" attacks "

password

Hackers Spark Revival of Sticky Keys Attacks

Hackers are constantly trying to find new ways to bypass cyber-security efforts, sometimes turning to older, almost forgotten methods to gain access to valuable data. Researchers at PandaLabs, Panda Security’s anti-malware research facility, recently detected a targeted attack which did not use malware, but rather used scripts and other tools associated with the operating system itself in order to bypass scanners.
(more…)

Q3-Image

PandaLabs Q3 Results: Trojans exceed PUPs in the third quarter

The results for the third quarter show that malware continues to break records, averaging at 227 747 new samples created daily.

The last four months has seen large high profile organisations fall victim to cyber-attacks; companies such as JP Morgan Chase, Target, Home Depot and online services such as Dropbox and iCloud.

The most recent victim is Sony. The hack on the company led to upcoming films and workers’ personal data, such as social security numbers and salaries being leaked online. The malware used in the attack was undetectable by industry standard antivirus software and was damaging and unique enough to cause the FBI to release a flash alert to warn other international organisations of the critical threat.

Trojans continue to be the most common malware during Q3, accounting for 75% of infections, compared to 62.80% in the previous quarter. PUPs ranked second, representing 14.55%of infections, decreasing since Q2. Adware/spyware comprises 6.88% of infections, worms at 2.09% and viruses at 1.48% – down since the second quarter.

The global infection rate increased from 36.87% in Q2 to 37.93% in Q3. The results for each country shows that China is still at the top, reaching an infection rate of 49.83%. China is followed by Peru at 42.38% and Bolivia at 42.12%.

Europe remains the region with the lowest infection rate, with nine European countries ranking in the top ten most secure countries.

The full report is available here.

Trick or treat? Halloween can end up really damaging your PC

  • Computer pranks with applications that simulate a Trojan infection are invading the Web
  • “Paranormal Activity 2” and “Friday the 13th” used in BlackHat SEO attacks to download malware

As Halloween approaches, applications, fake websites, spam and Trojans all put on disguises to try to trick users. Global IT vendor Panda Security has been detecting attacks like these since August, with the most proliferate attacks listed below.

Halloween pranks used to spread terror…

Even though computer pranks are nothing new, they get massively distributed in the days leading up to Halloween, with the aim of scaring users. These applications are actually harmless, as they really do not contain any malware or Trojans.

They usually arrive at the targeted computer from one of the victim’s contacts, as a Halloween video file or an online greetings card, via email, or a social network. However, once the user has downloaded and installed the item, it displays a series of messages and screens informing the user that they have been infected by a Trojan.

On other occasions, a flash movie may simulate the deletion of all contents on the computer’s hard disk, while a spooky skull is displayed on the screen. The website that distributes this prank offers a video with instructions to configure the movie in order to make it even more realistic and frightening. 

In reality, these are just computer virus hoaxes. However, there is no doubt that users will be really scared to see their computer almost destroyed!

And the real threats…

On other occasions, attackers are using latest releases like “Paranormal Activity 2” or Halloween classics like “Friday the 13th” to distribute malware. 

Hackers are using these well-known Hollywood productions to launch Blackhat SEO attacks, exploiting popular topics in order to place malicious websites at the top of search results when users look for certain terms in search engines. If a user accesses the malicious website, a Trojan or fake antivirus is downloaded onto their computer. These attacks not only exploit horror movies, but any other Halloween-related items like party invitations, etc.

Halloween spam

Panda has also seen an increase in the massive distribution of Halloween-themed spam, used to trick users into giving away their personal data and buying fraudulent or illegal products, or just make money as many of these companies get revenue through pay-per-click systems.

Some tips to protect you

As always, having a great antivirus and taking some basic precautionary measures are the best ways to stay protected against both real and/ or fake threats.

Panda offers the following advice to users: 

  • Don’t open emails or messages received on social networks from unknown senders.
  • Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc.
  • If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
  • Do not run attached files that come from unknown sources. In particular, watch out for any files with Halloween-related names.
  • Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page. To check that the page is secure, look for the security certificate in the form of a small yellow padlock next to the toolbar or in the bottom right-hand corner of the screen.
  • Don’t use shared or public computers for making transactions or operations that require you to enter passwords or other personal details.
  • Have an effective security solution installed, capable of detecting both known and new malware strains.

Panda Security offers users several free tools for scanning computers for malware, like Panda Cloud Antivirus: www.cloudantivirus.com.