" Facebook "

Android-Marshmallow

Android Marshmallow Protects against Ransomware

It’s becoming more and more common for malicious applications on Android to use ransomware as a means of attack. It is one of the most worrying threats to mobile users as it renders the device unusable until the fee is paid and is sometimes difficult to eliminate completely. Google is aware of this issue and has finally decided to face it head on.

Android 6.0 Marshmallow, which is already available on selected terminals, makes it more difficult for cyber-criminals to hijack users’ phones. This is thanks to the company’s experts designing a more advanced operating system to manage the permissions asked by different applications.

Until now, users accepted all of the permission requests at once when they installed the apps. Due to this, seemingly inoffensive apps such as a simple flashlight were able to access features that were not related to its sole purpose. Not all of these apps were dangerous and for the most part companies were only trying to fine tune their advertising. However, by allowing access to other functions and domains on the mobile devices – users opened the door for malware to infect the device as well.

(more…)

holiday-bg

10 Tips to Stop Cyber-Criminals from Ruining Your Holiday

Often when we go on holiday we jeopardise our own personal information, either by using credit cards in foreign countries, announcing our travels on social media or using open networks while travelling. Below are 10 tips on how to be more cautious when on holiday.

1  Don’t shout it from the rooftops

Don’t broadcast your upcoming holiday on social media. And if you do, then don’t reveal too many details about your plans. This information could be useful for someone with a sinister motive and could leave your home and valuables exposed.

Make sure you deactivate your GPS. This way you don’t have to worry about it giving away clues of your whereabouts which might avert criminals to the fact that you’re out of town.

2  Back-up all your devices

If you have decided  to take your laptop, tablet or smartphone with you on holiday – don’t forget to make back-ups of the data and store it in a secure place.
(more…)

BEWARE OF VALENTINE’S DAY MALWARE DISTRIBUTION

Panda Security’s anti-malware laboratory, PandaLabs have reported new malware distribution campaigns, which details numerous emails in circulation with links for downloading romantic greeting cards, videos, gift ideas, or Facebook and Twitter messages related to Valentine’s Day.

According to PandaLabs, social engineering is cyber-crooks’ preferred technique for deceiving users by convincing them to take a series of actions therefore obtaining confidential information from users. Crime-ware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.

Cyber-crooks, however, are also exploiting other channels, such as Facebook, Twitter or Google+ and given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as email. 

A Recently discovered, new Facebook attack that utilizes users walls to spread harmless messages inviting users to install a Valentine’s Day theme on Facebook. However, if the user clicks the wall post, they are redirected to a page where they are prompted to install the theme. This installs a malware file which, once run, displays ads from other websites. It also downloads an extension that monitors Web activities and redirects sessions to survey pages that request sensitive information like phone numbers.

Some weeks ago, the PandaLabs blog reported on a link included in a Twitter profile that took users to a dating site: http://pandalabs.pandasecurity.com/sex-lies-and-twitter/. Special dates like Valentine’s Day can see a proliferation of malicious Twitter posts used to steal users’ confidential data and empty their bank accounts through social engineering. 

Here is a collection of some of the Valentine’s Day themed malware campaigns detected by PandaLabs in recent years: 

Waledac.C: This worm spread by email trying to pass itself off as a greeting card. The email message includes a link to download the card. However, if the user clicks the link and accepts the subsequent file download they are actually letting the Waledac.C worm into their computer. Once it infects the computer, the worm uses the affected user’s email to send out spam.

I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.

Nuwar.OL: This worm spread in email messages with subjects like “I love You So Much”, “Inside My Heart” or “You in My Dreams”. The text of the email included a link to a website that downloads the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers.

 Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.

Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.

Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background.

Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background.

Web page displayed by Storm Worm. You can see the image at: http://prensa.pandasecurity.com/wp-content/uploads/2012/02/STORMWORM.jpg

 PandaLabs offers users a series of tips to avoid falling victim to computer threats:

  •  Do not open emails or messages received on social networks from unknown senders.
  •  Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc. If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
  •  Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Valentine Day’s greeting cards, romantic videos, etc.
  •  Even if the page seems legitimate, but asks you to download something, you should be suspicious and don’t accept the download. If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.
  •  If you are making any purchases online, type the address of the store in the browser, rather than going through any links that have been sent to you. Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page.
  •  Do not use shared or public computers, or an unsecured WiFi connection, for making transactions or operations that require you to enter passwords or other personal details.
  •  Have an effective security solution installed, capable of detecting both known and new malware strains.

