" Facebook "

Hackers use Facebook, Cracks, Videos and Installers to Infect Users

  • eBooks are increasingly used as bait
  • Natural disasters and events are frequently exploited by hackers

Global Cloud Security Company Panda Security has released a study on the nature of malware-infected websites blocked by the company’s antivirus solutions in Quarter 1 2011. According to the research, 25% of sites used video and multimedia contents as bait; 21.6% referred to installers or program updates; 16.5% claimed to contain cracks and keygens, and 16% were social media URLs. eBooks are in fifth place on the list (5.25% of occurrences), followed by P2P downloads and adult content.

“Users continue to fall victim to malicious links offering to take them to an exciting video or the new episode of their favorite TV show” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This technique has become a weapon of choice for hackers as it requires minimum investment and attracts a large number of victims.”

Most Blocked URLs in Quarter 1

The three most blocked sites by Panda solutions in the first quarter of the year are three Brazilian Web pages, the first one referring to a video released by the Japanese consulate showing the rescue of a group of tsunami survivors.

The second site contains a video supposedly showing a short circuit causing the death of 15 people, and the third one supposedly contains footage of a police officer being fired because of his Internet activities.

“Attackers exploit hot topics and users’ morbid curiosity”, continues Matthews. “Most people are interested in watching footage from Japan’s earthquake.”

Popularity Ranking

The study shows user preferences in relation to the malware lures used. For example, if you take a look at P2P applications, you’ll see that the most popular program is Ares, followed by Torrent and eMule. As for social networks, Facebook is still the king, way ahead of MySpace.

The most searched for operating system is Windows, followed by Mac and Linux. Finally, Explorer still dominates the Web browser market, with Firefox and Chrome trailing behind.

It has become increasingly difficult for users to differentiate between fake and real websites and sometimes it’s hard for users to tell if their system has been infected. This is why Panda offers users Panda Cloud Antivirus, a free tool for them to get a ‘second opinion’ on the health status of their computers. Panda Cloud Antivirus scans your PC thoroughly even if you have other antivirus programs installed.

“Most of these sites download Trojans onto users’ computers without their knowledge. Therefore, a good security solution capable of blocking them proactively is extremely helpful for users who, in most cases, cannot distinguish between ‘good’ and ‘malicious’ websites”, concludes Matthews.

For more information about Panda, visit http://www.pandasecurity.com/.

Follow Panda SA on Facebook and Twitter

Protect Yourself against the Growing Cyber-Crime Black Market

Global IT Vendor Panda Security has launched a campaign against the ever growing world of cyber-crime. The campaign aims to educate both businesses and home users about the dangers of cyber-crime, and the ways in which becoming a victim of its growth may be avoided.

“Cyber-crime preys on unsuspecting users”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “That’s why these campaigns are so important-they provide very necessary and useful information that may help many individuals and businesses avoid becoming victims.”

Trojans: The Tools of the Trade

The year 2003 saw the creation of the first banker Trojan. Since then, Trojans have become one of the most common types of malware, accounting for 71% of all threats, because they are the best tool for hackers and organisations involved in identity and detail theft. Every day, increasingly sophisticated variants emerge, designed to evade the security measures put in place by banks, online stores, pay platforms, etc. The reason for this rapid growth is clearly profit based.

How the Cyber-crime Black Market Works

Online mafias are highly organised and strategic with regards to their operations and deployment. Not only do they seem like real companies, they operate across the globe, throwing their nets wide.

The cyber-crime black market works in a two step process. Step one involves the creation of malware and it distribution to potential victims. The heads of the criminal organisations hire hackers and programmers to create malware like Trojans, bots and spam. This malware is then usually spread through email and social media sites like Facebook, YouTube, MySpace and Twitter. Once a victim has been caught in the trap, their confidential information is stolen and then stored for sale on a server.

