" panda "

Trojans Dominate Cyber Threats in 2010

  • The malware distribution techniques in the spotlight this quarter include clickjacking, BlackHat SEO and 0-day attacks
  • 95% of all email in circulation was spam, and 55% of global spam originated from just 10 countries
  • Android smart phones are being targeted by hackers, thanks to their widespread popularity

Global IT vendor Panda Security has published its quarterly report on global virus activity. This third quarter has once again seen Trojans in the spotlight, as 55% of all new threats created were in this category.

Infection via email, traditionally the most popular vector for spreading malware, has declined in favour of more modern methods: use of social media, such as the clickjacking attacks using the Facebook “Like” button, fake Web pages positioned on search engines (BlackHat SEO) and exploits of 0-day vulnerabilities.

In addition, Google’s Android operating system for smart phones has come into the line of fire. Various threats have appeared recently, aimed above all at racking up phone bills or targeting the geolocalization function of the terminals.

Malware info

55% of new threats created this quarter were Trojans, most of them banker Trojans. This is in line with the general increase in these types of threats that Panda has witnessed over the last two years.

With respect to spam, 95% of all email circulating across the Internet during the last quarter was junk mail. Some 50% of all spam was sent from just ten countries, with India, Brazil and Russia at the top of the list.

“This edition of the report highlights the record levels of threat distribution through new channels”, says Jeremy Matthews, head of Panda’s sub-Saharan operations.

There has also been much talk of two serious 0-day flaws in the code of Microsoft’s operating system. One of these could have been exploited to attack SCADA systems (specifically, nuclear power stations), although this rumor is yet to be confirmed.

On a more positive note, Panda is happy to report the arrest of the creator of the Butterfly botnet kit, source of the notorious Mariposa network that impacted 13 million computers around the world.

And finally, the latest and hopefully last scare of this third quarter: a worm called ‘Rainbow’ or ‘OnMouseOver’. A vulnerability in the code of Twitter allowed JavaScript to be injected, enabling a series of actions: redirecting users to Web pages, publishing javascript on the user’s timeline without their permission or knowledge, etc. Twitter however resolved the problem in just a few hours.

Android: in the firing line of hackers

Over these three months Panda has also witnessed what could be the beginning of a wave of threats targeting smart phones, as it seemed that hackers have started lining up Android, Google’s popular operating system. Two applications have been developed specifically for this platform: FakePlayer, which under the guise of a video player, sends SMS messages generating a hefty phone bill for victims without their knowledge; and TapSnake, an app disguised as a game which sends the geolocalization coordinates of the user to an espionage company.

‘With the rise in social networking attacks and banker Trojans, we encourage users to always be vigilant when using the web, for personal or professional reasons. This coupled with good malware and virus protection, like Panda’s, is the best way to stay safe’, concludes Matthews.

You can download the PandaLabs quarterly report from http://press.pandasecurity.com/press-room/panda-white-paper/

For more information about Panda, visit http://www.pandasecurity.com/.

The Brazilian Army and Panda Security join forces to combat cyber-warfare

–       Panda Security will be providing protection for 37,500 computers belonging to the Brazilian Army with Panda Security for Enterprise

Panda Security has signed an agreement with the Brazilian Army to support the professionalization of its operational agents involved in the fight against cyber-terrorism, digital crime and strategic intervention in the event of cyber-warfare. The multinational security company will also be protecting –with Panda Security for Enterprises- some 37,500 computers belonging to the army’s Military Commands around the country.

As part of this agreement, the army’s Cyber-Warfare Communication Center (CCOMGEX) and PandaLabs, the anti-malware laboratory of Panda Security, will be working together in the first-level training of those involved in the scientific and forensic investigation of cyber-crime. The collaboration will involve the exchange of malware samples and Panda will provide a rapid response –under 24h- to malicious codes affecting Brazil in particular.

According to Brig. Gen. Santos Guerra, the Brazilian Army’s Commander of Communications and Cyber-Warfare, “One of the real plus points that led to this agreement was the extensive experience of Panda Security in collaborating with national defense agencies. We are sure that CCOMGEX will benefit from the knowledge and experience accumulated by Panda in the fight against cyber-crime.”

“We have a total of some 60,000 computers throughout the country, and we suffer on average 100 intrusion attempts every day across our twelve IT centers. We want to protect the integrity of our systems and be prepared for any potentially critical situation”, concludes Guerra.

