Threat Actors Employ COM Technology in Shellcode to Evade Detection
COM (Component Object Model) is a technology in Microsoft Windows that enables software components to communicate with each other; it...
Locky Ransomware Hides Under Multiple Obfuscated Layers of JavaScript
This post was prepared with the invaluable assistance of Rahamathulla Hussain and Girish Kulkarni. During the last couple of weeks,...
Malware Mystery: JS/Nemucod Downloads Legitimate Installer
JS/Nemucod is the detection name given to a family of malicious JavaScript downloaders that have appeared in spam campaigns since last year....
Current Campaign Delivers Hundreds of Thousands of Polymorphic Ransomware
You might have been getting out of bed when attackers started sending hundreds of thousands of fake invoices the morning...
CVE-2016-0018: DLL Planting Leads to a Remote Code Execution Vulnerability
DLL planting, also known as DLL side loading, is a popular attack technique today. If we take a look at...
Malware Takes Advantage of Windows ‘God Mode’
Microsoft Windows has hidden an Easter Egg since Windows Vista. It allows users to create a specially named folder that...
Macro Malware Employs Advanced Obfuscation to Avoid Detection
Attacks by macro malware carrying ransomware are growing, as we have recently reported on Blog Central here and here. Now McAfee Labs...
Unsubscribing From Unwanted Email Carries Risks
We all receive loads of unwanted email solicitations, warnings, and advertisements. The number can be overwhelming to the point...
CVE-2016-0153: Microsoft Patches Possible OLE Typo
Recently McAfee Labs discovered an interesting bug in Windows’ OLE implementation, which Microsoft patched this week. Now that the patch...
Quarterly Threat Report: What Do the Numbers Mean to Me?
This blog post was written by Bruce Snell. Every quarter, the team at McAfee Labs releases a threats report detailing...
