TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
 


Latest Malware Threats
 RSS Feed

McAfee Research Blog

RSS Feed
The TrustedSource Research Team is now part of McAfee Research organization. Our researchers will continue to provide insightful blogs here on www.trustedsource.org and also at www.avertlabs.com/research/blog/. Either site will provide you with all the latest blogs from all the global security experts at McAfee Research teams.

FakeAlerts Uncovered

July 2nd, 2009

It has been almost a year since the rogue antivirus products, a.k.a. scareware, became rampant.  These Trojan families are typically spread via Drive by downloads, SEO poisoning, Spam campaigns and clever social engineering. Having these methods discussed in earlier blogs, today we will look into the protection mechanisms adopted by these fake alerts Trojan families to [...]

Generic Rootkit.d Strikes Again in New Variant

June 29th, 2009

A few days ago I got a chance to look at a recent variant of the DNSChanger.ad. It drops a common rootkit that is mostly associated with FakeAlert and DNSChanger Trojans. Over a period of time the dropped sys file names have changed from tdss*.sys to seneka*.sys to skynet*.sys and so on. Our memory detection [...]

Michael Jackson News Affects Web Traffic

June 26th, 2009

The announcement of Michael Jackson’s death has caused immediate effects on the Web 2.0 world. The impact ranged from the interruption on Facebook of coverage of Farrah Fawcett’s death to a surge experienced by Twitter. The Web 2.0 world is definitely abuzz with traffic regarding his passing. Within hours the percentage of “long-tail” URL traffic associated with [...]

Bad News Offers Opportunity to Spread Malware

June 25th, 2009

With the current news about the deaths of Farrah Fawcett and Michael Jackson, it’s a good idea to remind our readers to beware of blackhat attempts to distribute malware to anyone looking for news.   Every time a disaster happens or news about some celebrity reaches the media, malware writers try to take advantage of it. [...]

Sex the Bait in Mass Orkut Compromise

June 23th, 2009

With the advent of Web 2.0, social networking websites have become an easy target for online fraud and other identity scams. Lately, we have seen Twitter being used to phish out personal information, as well as MySpace scams and Facebook spams. With more than 15 percent of the traffic from India, Orkut is perhaps the most [...]

More Password-Theft Shenanigans

June 23th, 2009

Recently, my colleague Pedro Bueno wrote about “dumb” malware authors hardcoding their login credentials into their password-stealing Trojan. The malware he referenced, PWS-Banker.gen.i, ostensibly came from Brazil. Today, we found the same negligence in a similar piece of Chinese malware detected as PWS-Banker.gen.de. When run, the password-stealing Trojan queries for the infected host’s IP address using three web-based IP address-lookup services. It [...]

DDoS Not the Most Political Way to Protest

June 16th, 2009

So, Iran had elections this weekend. Some people don’t agree with the results. As a consequence, some people are organizing DDoS attacks against Iranian websites, more precisely: http://www.leader.ir/ http://president.ir/ http://www.irib.ir/ http://www.iribnews.ir/ and some specific URLs on those domains. No guys, that’s not the right path and, as it is a malicious activity, we are detecting the tools being distributed to create [...]

Worms Dig Further Than Thumb Drives

June 11st, 2009

Most every day I see AutoRun worms such as this one. You may know the kind, the worms that are designed to replicate onto removable drives. There is certainly no shortage of these little monsters. Often the worm, although problematic itself, is just the harbinger of potential doom. More malicious malware obtained by these worms [...]

Spammers Take Advantage of Air France Crash

June 11st, 2009

As we foresaw, spammers have used the Air France AF447 disaster to catch people’s attention and prompt them to open fake news emails related to this event. Less than two weeks after the crash, the firsts emails started to spread. We’ve seen the following subjects: A-330 blackbox record Another plane crushed Last seconds of plane When opened, all these [...]

Dumb Malware Authors Cause More Damage Than Smart Ones

June 11st, 2009

I don’t really know which is worse: a dumb or a smart malware writer. Brazilian malware writers fall into the first category: bad coders and dumb. It’s as simple as that. While checking a very recent PWS-Banker Trojan (the malware that steals banking information), I came across a variant. This one targets three Brazilian banks–Bradesco, Itau, [...]

Zero-Day Exploit Leads to Apparent Suicide

June 10th, 2009

This is tragic news, indeed. We have heard of software flaws costing customers hefty amounts of money, man hours, bandwidth, disk space, etc. But now the cost has reached an unprecedented level–causing HyperVM’s creator to apparently commit suicide. The problem started earlier this week, when a large web host company that relied on HyperVM to [...]

ATM Malware Makes Withdrawals in Russia

June 10th, 2009

We frequently encounter password stealers and backdoors in computers after their owners have browsed unsafe websites or opened unknown email attachments. It is more unusual, however, to see these malware directly implemented in banks’ automated teller machines. In these cases, Trojans have to be installed by people who have physical access to the machines. Data [...]

Avoid Housecalls From Rogue ‘Malware Doctor’

June 5th, 2009

Yesterday, we came across to a new variant of a rogue security program. This one is called Malware Doctor, and we detect it as FakeAlert-D Trojan  with our DAT 5635. The new variant comes from the following web pages: hxxp://internetware-sa{blocked}.com/ hxxp://mal-ware{blocked}.net As do most other rogue security programs, Malware Doctor displays misleading fake alerts to entice users into buying a product to [...]

New McAfee Whitepaper on Browser Attacks

June 4th, 2009

Today we at McAfee Avert Labs released an excellent paper on browser attacks. Written by Christoph Alme, this paper deals with the many complexities of browser security and attacks. From the paper: Web Browsers: An Emerging Platform Under Attack “The widespread use of highly interactive “rich client” web applications for e-commerce, business networking, and online collaboration [...]

Social Engineering Aids Malware Delivery

June 2nd, 2009

Earlier today the nice folks at SANS blogged about a malware campaign dressed up as a digital-certificate update for Bank of America. The malicious link contained the substring “bankofamerica.com” and took you to a Web page rigged to mimic Bank of America’s Web page: If you clicked on “Update Certificate,” a certifiably nasty piece of malware [...]