CyberSafety.co.za

Malware-creators have broken all records when it comes to creating new threats. Over the last three months, PandaLabs, Panda Security’s anti-malware lab, has recorded five million new strains of malware. Most of these were banker Trojans, although adware and spyware have also increased.

This was revealed in the PandaLabs quarterly report detailing cyber-threat activity from July to September. The report can be downloaded here.

“We are currently receiving some 50,000 new examples of malware everyday,” explains Jeremy Matthews, head of Panda’s sub-Saharan operations. “This is a massive increase from the 37,000 samples were detecting daily just a few months ago. There is no reason to believe that the situation will improve in the coming months.”

Q3 saw a 15% rise of computers infected by malware compared to the previous quarter. In more than 37% of cases, the culprits were Trojans, while adware was responsible for 18.68% of all infections. This category in particular has seen significant expansion due to the major proliferation of fake antivirus programmes.

Panda has detected a major growth in the distribution of malware through spam, social networks and rogue search engine optimization techniques, which draw users to spoof Web pages from which malware is downloaded. These methods for propagating malware often use social engineering, exploiting a range of current issues such as swine flu, Independence Day, forest fires or speeches of Barack Obama.

Download the PandaLabs report here.

Panda Security’ malware detection and analysis laboratory has revealed how cyber-criminals are starting to use their own search engines to lead users to malicious pages, often created for distributing malware.

This frightening new trend underlines how cyber-crime is becoming increasingly professional. Previously, cyber-crooks would use malicious SEO (Search Engine Optimization) or “blackhat SEO” techniques to improve the ranking of their pages among popular search engines. Now they are beginning to use their own search engines which lead users directly to pages designed to infect or defraud them. One such malicious search engine, detected by Panda, has already received around 195,000 visits.

“We started searching for words and issues frequently exploited by cyber-crime, in this case swine flu, or celebrity names such as Britney Spears or Paris Hilton and this took us to pages created to distribute malware,” explains Jeremy Matthews, head of Panda’s sub-Saharan operations. “But then we found that even searching for our own names would throw up results that were really malicious pages.”

These search engines operate as follows: when users enter a word to find, the engine returns just five or six results. Clicking on any of these results will redirect the user to a Web page created specifically to distribute malware. The pages may include content such as pornographic videos, which ask users to download the latest version of “Web media player” in order to watch the clip. However, the file downloaded is really the adware WebMediaPlayer. These pages are also being used to distribute fake antivirus programs. You can see an image here.

This technique is known as social engineering, and basically involves infecting users by enticing them to click a link or run a malicious file. To avoid falling victim to these attacks, Panda advises users only to use trusted search engines, and to be wary of websites offering sensational videos or unusual stories.

“If on this kind of website you are asked to download a codec or any other kind of program to watch videos, there is a strong chance that it is really malicious code,” warns Matthews.