" malware "

Cyber-crooks using celebs as bait

With the Oscars announced last week, Panda Security, the global IT security vendor, has revealed the most popular celebrity names sent in malicious emails (spam and malware-infected emails) by cyber-crooks.

“Cyber-criminals are always keeping track of the names that users frequently search for on the Internet or those that often crop up in forums or social networks,” says Jeremy Matthews, head of Panda Security’s sub-Saharan operations. “They then use these names when sending spam. This way, they entice users into opening the emails and following links or running attachments. This is known as social engineering. Users that take the bait will invariably end up infecting their computers with a virus or worm that could seriously damage their PC.”

The results of the survey clearly indicate how Hollywood actors were the favorite bait of cyber-crooks in 2008. Specifically, Brad Pitt (12.57%) and Tom Cruise (12.14%) occupied the first two places in the ranking and accounted for almost a quarter of all malicious mail related to famous people. They are this year’s joint-winners of the malware Oscars.

The girls weren’t far behind, though, occupying most of the remaining places in the top ten. Actresses Angelina Jolie (11.62%), Lindsay Lohan (10.15%), and Jessica Alba (9.52%) were in fourth and fifth and seventh places respectively. Jennifer Aniston, with 5.14%, was 10th in the ranking.

However the list also contained singers, both established and aspiring. Britney Spears was in third place with 12.01% of the total while the participants in American Idol came in sixth place, accounting for 9.79%.

Eighth and ninth places were occupied by the veteran TV presenter Oprah Winfrey (8.08%) and celebrity heiress Paris Hilton (6.64%) respectively.

Christina Aguilera, Barack Obama, Lewis Hamilton, Tiger Woods, Rihanna, Shakira, Madonna, Scarlett Johansson and Fidel Castro are some of the other famous names that have been used recently used as bait by cyber-crooks.

Typical phrases that are used in these emails include:

“Angelina Jolie nude”
“Britney Spears hot images”
“Rihanna exposed”
“Scarlett Johansson spills boobs”.

Matthews advises users not to open any unsolicited mail claiming to contain stories or photos of famous people and never to run any attachments or follow any links in these messages. If you think you’ve got a virus, you can scan your PC at www.infectedornot.com. You can also get cool internet safety tips from Panda’s blog: www.cybersafety.co.za

The Malware Oscar Winners:

Brad Pitt – 12.57%
Tom Cruise – 12.14%
Britney Spears – 12.01%
Angelina Jolie – 11.62%
Lindsay Lohan – 10.15%
American Idol – 9.79%
Jessica Alba – 9.52%
Oprah Winfrey – 8.08%
Paris Hilton – 6.64%
Jennifer Aniston – 5.14%
Others – 2.34%

Malware goes retro with the spread of the Sality.AO virus

Panda Security’s malware detection and analysis laboratory has noted an increase in the number of infections caused by Sality.AO, a virus that combines the features of traditional viruses (infecting files and damaging as many computers as possible to achieve notoriety for creators) with the objectives of new malware, i.e. generating financial returns for cyber-criminals. The global security vendor is therefore advising users to be on their guard against a potentially massive attack.

“Sality.AO uses some techniques which haven’t been seen for years, such as EPO or Cavity,” says Jeremy Matthews, the head of Panda Security’s sub-Saharan operations. “These techniques relate to the way in which the original file is modified in order to infect it, making it more difficult to detect these changes and to disinfect it. EPO allows part of a legitimate file to be run before infection starts, making it difficult to detect the malware while Cavity involves inserting the virus code in blank spaces within the legitimate file’s code, making it both more difficult to locate and to disinfect infected files.”

Matthews says that these techniques are far more complex than those that can be achieved with automatic malware creation tools, which have been responsible for much of the increase in the number of threats in circulation recently. They require much greater skill and knowledge of malicious code programming.

In addition to these techniques related with early malware, Sality.AO includes a series of features associated with new malware trends, such as the possibility to connect to IRC channels to receive remote commands, which could potentially turn the infected computer into a zombie. Such zombie computers can be used for sending spam, distributing malware and denial of service attacks.

Similarly, infections are not just restricted to files, as was the case with old viruses, but also look to propagate across the Internet, in line with new trends. To this end, it uses an iFrame to infect PHP, ASP and .HTML files on the computer. The result is that when any of these files are run the browser is redirected, without the user’s knowledge, to a malicious page that launches an exploit against a computer in order to download more malware.

If any of the infected files are posted on a webpage – bearing in mind these file types are typically uploaded to the Web – any users downloading the files or visiting the webpages will become infected.