In step two, the confidential data is sold on underground sites. The black market offers confidential personal data from as little as $2 but it can reach prices exceeding $700. Often, money is stolen directly from victims’ bank accounts. In this case, money mules are used to forward the stolen funds in exchange for commission. Sometimes these mules do not know that they are moving funds illegally until they are caught and used as scapegoats in the event of arrests being made. Finally, the stolen funds are transferred into the hands of the gang leaders through services like Western Union.

Panda’s Security Advice

While the spread of cyber-crime is increasing, there are a few precautions one can take to stave off becoming a victim.

Precautions such as memorising your passwords, instead of saving them on your PC can minimise your risk. Users are also advised to never give away personal information telephonically or on the internet if the company or website is unknown.

Closing all your browser sessions and working with just one at a time can also decrease your chance of being lured into a fake website.

Lastly, if you get any suspicious messages from the bank, an online store or a payment platform, contact the customer relations department from the company it was supposedly sent from. If this suspicious activity persists, or if you notice any unusual account transactions, do not hesitate to inform your bank.

“Cyber-crime is a scary reality but those who take the time to inform themselves and then take the necessary precautions advised on the mini-site should remain safe”, concludes Matthews.

The mini-site also includes a link to scan your personal or business PC for infections and is available at: http://cybercrime.pandasecurity.com/blackmarket/index.php

For more information about Panda, visit http://www.pandasecurity.com/.

Follow Panda SA on Facebook and Twitter

Cyber-activism and Cyber-warfare major IT Security Topics in 2011

  • WikiLeaks is ‘unstoppable’
  • Cyber-activism on the increase, but cyber-war is an ‘exaggerated term’

Global IT vendor Panda Security reports that cyber-activism and cyber-warfare will continue to be major topics in IT security this year.

The 3rd Security Blogger Summit, recently hosted by Panda in Madrid, focused on cyber-activism and cyber-war as well as on the new dangers posed to users and institutions on the Internet. The roundtable discussion highlighted the most recent examples of these emerging trends, international cooperation and the limits of these activities on the Web. The discussion also centered on the new trends for 2011 and the legal framework against this type of Web activity.

Opinions about cyber-activism and WikiLeaks proved relatively united, with most of the participants agreeing that it is an unstoppable phenomenon. “There is no way to stop a phenomenon like WikiLeaks”, said Enrique Dans, panel member. “In the future anybody will be able to disclose relevant information from a website, as contaminated as this might be.”

Bob McMillan, a San Francisco-based computer security journalist explained that, in his opinion, “WikiLeaks is as important as The New York Times. It’s has helped those who wanted to expose sensible information, and to think of changing the legislation in the wake of a denial of service attack like those in the operation ‘Avenge Assange’ is very difficult”. Operation ‘Avenge Assange’ was initiated by the Anonymous group and Operation Payback, targeting firstly organizations trying to close the net on Internet piracy, and later in support of Julian Assange, editor-in-chief of WikiLeaks.

Cyber-activism was discussed as a growing occurrence. Participants agreed that the technical evolution means people are able to replace meetings and gatherings with internet-based tools. Furthermore, the global situation that the technical evolution has created means that cyber-activism is possible on an international scale, with it becoming more and more unnecessary to gather large amounts of people in order to attract attention. IT researcher Rubén Santamarta indicated that, “Cyber-activism was born from the global situation we live in. Even users with limited technical know-how can join in the distributed denial of service attacks (DDoS) or spam campaigns.”

Despite hasty attempts in many countries to pass legislation to counter this type of activity, effectively by criminalizing it, Panda believes that in 2011 there will be yet more cyber-protests, organized by this group or others that will begin to emerge.

Cyber-war: Reality versus sensationalism

The Summit participants also discussed some of the most relevant examples of cyber-war, such as the alleged attacks targeting Iran’s nuclear plants using the Stuxnet Trojan, as well as Operation Aurora, concerning attacks on Google from China in order to steal secret corporate information.

