" malicious code "

Facebook, favourite bait of cyber-crooks in 2011

–       In just three days, two new malicious codes using Facebook have been discovered

The recent trend for developing computer threats designed to spread by exploiting the most popular social media continues to gather pace, reports global IT vendor Panda Security. In the last three days alone, two new malicious codes that use Facebook to ensnare victims have been wreaking havoc.

One of these, Asprox.N, is a Trojan that reaches potential victims via email. It deceives users by telling them that their Facebook account is being used to distribute spam and that, for their security, the login credentials have been changed. It includes a fake Word document supposedly containing the new password.

The email attachment has an unusual Word icon, and is called Facebook_details.exe. This file is really the Trojan which, when run, downloads a .doc file that runs Word to make users think the original file has opened.

The Trojan, when run, downloads another file designed to open all available ports, connecting to various mail service providers in an attempt to spam as many users as possible.

The other, Lolbot.Q, is distributed across IM applications such as MSN and Yahoo!, displaying a message with a malicious link. This link downloads a worm designed to hijack Facebook accounts and prevent users from accessing them. If users then try to login to Facebook, a message appears informing that the account has been suspended and that to reactivate them they must complete a questionnaire, with the offer of prizes –including laptops, iPads, etc.– to encourage users to take part.

After several questions, users are asked to enter their cell phone number, where they will receive data download credits for a cost of R83 a week. On subscribing to the service, victims will receive a password with which they can recover access to their Facebook account.

“Once again cyber-criminals are using social engineering to trick victims and infect them with malware” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “Given the increasing popularity of social media, it is no surprise that it is being exploited to lure potential victims”.

PandaLabs advises all users to be wary of any messages with unusually eye-catching subjects, whether via email or IM or any other channel; and to be careful when clicking on external links in Web pages. Obviously, we also warn users not to enter any personal data in applications attempting to sell any type of test.

For more information visit: www.pandalabs.com

Follow Panda Security South Africa on Facebook and Twitter @PandaSecurityZA

One third of all computer viruses created in the first 10 months of 2010

–       Between January and October this year, hackers have created 20 million new variants, the same amount as in the whole of 2009

–       The average number of threats received every day by PandaLabs has risen from 55,000 to 63,000

According to Panda Security in the first ten months of the year the number of threats created and distributed account for one third of all viruses that exist. These means that 34% of all malware ever created has appeared in the last ten months. The company’s Collective Intelligence database, which automatically detects, analyzes and classifies 99.4% of the threats received, now has 134 million separate files, 60 million of which are malware (viruses, worms, Trojans and other threats).

In the year up to October, some 20 million new strains of malware have been created (including new threats and variants of existing families), the same amount as in the whole of 2009. The average number of new threats created every day has risen from 55,000 to 63,000.

“This would all suggest that the cyber-crime market is currently in good health”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “Also, this figure may reflect the increasing number of cyber-crooks with limited technical knowledge who are turning their hand to these activities.”

This also means that although more malicious software is created, its lifespan is shorter: 54% of malware samples are active for just 24 hours, as opposed to the lifespan of several months enjoyed by the threats of previous years. They now infect just a few systems and then disappear. As antivirus solutions become able to detect new malware, hackers modify them or create new ones so as to evade detection. This is why it is so important to have protection technologies such as Collective Intelligence, which can rapidly neutralize new malware and reduce the risk window to which users are exposed during these first 24 hours.

Despite these dramatic numbers, the speed with which the number of new threats is growing has dropped since 2009. Since 2003, “new threats have increased at a rate of 100% or more. Yet so far in 2010 the rate of growth is around 50%”, explains Luis Corrons, Technical Director of PandaLabs.

“This doesn’t mean that there are fewer threats or that the cyber-crime market is shrinking. Quite the opposite; it continues to expand, and by the end of 2010 we will have logged more new threats in Collective Intelligence than in 2009. Yet it seems as though hackers are applying economies of scale, reusing old malicious code or prioritizing the distribution of existing threats over the creation new ones”, adds Corrons.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/

Follow us on:




40% of all fake antiviruses created in 2010

–       11.6% of all computer threats gathered over the last 21 years belong to this category

–       34,8% of all computers worldwide are infected

Panda Security has warned of the recent proliferation of fake antiviruses (also known as ’rogueware’), as 40% of all fake antiviruses ever created have been created this year. That is, ever since this type of malicious code was first reported four years ago, 5,651,786 unique rogueware strains have been detected, out of which 2,285,629 have appeared from January to October 2010. 

If the number of rogueware specimens is compared to the total number of malware strains included in Panda’s Collective Intelligence database, 11.6% of all samples correspond to fake antiviruses. “This is a staggering figure, especially if you consider that this database contains all malware detected in the company’s 21 year-history and rogueware only appeared four years ago”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. 

Rogueware’s sophistication, realism and social engineering techniques are the basis of its success, as shown by the fact that more and more users are falling victim to this scam. So far this year, 46.8% of all computers worldwide have become infected with some sort of malware, and 5.40% have been affected by rogueware.

While there are many different types of rogueware, the top fake antiviruses are created to generate a profit.

Every new victim of a fake antivirus scam allows hackers to make money by selling antivirus licenses that users will actually never get, stealing credit card data they can sell on the black market and use to make online purchases, etc.

According to a study conducted by Panda, rogueware authors make over $34 million a month (approximately $415 million a year).

How fake antiviruses work

Even though the fraudulent business of rogueware was first reported in 2006, it was not until 2008 that this type of malicious code actually started to proliferate. Users can become infected simply by browsing the Web, downloading codecs for media players, clicking links in emails, etc

Once they have infected a system, these applications try to pass themselves off as antivirus solutions that detect hundreds of threats on the victim’s computer. When the user goes to remove the threats, they are asked to buy the ‘full’ product license, and very often they take the bait and end up doing so. However, once they buy the license, they will never hear from the ‘seller’ again and still have the false antivirus on their computer.

“The best way to protect yourself against fake antiviruses is to have a good real one, like Panda, stalled. Always initiate all program and software installations yourself, and don’t trust pop up programs that make excessive claims”, concludes Matthews.

For more information about Panda, visit http://www.pandasecurity.com/.

Follow us on Facebook and Twitter @PandaSecurityZA