TrustedSource

The TrustedSource Research Team is now part of McAfee Research organization. Our researchers will continue to provide insightful blogs here on www.trustedsource.org and also at www.avertlabs.com/research/blog/. Either site will provide you with all the latest blogs from all the global security experts at McAfee Research teams.

Dave Marcus is ready for his Oscar

February 8th, 2010
Posted by Shane Keats

As a rule, we don’t do product plugs on this blog for obvious reasons. This is the place for research and data on threat and response. But we’re going to make an exception to bring you a video from Dave Marcus, the guy who keeps the McAfee Labs blog running, and runs a couple dozen [...]

Protecting Privacy by Design

February 2nd, 2010
Posted by Ben Edelman

This guest post was written by Benjamin Edelman, Assistant Professor at Harvard Business School and an advisor to McAfee. Last week I revealed troubling transmissions by the Google Toolbar: Even when a user specifically “disable[s]” the Google Toolbar, and even when the Toolbar disappears from view, the Toolbar continues tracking users online behavior—including specific web [...]

Hackers Disrupt European CO₂ Market

February 2nd, 2010
Posted by Francois Paget

In recent weeks, various cybercrime attacks have disrupted the computer systems that allow nations to manage their national greenhouse-gas emissions quotas and their possession of carbon assets according to international agreements (the Kyoto Protocol and the European system). One quota is the right to emit the equivalent of one ton of carbon dioxide during a specified period. The [...]

Be careful on help files

February 2nd, 2010
Posted by Shinsuke Honjo

The other day, I came across a malware that attempts to hide its infection not in that technical but in the very unique way. “Muster” is a family of backdoor which has been using help files for hiding themselves. The help files or “.hlp” files are data files designed to be viewed with Microsoft WinHelp browser [...]

Scams Take Advantage of Haiti Relief Efforts

January 22nd, 2010
Posted by Sam Masiello

Never is the heartless nature of cybercriminals more apparent than in the wake of a tragedy. As relief efforts continue and worldwide aid pours in to help those affected by the earthquake that rocked Haiti on January 12, cybercriminals have not slowed their efforts. They are eager to get you to donate money that the people [...]

Patch Released for Recent Microsoft Zero Day (CVE-2010-0249)

January 21st, 2010
Posted by Craig Schmugar

Microsoft has released Security Bulletin MS10-002, regarding Internet Explorer vulnerabilities. In addition to patching the flaw exposed by Operation Aurora, the company released patches for seven other vulnerabilities. We are aware of reports of private CVE-2010-0249 exploits impacting Internet Explorer 7 and 8 (though these are mitigated with ASLR and DEP). Historically, the odds of private exploits [...]

Update on Recent Microsoft 0day (CVE-2010-0249)

January 20th, 2010
Posted by Craig Schmugar

Here’s a quick update on CVE-2010-0249, aka the Aurora exploit. A few days ago exploit code was made public. Since then malware authors have been customizing the exploits payload to install their own malicious creations. Much of the field telemetry we’ve been receiving has been coming from McAfee users in China visiting websites in China. [...]

Investigating a Possible Charity Scam

January 19th, 2010
Posted by Francois Paget

On Saturday, my McAfee Labs colleague Craig Schmugar wrote about phishing sites and email scams related to the recent earthquake in Haiti. The people behind these frauds deserve to be caught by the law. I have a story that demonstrates that when several researchers join forces the bad guys run the risk of being punished. On [...]

McAfee ‘Hacking Exposed’ Webcast Series Fights Cybercrime

January 19th, 2010
Posted by David Marcus

We are pleased to announce the next event in our complimentary monthly “Hacking Exposed Live!–A Webcast Series,” which educates attendees to protect against cybercrime and hackers. The monthly webcast, hosted by Hacking Exposed coauthor and McAfee Senior Vice President Stuart McClure, walks attendees through the latest hacking techniques and explains countermeasures for preventing attacks. The [...]

An Insight into the Aurora Communication Protocol

January 19th, 2010
Posted by Guilherme Venere

As we know, the recent Operation Aurora has been making waves due to a highly organized attack targeting companies such as Google, Adobe and other high profile companies. A security breach due to a vulnerability in Microsoft’s Internet Explorer, CVE-2010-0249, caused remote code execution leading to download of malware on compromised systems. At McAfee Labs, researchers [...]

Went Looking for IE Exploits in “Haiti”, Found Something Else

January 17th, 2010
Posted by Craig Schmugar

In my last post I mentioned that the “Operation Aurora” exploit code was public and that we could expect other attacks leveraging the CVE-2010-0249 exploit to emerge. Given the significance of the recent earthquake in Haiti, and the slew of phishing sites, email scams, etc; it makes sense that attackers would try to incorporate an [...]

“Operation Aurora” Leading to Other Threats

January 16th, 2010

Operation Aurora has received a lot of attention over the past couple of days. To recap, Google, Adobe, and many other companies were attacked with code exploiting a zero-day vulnerability in Internet Explorer. Since the announcement of this vulnerability (CVE-2010-0249), exploit code has been made public and already revised into a more usable form. History tells [...]

More Details on “Operation Aurora”

January 14th, 2010

Earlier today, George Kurtz posted an entry, ‘Operation “Aurora” Hit Google, Others’, on the McAfee’s Security Insight blog The purpose of this blog is to answer questions about this particular attack; fill in some of the threat flow and McAfee coverage details. How were systems compromised? When a user manually loaded/navigated to a malicious web page from [...]

New Koobface variant saves researchers time from analysis

January 13th, 2010

Researchers at McAfee labs monitor Koobface activities 24/7 via custom honeypots and while reviewing one such update we noticed a variant that had debug/log features. Unlike the traditional captcha breaking technique to create new accounts, this variant of the worm converts the infected machine to a bot. When we analysed the malware trapped in our botnet, [...]

BlackBerry Messenger the new vehicle to distribute Hoaxes?

January 12nd, 2010

I received an interesting IM from a friend via BlackBerry Messenger [BBM] this weekend. She was worried that it could do damage to her shiny new BlackBerry and, as she knew I work for McAfee, she forwarded it to me for my opinion. As soon as I read it, I knew it was a hoax and [...]

Previous Entries

McAfee Research Blog