Panel members Elinor Mills and Bob McMillan coincided in pointing out that the term ‘cyber-war’ was ‘too exaggerated’ for the actual events taking place. “We still do not know the real dimensions of cyber-war and it is easy to confuse it with espionage or even cyber-crime”, explained Elinor Mills. Bob McMillan added that, “Even though Stuxnet has been used as a cyber-weapon, it does not mean that we are already knee deep in a cyber-war. If there really was a cyber-war, it would be on a global scale, as with the two Great Wars of the 20th century.”

However, others insisted on the idea that the cyber-war phenomenon is at its early stages and will probably become a reality in 10 years’ time. “We are talking about a war without an army. It is a fourth-generation war where it is possible to damage a country without having to invade it with soldier”, says Santamarta. “A country can have another one under control through the Internet even before they have declared war on each other”, he concludes.

While the debate over cyber-war and its effects continue, Panda believes that these kinds of web attacks will increase in 2011, with many of them remaining unnoticed by the general public.

More information about the 3rd Security Blogger Summit is available at www.securitybloggersummit.com.

For more information about Panda, visit http://www.pandasecurity.com/.

Follow Panda SA on Facebook and Twitter

Facebook, favourite bait of cyber-crooks in 2011

–       In just three days, two new malicious codes using Facebook have been discovered

The recent trend for developing computer threats designed to spread by exploiting the most popular social media continues to gather pace, reports global IT vendor Panda Security. In the last three days alone, two new malicious codes that use Facebook to ensnare victims have been wreaking havoc.

One of these, Asprox.N, is a Trojan that reaches potential victims via email. It deceives users by telling them that their Facebook account is being used to distribute spam and that, for their security, the login credentials have been changed. It includes a fake Word document supposedly containing the new password.

The email attachment has an unusual Word icon, and is called Facebook_details.exe. This file is really the Trojan which, when run, downloads a .doc file that runs Word to make users think the original file has opened.

The Trojan, when run, downloads another file designed to open all available ports, connecting to various mail service providers in an attempt to spam as many users as possible.

The other, Lolbot.Q, is distributed across IM applications such as MSN and Yahoo!, displaying a message with a malicious link. This link downloads a worm designed to hijack Facebook accounts and prevent users from accessing them. If users then try to login to Facebook, a message appears informing that the account has been suspended and that to reactivate them they must complete a questionnaire, with the offer of prizes –including laptops, iPads, etc.– to encourage users to take part.

After several questions, users are asked to enter their cell phone number, where they will receive data download credits for a cost of R83 a week. On subscribing to the service, victims will receive a password with which they can recover access to their Facebook account.

“Once again cyber-criminals are using social engineering to trick victims and infect them with malware” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “Given the increasing popularity of social media, it is no surprise that it is being exploited to lure potential victims”.

PandaLabs advises all users to be wary of any messages with unusually eye-catching subjects, whether via email or IM or any other channel; and to be careful when clicking on external links in Web pages. Obviously, we also warn users not to enter any personal data in applications attempting to sell any type of test.

For more information visit: www.pandalabs.com

Follow Panda Security South Africa on Facebook and Twitter @PandaSecurityZA

Twitter targeted by hackers this Christmas

–      Numerous Twitter accounts have been created to spread malicious code through festive messages

–      Every year threats are spread via email and social media using Christmas-themed messages

According to Panda Security, cyber-criminals are exploiting Twitter to spread malware in festive-themed messages. Using methods akin to Black Hat SEO techniques, hackers are taking advantage of trending topics to position malware distribution campaigns. Topics such as “Advent calendar”, “Hanukkah” or even “Grinch”, are among the most popular subjects used by hackers to entice users.

Thousands of tweets have been launched using festive-themed phrases, such as “Nobody cares about Hanukkah” or “Shocking video of the Grinch”, along with short URLs pointing to malicious websites.

Users that click the link will be taken to a page that infects systems with false codecs by exploiting a security hole in PDF files and tries to trick users into downloading a codec that is really a downloader Trojan, which in turn downloads more malware onto the compromised computer.

