" panda security "

“Don’t get taken in by the Conficker panic”

By Luis Corrons, head of PandaLabs

Lately it seems everybody is talking about Conficker and its variants. And much more so if we have to take into account the build up fear around the coming day of April 1st.  It’s been a while since we saw so much coverage in the general media and I don’t want to tell you to disregard this, because it does contribute to general awareness and make users more conscious of the threats they face.  But I also want to say that perhaps it does more harm than good.

Let’s go back over the issues that are flying around the world. Regarding the damn date: will Conficker be activated on the first of April? No. But it will do something that day, won’t it? Yes. Conficker is a malware variant that creates random URLs every day. The PCs infected with it check if there is any new available version to download. It does so 250 times a day. What will happen then on the first of April?

The last variant creates 50,000 new URLs. And although we can’t know if any of them will host an update of the malware, its author could quite easily host a new version or even some other type of malware. If any URL contains an update of the worm, which actions will the new variant carry out? We don’t know — no one, in fact, has been able to figure out the final aim of Conficker. What we do remember from previous infections is that the author’s motive is to become famous, but we doubt very much that it all ends there. If we think about the different business models that there are currently behind malware (mentioned in the PandaLabs blog many times before), it is obvious that its author – or authors will be looking to make money in some way. But, in which way? One possibility is that it could harness the net of infected PCs to send spam, by installing on the infected PCs some type of rogue antimalware that warns users that their computer is infected, and enticing them to buy a fake antivirus, which will result in them  downloading password stealing Trojans.

Another question posed is whether Conficker really is more dangerous than other types of malware. The answer is no, it’s not more dangerous, although its update functionality do leave a door open to new attacks that could be more dangerous. Its success lies in having exploited a recent Microsoft vulnerability to distribute itself, and that’s why it has reached so many PCs. In this way, its author has been smart and has adopted the model of classic viruses. The author has also rather cleverly used several different means of infection — such as through USB keys and MP3 players. From version to version Conficker has made its detection increasingly difficult by obfuscating code. Although it’s not strictly speaking a polymorphic virus, it follows this direction.

The spreading of the virus through USB devices illustrates Conficker’s attempt to reach the maximum number of PCs. Despite this, the infection rate of the previous weeks has dropped significantly.  There are probably still variants infecting PCs but not at the levels we were seeing in the previous months. With this situation, the author could take various actions:

a) create a new variant which exploits another zero day vulnerability
b) Keep alive  the three variants which are distributing, monitoring how much money they are making day by day, to the end.
c) Get bored and do something else…

We bet on option “a”. Not necessarily for the first of April, but definitely on its way. It would be pity for the author to go to so much trouble without getting anything. It’s becuase of this that we think that Conficker won’t be going away so easily.

Above all, don’t get taken in by the panic.  What do users do on the first?  If you have your PCs protected by a good and updated antivirus, nothing.  If you don’t have one, we recommend you install one; you can also use Panda ActiveScan to be sure you are not infected.  And we suggest you to install the free tool we have created to avoid contamination through USB drives.

Panda launches free USB Vaccine

Panda Security, the global IT security vendor, has launched Panda USB Vaccine, a free security solution designed to block malware which spreads through removable drives such as flash drives, CD/DVDs and MP3 players. This free tool can be downloaded here.

“There is an increasing amount of malware which, like the notorious Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players and digital cameras,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. He says that cybercrooks are taking advantage of the way these devices work: “Windows uses the Autorun.inf file on these drives or devices to know which action to take when they are connected to the computer. This file, which is on the root directory of the device, offers the option to define a programme to automatically run part of the content stored on the device when it connects to the computer.” This feature, he explains, is being used by cyber-crooks to spread viruses, through the modification of Autorun.inf with commands that result in the malware stored on the USB drive running automatically when the device connects to a computer. This will immediately infect the computer in question.

To prevent the infection of computers through this technique, Panda’s free Panda USB Vaccine offers a double layer of preventive protection, allowing users to disable the AutoRun feature on computers as well as on USB drives and other devices. “This is a very useful tool as there is no easy way of disabling the AutoRun feature in Windows. It makes it much simpler for users, offering a high level of security against infections through removable drives and devices,” concludes Matthews.

To download the free tool, click here.

European media acclaims Panda Security 2009 consumer products

European magazines PC Today and Byte, have awarded their Recommended Product seals to Panda Internet Security 2009 and Panda Global Protection 2009 respectively

Similarly, TCN magazine has awarded five stars to Panda Global Protection 2009

All three publications underline the enormous malware detection capacity of the products thanks to in-the-cloud detection

European IT publications PC Today and Byte have awarded their Recommended Product seals to Panda Internet Security 2009 and Panda Global Protection 2009 respectively. Panda Global Protection 2009 has also been awarded five stars in an analysis carried out by TCN magazine. All three magazines highlighted the enormous malware detection capacity achieved thanks to collective intelligence – Panda’s unique model of security “from the cloud”.

PC Today, one of Spain’s leading IT magazines, published a comparative review of 12 security suites which included Kaspersky Internet Security 2009, McAfee Internet Security 2009, Norton Internet Security 2009 and AVG Internet Security 8.0. Panda Internet Security 2009 was awarded the magazine’s Recommended Product seal of approval, as it was the most effective in detecting new malware.

“Not only does it include a series of extra functions, such as system optimization utilities, a tool for making backup files and control over unauthorized WIFI connections, but the Panda Internet Security Suite scan engine itself is truly powerful,” enthused the magazine, adding: “Its malware detection levels rated really high against all the malware families tested”.

The protection from the cloud, included in all Panda Security 2009 products, was also praised by Byte which awarded its recommended product seal to Panda Global Protection 2009.

“With more malware in circulation at all levels, protection systems must evolve and become more complex to face up to the new threats. Panda’s proposal to improve protection and reduce resource consumption in PCs is based on an improved TruPrevent system, and the use of Collective Intelligence over the Internet”, explains the magazine, adding:  “This approach [Collective Intelligence] offers the advantage that it consumes less resources on each computer. The use of Collective Intelligence to detect spam allows a significant improvement with respect both to the junk mail detected and false positives.”

Byte also drew attention to the simplicity of installing and handling Panda Security products: “The 2009 product line offers a new interface which is simpler, clearer and more direct for controlling the product and adjusting settings with just a single click. There is no complex navigation through complicated levels to reach the options you want”.

TCN magazine also underlined the tremendous detection capacity of the Panda Security products: “The anti-malware engine detects and eliminates all types of viruses, worms, Trojans, rootkits bots, etc. The product also monitors instant messaging application traffic, and protects wireless networks thanks to its ‘WiFi monitor’. Panda Global Protection 2009 stands out for the efficiency of its antivirus engine, designed to block and control Internet-borne attacks”.

For more information about Panda Security products and free trials click here.