The file downloaded through this technique is regarded by Panda as “hybrid malware” as it combines the functions of Trojans and viruses. The Trojan, in addition, has downloader features for downloading other strains of malware to the computer. The URLs used by this downloader were still not operative at the time of the Panda’s analysis, but they could become active as the number of infected computers increases.

“As we forecast in the annual PandaLabs report, the distribution of classic malicious code such as viruses will be a major trend in 2009. The use of increasingly sophisticated detection technologies like Panda Security’s Collective Intelligence, capable of detecting even low-level attacks and the newest malware techniques, will make cyber-crooks return to old codes, adapted to new needs. This means they won’t be viruses designed simply to spread or damage computers, as they were 10 years ago, but will be designed, such as in this case, to hide Trojans or turn computers into zombies,” concludes Matthews.

Valentines’ Day — the cybercrook’s favourite

Every year malware creators milk poor Valentine’s Day by sending out cute emails packed with vicious malware to to unsuspecting users. Obviously it keeps on working — that why they keep on doing it. Below Oscar Cavada from PandaLabs profiles a worm doing the rounds:

There are only 4 days left for Saint Valentine’s Day and this special date is being used again by the worm Waledac to spread itself.

The last variant that use this romantic subject to spread is W32/Waledac.J.worm.

The email messages that are being used for its distribution contains a link which points to a malicious website like the following:

We have found the following malicious domains (be careful) from which the worm is downloaded:

hxxp://cantlosedata.com
hxxp://losenowfast.com
hxxp://theworldpool.com
hxxp://alldataworld.com
hxxp://mingwater.com
hxxp://alldatanow.com
hxxp://cantlosedata.com

The filenames used by the worm are variable, but they are usually related to love. We have found the following:
run.exe, ecard.exe, programm.exe, lovekit.exe, runme.exe, start.exe, loveexe.exe, save.exe…

Cybercrime surge grabs attention at Davos

Cybercrime is in the news. The BBC reports on a panel discussion at the World Economic Forum in Davos where experts warned that the scourge was “rising sharply”. The article says:

Online theft costs $1 trillion a year, the number of attacks is rising sharply and too many people do not know how to protect themselves, they [the panel] said.

The internet was vulnerable, they said, but as it was now part of society’s central nervous system, attacks could threaten whole economies.

The past year had seen “more vulnerabilities, more cybercrime, more malicious software than ever before”, more than had been seen in the past five years combined, one of the experts reported.

The findings of the panel reflect Panda Security’s own observations: more malware was detected within the last year than within the past 17 years combined!

Read the rest of article here.

Only 8.4% of email reaching companies is legitimate

Only 8.4% of emails that reach companies are legitimate. Some 89.88% of messages are spam, while 1.11% are infected with malware. This data has been compiled after the analysis of 430 million email messages last year by TrustLayer Mail, the clean mail managed service from Panda Security, the global IT security vendor.

Only January witnessed levels of spam below 80%. During the rest of the year, the amount of spam fluctuated, peaking in the second quarter at 94.27%.

“With respect to infected messages, the Netsky.P worm was the most frequently detected malicious code,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This type of malware activates automatically when users view the infected message through the Microsoft Outlook preview pane. It does this by exploiting a vulnerability in Internet Explorer that allows automatic execution of email attachments.”

“The fact that these two malicious codes often act in unison explains the high number of detections of both,” said Matthews. “Cyber crooks often launch several strains of malware with each exploit to increase the chances of infection, so even if users whose systems are up-to-date are immune to the exploit, they could still fall victim to infection by the worm if they run the attachment.”

The Rukap.G backdoor Trojan, designed to allow attackers to take control of a computer, and the Dadobra.Bl Trojan were also among the most prevalent malicious code.

“For companies, spam is more than just a nuisance: It consumes bandwidth, wastes employees’ time and can even cause system malfunctions. In the end, it all results in a loss of productivity,” concluded Matthews.

Much of this spam was circulated by the extensive network of zombie computers controlled by cyber-crooks. A zombie is a computer infected by a bot, a type of malware allowing cyber criminals to control infected systems. Frequently, these computers are used as a network to drive malicious actions such as the sending of spam. Just in the last three months of the year, 301,000 zombie computers were being put into action every day.

The subject of spam

With respect to the different types of spam in circulation, 32.25% of spam in 2008 was related to pharmaceutical products with sexual performance enhancers accounting for 20.5%.

Spam relating to the economic situation also grew significantly throughout 2008. False job offers and fraudulent diplomas accounted for 2.75% of all junk mail in the year, while messages promoting mortgages and fake loans were responsible for 4.75%.

Spam promoting fake brand products was responsible for 16.75% of the total. This last category nevertheless, dropped from 21% in the first half of the year to 12.5% in the last six months.