" collective intelligence "


The Latest on Ransomware: CTB – Locker

Ransomware is malware that limits access to data on devices and demands a ransom be paid to the developer. Some forms of ransomware encrypt files on the systems hard drive, while some simply lock the system and display messages intended to persuade the user into paying.

In the past week there have been several cases of ransomware called CTB-Locker also known as Critroni Ransom. Generally spread via e-mail as an attachment; CTB-locker is released from time to time with the most recent cases occurring 18/19/20 January 2015.

CTB locker is run by a user. The application encrypts common file-types such as Excel and Word documents and images files such as Jpegs. The user then receives a display message stating that the data has been encrypted and that they need to pay a ransom.

It is not likely that the encrypted files are recoverable, in some cases users may be able to use Volume Shadow Copy, but essentially the most effective means of “recovery” is to back-up data/files on a regular basis and restore the most recent back-up.

CTB Locker doesn´t always remove the volume shadow copy (VSS), so depending on the affected operating system, if it is Windows Vista or higher, it is possible to retrieve a copy of the files affected by malware.

In this case, it is necessary to follow the steps below:

  1. Download and install the following software: http://www.shadowexplorer.com/downloads.html
  1. Once installed, browse to the location where the affected files are located
  1. Select a date prior to the infection.
  1. Select the affected file or folder, and choose the option “Export”.


Open Windows Spanish Trailer (2013) - Elijah Wood Movie HD from La Panda Productions on Vimeo.

Panda Security Ventures into the Movie Business with “Open Windows”

In a world where interconnectivity is increasingly important, Panda Security has chosen to sponsor a French-Spanish co-production, Open Windows, as a means of increasing public awareness of the dangers of the Internet, regardless of the device used to connect to it. Scheduled for release in a few months, the movie, directed by Spanish director-screenwriter Nacho Vigalondo, plays out in real time, utilizing different types of formats and electronic devices and the action is seen through the first-person view of the main character’s laptop. With cyber-crime as a backdrop, Open Windows stars Elijah Wood as an everyman whose girlfriend (Sasha Grey) has been abducted by a vicious killer. Wood’s character spends the rest of the film trying to find her, in a hunt that revolves around various forms of technology. The action is followed on the screen of a laptop connected to the Internet, an approach that reflects the importance of mobility and immediate Internet connectivity in today’s world. (more…)

New Panda Cloud Antivirus 2.0 Free Download Now Available

Panda Security has announced the launch of version 2.0 of its popular cloud-based consumer antivirus service Panda Cloud Antivirus, both for its Free and Pro Editions. This new version is fully compatible with Windows 8 Release Preview and incorporates a new smart community-based firewall and many other improvements.

Since its initial release in 2009, millions of users around the world have benefitted from award-winning free antivirus protection and minimal resource consumption that Panda Cloud Antivirus provides via its Collective Intelligence technology.

Thanks to a new cloud-based disinfection engine, Panda Cloud Antivirus 2.0 offers even better malware detection and disinfection capabilities, as proven by tests conducted by renowned independent laboratories such as AV-Test.org and AV Comparatives.

Panda Cloud Antivirus Free Edition optimizes security by adding behaviour-based scanning technologies, a feature previously only available in the Pro Edition. Panda Cloud Antivirus 2.0 incorporates a series of improvements aimed at defending users against an increasingly sophisticated and diverse set of threats such as rogueware and ransomware; neutralizing malware capable of getting past antivirus programs; and adapting its scanning techniques and sensitivity to the risk posed by each malicious item.

Panda Cloud Antivirus 2.0 removes all malware traces after neutralization it has a lower impact on system performance, and scans more than 50% faster than earlier versions of the program in on-demand scans.

“The new version of Panda Cloud Antivirus improves disinfection rates and reduces the memory footprint “said Jeremy Matthews, Country Manager at Panda Security.  “Thanks to the useful feedback of our beta tester community we have improved this product yet again, providing maximum PC protection and disinfection power with minimum impact on PC performance.”

Panda Cloud Antivirus Pro Edition

Panda Cloud Antivirus Pro Edition includes all the features of the Free Edition plus a new smart community-based firewall that automatically stops intrusion attempts and data leakage. In line with the product’s philosophy, the firewall minimizes user intervention by automatically managing application permissions based on the real-time knowledge gathered from Panda Security’s global user community. The new firewall incorporates an intrusion detection system and adapts its behaviour based on the network type the user is connected to (home, work, public place).

In addition, the Pro Edition includes 24×7 technical support and automatic USB vaccination against infections with auto run-based malware for R369.00. Existing Panda Cloud Antivirus users will be automatically upgraded to version 2.0.

To download Panda Cloud Antivirus 2.0 for free, please visit: www.cloudantivirus.com. To mark the launch of the new solution, Panda Security has teamed up with CNET, the popular download portal, to give away 5,000 1-year licenses of Panda Cloud Antivirus Pro Edition from: http://www.download.com


Panda Security announced the availability of Panda Global Protection 2013 Beta 2, its comprehensive solution for protecting the information and digital life of home computer users.

