" Android "

Mobile-Protection

Panda’s 8 Easy Ways to Protect Your Mobile

What is the one thing you never leave home without? If your mobile is the first thing that came to mind, you wouldn’t be the only one. Whether you use it for social media, emails, research, storage or as a GPS – there is basically nothing that the latest smartphones can’t do. People use cell phone banking and store valuable data on their phones, making smartphones just as valuable as PC’s or laptops. These clever gadgets are however more prone to theft and loss. So why safeguard your computer, but not your smartphone?

(more…)

PandaLabs

PandaLabs Q2 Report finds malware creation at record levels

Recently published results from PandaLabs Quarterly Report for Q2 2013 indicate that malware creation reached record levels with Trojans accounting for 77.2 percent of all new malware created (worms: 11.28 percent; viruses 10.29 percent) and 79.70 percent of malware infections – affecting eight in ten users. Of concern, too, is the increase in malware targeting the Android platform. Interestingly, during this quarter, 12 percent more malware was created than for the same period last year, and when the data for the first and second quarters of 2013 is combined, the increase on 2012 reaches 17 percent.

(more…)

Android, Facebook and HBGary Federal all hacked in the First Quarter of 2011

Global IT vendor Panda Security has published the first PandaLabs Quarterly Report of 2011. This quarter has witnessed some particularly intense  virus activity with the three most serious incidents including: the single largest attack against Android cell phones, the intensive use of Facebook to distribute malware and an attack by the Anonymous hacktivist group against the HBGary Federal security firm.

At the beginning of March, Android experienced the largest attack to date on their software. This assault was launched from malicious applications on Android Market. In just four days these applications, which installed a Trojan, had racked up over 50 000 downloads. The Trojan in this case was highly sophisticated, not only stealing personal information from cell phones, but also downloading and installing other apps without the user’s knowledge. Google managed to rid its store of all malicious apps, and some days later removed them from users’ phones.

With regards to Facebook, George S. Bronk, a 23-year-old from California, pleaded guilty to hacking and blackmail, and now faces up to six years in prison. Using information available on Facebook, he managed to gain access to a multitude of email accounts. Having hijacked an account, he would search for personal information he could then use to blackmail the victim. It would seem that anyone could become a victim of these types of attacks, as even Mark Zuckerberg –creator of Facebook– had his Facebook fan page hacked, displaying the status, “Let the hacking begin”.

The Anonymous cyber-activist group responsible for launching an attack in 2010 against SGAE (the Spanish copyright protection agency), among other targets, is still making headlines. The latest incident was triggered when the CEO of US security firm HBGary Federal, Aaron Barr, claimed to have details of the Anonymous ringleaders. The group took offence and decided to hack the company’s Web page and Twitter account, stealing thousands of emails which were then distributed on The Pirate Bay.

As if that were not enough, the content of some of these mails has been highly embarrassing for the company, bringing to light certain unethical practices (such as the proposal to develop a rootkit), forcing Aaron Barr to stand down as CEO.

Malware Continues to Grow…

So far in 2011, there has been a surge in the number of IT threats in circulation: in the first three months of the year, there was a daily average of 73 000 new samples of malware, the majority of which were Trojans. This means that hackers have created 26% more new threats in the first months of 2011 than in the corresponding period of 2010.

Once again, Trojans have accounted for 70% of all new malware created. This comes as no surprise as these types of threats are favored, by organized criminals, for stealing bank details with which to perpetrate fraud or steal directly from victims’ accounts. As ever, Panda advises all users to ensure that computers are adequately protected. With this in mind, Panda offers a series of free tools including Panda Cloud Antivirus and Panda ActiveScan.

For more information about Panda, visit http://www.pandasecurity.com/.

Follow Panda SA on Facebook and Twitter

Trojans Dominate Cyber Threats in 2010

  • The malware distribution techniques in the spotlight this quarter include clickjacking, BlackHat SEO and 0-day attacks
  • 95% of all email in circulation was spam, and 55% of global spam originated from just 10 countries
  • Android smart phones are being targeted by hackers, thanks to their widespread popularity

Global IT vendor Panda Security has published its quarterly report on global virus activity. This third quarter has once again seen Trojans in the spotlight, as 55% of all new threats created were in this category.

Infection via email, traditionally the most popular vector for spreading malware, has declined in favour of more modern methods: use of social media, such as the clickjacking attacks using the Facebook “Like” button, fake Web pages positioned on search engines (BlackHat SEO) and exploits of 0-day vulnerabilities.

In addition, Google’s Android operating system for smart phones has come into the line of fire. Various threats have appeared recently, aimed above all at racking up phone bills or targeting the geolocalization function of the terminals.