 Panda Security offers you several free tools for scanning computers for malware, like Panda Cloud Antivirus: www.cloudantivirus.com

 More information is available in the PandaLabs blog: http://pandalabs.pandasecurity.com

Katy Perry & Russell Brand used as bait to Spread New Facebook Worm

Panda Security’s antimalware laboratory, PandaLabs have recently detected a new Facebook scam that uses a fake video of singer Katy Perry and ex-husband actor Russell Brand to trick users.

  

According to PandaLabs, if the user clicks the link, they are taken to a fake Facebook page where they are invited to download a plug-in to watch the video. The page indicates that over 4,000 people have already clicked the “Like” button, which is used by the scammers to trick victims into believing that the video is legitimate.

 

If the user tries to play the video, the worm will act differently depending on the browser used. On Internet Explorer, the worm displays an age verification page to access an application called “X-Ray Scanner”.

Then, before the user can take any other action, the browser takes them to a typical scam site where they are asked to enter their phone number. However, if they do so, they will start receiving unwanted premium rate text messages.

The infection is even more serious on Firefox and Chrome, as the worm installs a browser plug-in and uses it to post the scam to the victims’ friends’ pages.

According to Luis Corrons, technical director of PandaLabs, “Once again, user curiosity becomes cyber-criminals’ best ally. Scammers exploit people’s interest in this couple to infect users, who click the malicious link and download the worm without taking any precautions. This has two negative effects: on one hand, users infect their own computers; and on the other, a message is automatically sent to all of their Facebook friends.”

Social engineering is cyber-crooks’ weapon of choice to spread their creations through social media. The fact that users themselves unknowingly send the malicious links to friends facilitates malware distribution as people are more likely to click on a link received from a reliable source. There have been similar cases in the past. Last year, for example, over 80,000 users fell victim to a scam exploiting Steve Jobs’s death.

PandaLabs offers users tips on how to avoid falling victim to this type of scam:

–       Be wary of websites offering sensational videos or unusual stories.

–       Before you click on a link sent by one of your contacts, make sure it has been intentionally sent by your friend and it is not the result of a massive scam like this one.

–       Don’t accept friend requests from people you don’t know. This will help keep your privacy safe.

–       Always keep your computer’s operating system and Web browsers up to date, and make sure you have an up-to-date antivirus solution installed.

If, however, you suspect you have fallen into the trap:

–       Check your browser plug-ins and remove any suspicious ones.

–       Check the applications that have permission to access your Facebook account, and delete those you don’t know.

–       Change your Facebook account password. If you use the same credentials to sign in to other services as well, change them too. It is always better to take all necessary precautions.

More information is available in the PandaLabs Blog.

About Panda Security 

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the World. Panda Security was the first IT security company to harness the power of cloud computing with its Collective Intelligence technology. This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers and home users the most effective protection against Internet threats with minimum impact on system performance. Panda Security has 61 offices throughout the globe with US headquarters in Florida and European headquarters in Spain. In 2006, Jeremy Matthews founded Panda’s local subsidiary in Cape Town, opening the international vendor’s first presence on the African continent.

For more information, visit http://www.pandasecurity.co.za/

For more information:

pr@za.pandasecurity.com

Tel. 08600 PANDA (72632)

Follow us on:

http://on.fb.me/PandaSecurityZA

http://www.twitter.com/PandaSecurityZA

www.gplus.to/PandaSecurityZA

Parents help underage children lie to get on Facebook

I have recently read an article claiming that millions of preteens have signed up for Facebook, as indicated by a recent survey carried out in the US which showed that parents actually helped them lie to do it. I have 4 kids under age 12 and all of them have Facebook accounts, so I feel very much related to this issue.

Facebook sets the minimum age for using its service at 13 to comply with US federal laws that protect children’s online privacy.

