CyberSafety.co.za

Panda Security is launching the Panda Challenge. Last year’s edition of the competition saw more than 4,000 entrants putting their considerable computer skills to the test.

This year the Panda Challenge asks participants to find the solution to two practical problems published in the PandaLabs Blog. In the first phase, users will have to download the game and then make a keyfile in order to play it; while the second phase involves finding a valid license for a program.

“We launched this challenge for the first time last year, unaware of the fantastic response we would get” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “We were pleasantly surprised to see such a high number of participants with such technical expertise. The challenges were not easy but lots of users managed to find the solution.”

The first challenge will be published on Saturday, July 17 at 09:00 (GMT + 2) and solutions must be received by Monday, July 19 at 17:00 PM (GMT + 2). The second challenge will be published the following weekend, on Saturday, July 24 at the same time, and solutions must be received by Monday, July 26. The winner will be the first contestant to send the correct solution to pandachallenge@pandasecurity.com.

Anyone, from any country, can take part, with no need to register or comply with any requirements. All participants can follow the contest and interact with each other on Twitter, using the hashtag #PC2010.

“This year we have taken into account the suggestions of contestants to better adapt the challenge to everyone’s needs: we’re running it at the weekend, with a timetable that allows people from all over the world to take part, etc. We hope users enjoy it as much as last year”, concludes Matthews.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

With the boom in social networks and the numerous applications now available for sharing information across the Internet, global IT vendor Panda Security advises users to take extra precautions in order to prevent falling victim to computer fraud.

“This year we advise users to take particular care with the information they share across social networks”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This applies particularly to applications used to plan journeys or to locate people geographically through GPS devices, as this information could easily be exploited and used to aid housebreaking.”

These types of applications have become highly popular over the last year. Facebook apps such as Doorpl or Trip Advisor (which show messages describing where you are or where and when you are planning to go); the Twitter geolocation utility (displaying where tweets have been sent from), or services for locating mobile devices through GPS (now widely employed by iPhone or Android users), are just a few examples.

While many of these programs are interesting and fun, the problem lies in the exploitation of this information by criminals. The emergence (and closure) of services like Pleaserobme, which as its name suggests, connects with these applications to offer information about who is not at home, is just one example of the abuse of these applications. “This underlines how careless we can be as users when offering personal information publicly”, adds Matthews.

There are numerous precautions that users are encouraged to take in order to prevent being exploited during the holiday season.

Users who take their PC’s with them on holiday are advised to back up all their information as they face the risk of having their PC’s stolen or breaking down while away. In addition they are advised to have reliable, up-to-date protection with all the necessary security patches installed.  

Although encrypting the information on their hard disks may seem a tiresome or complex task, is another strong security measure Panda encourages users to take as it prevents anyone from accessing data without the right password.

Furthermore, users should never connect to unprotected WiFi networks, as they could be hooking up to a network set up by hackers to steal any information that they share across the Internet. It is always better to use secure, trusted networks, even if it means paying more. Lastly, users are advised to take care with email as phishing attacks and spam are becoming increasingly sophisticated.

In addition to this holiday advice, there are constant precautions that should always be taken.

No one should use applications for planning journeys offered by social networks, to ensure that you can’t be located. Similarly, users shouldn’t accept the geolocation function in Twitter or use this application from their cell phones.

Users who do spend time in chat rooms while on holiday should also never reveal any personal or confidential details to anyone unknown. If users notice any suspicious behavior on social networks (strangers with too much of an interest in your holiday destination, dates, etc.) they should contact the police. All these safety tips should be shared with children, who are more naïve than their parents and therefore make easier targets.

“In addition to the above, it is worth remembering some of the basic security measures at this time of year. Turn off your router when you leave home, beware of typical, holiday-themed phishing, take care with dubious looking websites, as many of them are designed to infect your computer… and, above all, have a great holiday”, concludes Matthews.

More information is available at the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Trojans accounted for 70% of all new malware between April and June 2009, according to data compiled in the latest PandaLabs Quarterly Report.

Trojans were also responsible for more infections than any other type of malware over this period. This type of malware was behind 34.37% of all infections detected by Panda, an increase of 2.86% with respect to the previous quarter. Adware infection levels remained stable, accounting for 19.62% of the total.

One of the most notable findings of the report is the 6.25% drop in spyware, which now represents just 6.9% of all new malware. In contrast, adware rose dramatically over this period, from 7.54% in the previous quarter to 16.37%. This is largely due to the surge in fake antivirus applications, a type of adware that passes itself off as a legitimate security solution.

As for worms, their percentage has also risen slightly, now accounting for 4.4% of all malware. Dialers, at 4.48%, stubbornly refused to disappear despite the overriding trend for broadband instead of dial-up connections.

In terms of specific strains of malware, the number one ranked specimen in Q2 was Downloader.MDW, a Trojan designed to download other malware on to computers. The Virtumonde spyware and Rebooter.J Trojan were also among the malicious codes that caused most infections.

Malicious use of Twitter

A worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users. It then infected the new user’s profile to continue propagating. New variants appeared, and finally the creator’s identity was revealed: one Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using different techniques, above all BlackHat SEO. Twitter has a feature called “Trending Topics”, which is a list of the most popular topics that appears in the interface of all Twitter users. When users select a topic through this feature, they will see all ‘tweets’ published related to this issue.

In this case, malicious users were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded. The first attack focused on just one of the topics, but just a few days later the scope of the attack increased and all popular topics contained malicious links. When the actor David Carradine died, in just a few hours there were hundreds of malicious tweets, and the same occurred with other popular issues on Twitter.

You can download the PandaLabs Quarterly Report here.