In addition to subjects related to Christmas, cyber-criminals are using other hot topics to spread their creations, including the Sundance festival, the AIDS campaign and the Carling Cup.

According to Jeremy Matthews, head of Panda’s sub-Saharan operations, “Social networks like Facebook and Twitter are becoming increasingly popular with hackers because of their ever-increasing number of users, and the ease at which they (the hackers) can post malicious links. That’s why the number of clicks, and therefore infections, tends to be very high.”

Keep your computer safe this Christmas

With the increased risk over the Christmas period, Panda offers users a series of practical security tips for using social media:

1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Twitter, through other social networks and even via email.

2) If you click on the links, check the target page. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC starts to launch messages or behaves strangely, there is probably malware on your computer. In this case, you should check your computer with a free online scanner such as ActiveScan, available at: www.activescan.com

5) As a general rule, make sure your computer is well protected to ensure that you are not exposed to the risk of infection from any malicious code. You can protect yourself with the new, free Panda Cloud Antivirus solution (www.cloudantivirus.com).

“It is important to remember that hackers will take advantage of any big holiday or event, which is why it is important to remain extra vigilant during these times”, concludes Matthews.

For more information about Panda, visit http://www.pandasecurity.com/.

Panda marks Universal Children’s Day with web safety advice for kids

Panda Security marked Universal Children’s Day on the 20th of November with advice to children on how to use the Internet responsibly and ensure they enjoy the Web as safely as possible. This initiative from Panda Security aims to promote responsible and secure use of the Internet among young people, and is part of the company’s “Kids on the Web” campaign (www.kidsontheweb.com).

With this in mind, Panda offers this simple, practical guide to children:

  1. Don’t click suspicious links. When using instant messaging programs (such as MSN Messenger or any other chat application) or you receive an email, never click directly on any links. If the message or email comes directly from someone you know, then type the address in the browser. If you don’t know the person that it has come from, the best thing to do is to ignore it.
  2. It is dangerous to download or run files from unknown sources. You have probably gotten instant messages inviting you to download a photo, a song or a video. This file could have been sent by a dangerous program that has infected a friend’s computer and which is trying to spread to other users. Just in case, the best thing to do is ask your friend if they have really sent something. If they haven’t, let them know that they are infected so they can delete the file.
  3. Don’t speak to strangers. In chat rooms, social networks or across instant messaging, you can never be completely sure who you’re speaking to, as you can’t see them. Especially in online communities, where people have never met in real life. Never make friends with strangers, and never ever arrange to meet them in real life.
  4. Don’t send private information across the Internet. Never send private information (your address or phone number, etc.) via email or instant messaging, and never publish this kind of information in a blog or on a forum. You should also take care when you create profiles for sites such as Facebook or Myspace. You should never include information such as your age or your address.
  5. If you have the slightest doubt, be careful. If a program you don’t remember installing begins to display false infections or pop-ups inviting you to buy some type of product, be wary. You probably have some type of malware installed on your computer.
  6. Don’t browse the Web alone. If you’re going to search on the Internet, it’s much better to get an adult to guide and advise you on where to look. It is far more secure to visit trustworthy and official sites rather than unknown Web pages.
  7. Talk to your parents or teachers. If you see something suspicious or you receive a nasty or dangerous email, speak to an adult. They will be able to advise you.

“Many young children have online acces and the ‘digital gap’ between parents and children is exposing many young people to the dangers of the Internet”, explains Jeremy Matthews, head of Panda’s sub-Saharan operations. “We need to make sure our children can enjoy the Web in a healthy way. We always advise that the best way to achieve this is for parents and children to have a relationship based on trust, so it is not necessary to be constantly monitoring kids while they’re on social networks and the like”, he concludes.

More information at www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Visit our Facebook Page and Follow us on Twitter http://www.twitter.com/PandaSecurityZA