However, a new survey from Microsoft and such top universities as Berkeley and Harvard has found that half of all parents with 12-year-olds and 1 in 5 parents of 10-year-olds knew their kids were using Facebook.

Asked how the children signed up for the service, thus violating the site’s terms of service, nearly 7 in 10 parents admitted they helped their kids set up the accounts.
The survey, conducted by Harris Interactive, drew from a random sampling of 1,007 parents with children ages 10 to 14.

The survey comes amid a debate over children’s oline privacy protection in a new era of mobile apps and other technologies. Consumer reports recently reported that 7 million underage users were on Facebook.

Do age limits for Internet services really stop children from using age-restricted sites? Should companies be allowed flexibility to experiment with new services and technologies without new regulations?

Most parents, me included, want our kids online as early as possible. We don’t want to be told how to be a parent. We want our children to be part of the digital world and be able to communicate with relatives and friends using current technology tools.

But, what do privacy advocates say? Well, they say that parents are not fully aware of what data is being collected about their children. If parents knew that sites such as Facebook collect information to deliver customized ads, they would be more cautious. This is total nonsense in my opinion. Or is that TV stations don’t bombard our kids with advertising in children’s networks?

Now, the question is: Is it really good for Facebook to have those underage users illegally? Well it must be, otherwise they would do something about it.

What do you think?

For more information, visit http://www.pandasecurity.co.za/

For more information:

pr@za.pandasecurity.com

Tel. 08600 PANDA (72632)

Follow us on:

http://on.fb.me/PandaSecurityZA

http://www.twitter.com/PandaSecurityZA

http://www.gplus.to/PandaSecurityZA

Android, Facebook and HBGary Federal all hacked in the First Quarter of 2011

Global IT vendor Panda Security has published the first PandaLabs Quarterly Report of 2011. This quarter has witnessed some particularly intense  virus activity with the three most serious incidents including: the single largest attack against Android cell phones, the intensive use of Facebook to distribute malware and an attack by the Anonymous hacktivist group against the HBGary Federal security firm.

At the beginning of March, Android experienced the largest attack to date on their software. This assault was launched from malicious applications on Android Market. In just four days these applications, which installed a Trojan, had racked up over 50 000 downloads. The Trojan in this case was highly sophisticated, not only stealing personal information from cell phones, but also downloading and installing other apps without the user’s knowledge. Google managed to rid its store of all malicious apps, and some days later removed them from users’ phones.

With regards to Facebook, George S. Bronk, a 23-year-old from California, pleaded guilty to hacking and blackmail, and now faces up to six years in prison. Using information available on Facebook, he managed to gain access to a multitude of email accounts. Having hijacked an account, he would search for personal information he could then use to blackmail the victim. It would seem that anyone could become a victim of these types of attacks, as even Mark Zuckerberg –creator of Facebook– had his Facebook fan page hacked, displaying the status, “Let the hacking begin”.

The Anonymous cyber-activist group responsible for launching an attack in 2010 against SGAE (the Spanish copyright protection agency), among other targets, is still making headlines. The latest incident was triggered when the CEO of US security firm HBGary Federal, Aaron Barr, claimed to have details of the Anonymous ringleaders. The group took offence and decided to hack the company’s Web page and Twitter account, stealing thousands of emails which were then distributed on The Pirate Bay.

As if that were not enough, the content of some of these mails has been highly embarrassing for the company, bringing to light certain unethical practices (such as the proposal to develop a rootkit), forcing Aaron Barr to stand down as CEO.

Malware Continues to Grow…

So far in 2011, there has been a surge in the number of IT threats in circulation: in the first three months of the year, there was a daily average of 73 000 new samples of malware, the majority of which were Trojans. This means that hackers have created 26% more new threats in the first months of 2011 than in the corresponding period of 2010.

Once again, Trojans have accounted for 70% of all new malware created. This comes as no surprise as these types of threats are favored, by organized criminals, for stealing bank details with which to perpetrate fraud or steal directly from victims’ accounts. As ever, Panda advises all users to ensure that computers are adequately protected. With this in mind, Panda offers a series of free tools including Panda Cloud Antivirus and Panda ActiveScan.

For more information about Panda, visit http://www.pandasecurity.com/.

Follow Panda SA on Facebook and Twitter