The new beta, which includes many of the improvements suggested by the Panda Security beta testing community, can be downloaded for free at


The first beta of Panda Global Protection 2013 was tested by users from 129 countries and recorded 23 percent more activations than the 2012 version. The countries with the most activations were Spain, USA, Brazil, Mexico, Russia, Peru, India, UK, Argentina and Vietnam.


The new beta has two goals, Firstly, to reflect the constant search for continuous improvement in Panda Security’s products. Secondly, to market a high-quality solution that satisfies user needs with the help of its beta testing users, who have the opportunity to try the product before its official launch. Thanks to their feedback, the company has been able to implement numerous activation, interface, design and usability enhancements in the beta launched in April.

The new version includes the following improvements:

  • Better malware detection
  • Improvements for several technology modules (TruPrevent, Web proxy and firewall).
  • Simpler and faster installation and activation processes.
  • Improved interface: Inclusion of new update buttons and the ability to access reports and statistics from the scan screen.
  • Better disinfection capabilities on Windows Vista, Windows 7 and Windows 8 (Consumer Preview).
  • Improved on-demand scanning by leveraging all the CPU cores.

Unlike the first version, the new beta release of Panda Global Protection 2013 is available in 21 other languages besides English and Spanish.

All users testing the Panda Global Protection 2013 Beta, both the new and the previous version, will receive a 50 percent discount on the purchase of the final product, and the ten beta testers suggesting the most helpful improvements will each receive a $200 Amazon.com gift certificate.

Panda Global Protection 2013 is the most comprehensive solution in Panda Security’s new retail product line-up. The product leverages Panda’s unique Collective Intelligence technology to collect threat intelligence from millions of computer users and deliver automated, instantaneous protection against known and unknown malware.

The new release builds on the core functionality that has positioned Panda Global Protection as the preferred solution among PC users. This includes a highly effective antivirus engine to protect against known and unknown malware; a firewall with Wi-Fi security to block intruders and hackers; Panda USB Vaccine to prevent USB devices from spreading infections; confidential information filters to keep personal data safe; backup and system recovery; and PC performance tuning. The new version includes a password manager: an encrypted password repository that protects users’ digital identity and allows them to log into websites with just one click.

Flame: new cyber-espionage tool?

Last week a “new” malware was uncovered (taking a look at our Collective Intelligence database, I can confirm that some of the files involved in this attack date back at least to April 2011.) that could be related to cyber-espionage (detected as W32/Flamer.A.worm). It has been infecting computers in middle-east countries (Iran, Israel, Syria, etc.) and its purpose is to steal information.

Iranian CERT has published information about this threat here and our colleagues from Kaspersky have been investigating it for some time and have published a nice Questions and Answers article here.

Usually targeted attacks are performed using Trojans, but this time you can see we are talking about a worm. Worms self-replicate, so at a certain point the owner / creator of the worm cannot control where it is spreading and who it is infecting to, and when you have some specific target(s) you want to be under the radar to avoid being discovered. How has Flame solved this issue? Even though it is a worm, its spreading mechanisms are disabled. It looks like whoever is behind can activate that feature when needed, a smart move when you want to go unnoticed.

What can Flame steal? Is it looking for the most hidden secrets that no other malware is capable to find? The answer is no, we have not found any feature not seen before in other malware samples yet. But it has a number of different stealing ways that are present all together, and has a number of different plugins that give Flame the capability to know everything about its target, even turning on the microphone and record whatever conversation is taking place.

I would like to quote this question and answer from the article our friends from Kaspersky have published:

Is this a nation-state sponsored attack or is it being carried out by another group such as cyber criminals or hacktivisits?
Currently there are three known classes of players who develop malware and spyware: hacktivists, cybercriminals and nation states. Flame is not designed to steal money from bank accounts. It is also different from rather simple hack tools and malware used by the hacktivists. So by excluding cybercriminals and hacktivists, we come to conclusion that it most likely belongs to the third group. In addition, the geography of the targets (certain states are in the Middle East) and also the complexity of the threat leaves no doubt about it being a nation state that sponsored the research that went into it.

First thing I want to say is that I do agree that this looks like a nation-state sponsored attack. However the explanation given is not good at all: as it is not stealing money from bank accounts and it is not a hack tool, it has to be a nation-state attack. Sure. Following this reasoning, “I love you” was also a nation-state sponsored attack.

Flame is designed to steal information in many different ways, it is controlled by a “mastermind” from a number of Command & Control servers and it has been developed and managed in a completely different way we are used to see in cybercriminals. It can spread but only when the people behind it want, and it has been seen only in a small number of countries in a region with a lot of political and economical interests.

(Source: PandaLabs)