Malware info

55% of new threats created this quarter were Trojans, most of them banker Trojans. This is in line with the general increase in these types of threats that Panda has witnessed over the last two years.

With respect to spam, 95% of all email circulating across the Internet during the last quarter was junk mail. Some 50% of all spam was sent from just ten countries, with India, Brazil and Russia at the top of the list.

“This edition of the report highlights the record levels of threat distribution through new channels”, says Jeremy Matthews, head of Panda’s sub-Saharan operations.

There has also been much talk of two serious 0-day flaws in the code of Microsoft’s operating system. One of these could have been exploited to attack SCADA systems (specifically, nuclear power stations), although this rumor is yet to be confirmed.

On a more positive note, Panda is happy to report the arrest of the creator of the Butterfly botnet kit, source of the notorious Mariposa network that impacted 13 million computers around the world.

And finally, the latest and hopefully last scare of this third quarter: a worm called ‘Rainbow’ or ‘OnMouseOver’. A vulnerability in the code of Twitter allowed JavaScript to be injected, enabling a series of actions: redirecting users to Web pages, publishing javascript on the user’s timeline without their permission or knowledge, etc. Twitter however resolved the problem in just a few hours.

Android: in the firing line of hackers

Over these three months Panda has also witnessed what could be the beginning of a wave of threats targeting smart phones, as it seemed that hackers have started lining up Android, Google’s popular operating system. Two applications have been developed specifically for this platform: FakePlayer, which under the guise of a video player, sends SMS messages generating a hefty phone bill for victims without their knowledge; and TapSnake, an app disguised as a game which sends the geolocalization coordinates of the user to an espionage company.

‘With the rise in social networking attacks and banker Trojans, we encourage users to always be vigilant when using the web, for personal or professional reasons. This coupled with good malware and virus protection, like Panda’s, is the best way to stay safe’, concludes Matthews.

You can download the PandaLabs quarterly report from http://press.pandasecurity.com/press-room/panda-white-paper/

For more information about Panda, visit http://www.pandasecurity.com/.

Social network apps used to aid housebreaking

With the boom in social networks and the numerous applications now available for sharing information across the Internet, global IT vendor Panda Security advises users to take extra precautions in order to prevent falling victim to computer fraud.

“This year we advise users to take particular care with the information they share across social networks”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This applies particularly to applications used to plan journeys or to locate people geographically through GPS devices, as this information could easily be exploited and used to aid housebreaking.”

These types of applications have become highly popular over the last year. Facebook apps such as Doorpl or Trip Advisor (which show messages describing where you are or where and when you are planning to go); the Twitter geolocation utility (displaying where tweets have been sent from), or services for locating mobile devices through GPS (now widely employed by iPhone or Android users), are just a few examples.

While many of these programs are interesting and fun, the problem lies in the exploitation of this information by criminals. The emergence (and closure) of services like Pleaserobme, which as its name suggests, connects with these applications to offer information about who is not at home, is just one example of the abuse of these applications. “This underlines how careless we can be as users when offering personal information publicly”, adds Matthews.

There are numerous precautions that users are encouraged to take in order to prevent being exploited during the holiday season.

Users who take their PC’s with them on holiday are advised to back up all their information as they face the risk of having their PC’s stolen or breaking down while away. In addition they are advised to have reliable, up-to-date protection with all the necessary security patches installed.  

Although encrypting the information on their hard disks may seem a tiresome or complex task, is another strong security measure Panda encourages users to take as it prevents anyone from accessing data without the right password.

Furthermore, users should never connect to unprotected WiFi networks, as they could be hooking up to a network set up by hackers to steal any information that they share across the Internet. It is always better to use secure, trusted networks, even if it means paying more. Lastly, users are advised to take care with email as phishing attacks and spam are becoming increasingly sophisticated.

In addition to this holiday advice, there are constant precautions that should always be taken.

No one should use applications for planning journeys offered by social networks, to ensure that you can’t be located. Similarly, users shouldn’t accept the geolocation function in Twitter or use this application from their cell phones.

Users who do spend time in chat rooms while on holiday should also never reveal any personal or confidential details to anyone unknown. If users notice any suspicious behavior on social networks (strangers with too much of an interest in your holiday destination, dates, etc.) they should contact the police. All these safety tips should be shared with children, who are more naïve than their parents and therefore make easier targets.

“In addition to the above, it is worth remembering some of the basic security measures at this time of year. Turn off your router when you leave home, beware of typical, holiday-themed phishing, take care with dubious looking websites, as many of them are designed to infect your computer… and, above all, have a great holiday”, concludes Matthews.

More information is available at the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.