members were suspected of hacking various police department- or law enforcement-related websites including: West ...
Read Blog
Recently we discovered a new Android Trojan in the official Google Play market that displays a video downloaded from the Internet--but only if some sensitive information is previously sent to a remote server. The malicious applications are designed for Japanese users and display “trailers” of upcoming video games for Android. Here's one example: Or anime/adult ...
Read Blog
Darkshell is a distributed denial of service (DDoS) botnet targeting Chinese websites. It was found in 2011 and was first analyzed by Arbor Networks. McAfee Labs recently analyzed a few new samples that turned out to be variants of Darkshell, and we found extensive variations in network traffic and control commands. The Darkshell bot follows ...
Read Blog
See March 15 and 16 updates at the end of this blog. ----------------------------------------------------   The March Security Bulletin release from Microsoft was relatively light in volume. Out of the six bulletins released, only one was rated as Critical. And for good reason. MS12-020 includes CVE-2012-0002. This flaw is specific to the Remote Desktop Protocol (RDP) present on ...
Read Blog
[March 1: See update at end] Google Code is a well-known platform that provides a collaborative environment for developers working on open source projects. It's also a target for malware developers. Contrary to what you may think, this is not the first time that Google Code has been used to spread or store malware. (You ...
Read Blog
Hacktivism has become very popular in recent years; one of its leading agents is the online community Anonymous. Hacktivist groups use digital tools to perform denial of service (DoS) attacks for pursue political ends or to protest against controversial laws in countries around the world. One of the most common tools they use Low Orbit ...
Read Blog
Multifunction printers (MFPs) have been common in offices for years. They let employees print, scan, and copy documents. Two separate talks at the 28th Chaos Communications Congress (28c3) show how attackers can infect these trusted office devices. Hacking MFPs In Andrei Costin's presentation "Hacking MFPs," he covered the history of printer and copier hacks from the ...
Read Blog
Yesterday at the 28th Chaos Communications Congress (28C3), in Berlin, security researchers along with Karsten Nohl and Luca Melette showcased a number of flaws and solutions in GSM mobile phone networks. [caption id="attachment_13147" align="aligncenter" width="300"] Karsten Nohl presenting “Defending Mobile Phones” at the 28th Chaos Communications Congress.[/caption] Day 1 Defeating GSM encryption is not new. ...
Read Blog