Juan Santana, CEO of Panda Security explained, “Our experience with the Brazilian Army will contribute to the technological evolution of our security solutions, thereby benefiting all Panda users around the world. It will also help create a safer Web, which is one of our principal mission values and part of our corporate social responsibility.”

Facebook hacking analysed – How your identity could be stolen

Global IT vendor Panda Security has received numerous reports from users whose Facebook profile has been hacked and whose identity has therefore been placed at risk. With its millions of users, the world’s most popular social network has become a perfect target for hackers exploiting a dense concentration of potential victims.

Apart from phishing attacks or spam, which are now easily recognized by many Internet users, hackers are employing new methods, which for the moment at least, are proving to be successful. Here is an analysis of the technique which has been most frequently used over recent months:

Step 1: The bait

The bait normally comes from the profile of a friend whose account has already been hacked. Users typically receive a message (which appears to be genuine) suggesting the recipient clicks a link for one reason or another. In most cases, the message offers a “spectacular video” or claims “you appear in this clip”, and normally includes the user name of the recipient.

Step 2: Phishing attempt

Having attracted the attention of the user, cyber-crooks now need to get the user name and password of the intended victim to launch the second phase of the attack. The page that the link points to is a perfect replica of the Facebook login page, but is hosted on another Web address:

Step 3: Gaining complete access

Now the user has clicked the link and entered their login credentials, they have to grant the malicious application, which is running the attack, complete access to their personal information, as well as the rights to post information through their profile. This ensures that the attack can be spread further through friends and contacts of the victim.

After gaining the permission, the attack continues, targeting the victim’s contacts and starting the process all over again with new users.

What to do if your Facebook profile has been hacked

Step 1: Firstly, remove all permissions that have been given to the malicious application. This is a simple process: from Account, select Application settings in the top-right corner of your Facebook profile. This ensures that the application will not continue to have access to your profile once the password is changed.

Step 2: Change the login password! To keep your identity safe, it is advisable to change your password and the user name (it’s a good idea to do this from time to time anyway). This is also easy: Go to Account, then Account Settings in the menu in the top left corner of your Facebook profile. It is also advisable to use strong passwords that cannot easily be guessed.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/

Follow Panda SA on twitter @PandaSecurityZA

57,000 fake Web addresses created every week

  • Panda analyzed malicious URLs positioned on the Internet over the last three months
  • 65% of fake websites imitate bank pages, followed by online stores and auction pages at 27%

Global IT vendor Panda Security reports that hackers are creating 57,000 new Web addresses every week. They position and index these fake pages on leading search engines in the hope that unwary users will click them by mistake. Those who do, will see their computers infected or any data they enter on these pages fall into the hands of criminals. These cyber criminals also use around 375 international company brands and names as lures. eBay, Western Union and Visa top the rankings of the most frequently used keywords; followed by Amazon, Bank of America, Paypal and the US revenue service.

These are the conclusions of a study carried out by PandaLabs, Panda’s anti-malware laboratory, which has monitored and analyzed all major Black Hat SEO attacks over the last three months.

According to Panda, about 65% of these fake websites imitate banking pages. For the most part, they pose as banks in order to steal users’ login credentials. Online stores and auction sites are also popular (27%), with eBay ranked as the most widely used. Other financial institutions (such as investment funds or stockbrokers) and government organizations occupy the third and fourth positions, with 2.3% and 1.9% respectively. Payment platforms, led by Paypal and ISPs are in fifth and sixth place, with gaming sites, topped by World of Warcraft, completing the ranking.

“In previous years malware or phishing was typically distributed via email”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “However, in 2009 and particularly 2010, hackers have opted for Black Hat SEO techniques, which involve creating fake websites, using the names of famous brands, etc.”

This way, when users search for these names, a link to the malicious website will appear among the first results returned. When they visit these sites, one of two things will happen: either malware will be downloaded onto the user’s computer, with or without their knowledge, or the website spoofs the appearance of a genuine page, a bank say, and users will unwittingly enter their details which will fall into the hands of criminals.

The problem is that when users visit a website through search engines, it can be difficult to detect whether it is genuine or not. For this reason Panda advises everyone to go to banking sites or online stores by typing in the address in the browser, rather than using search engines.

“Although companies are making an effort to ease the situation by changing indexing algorithms, they cannot fully escape the avalanche of new Web addresses being created by hackers every day”, concludes Matthews.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/

Follow Panda SA on twitter @PandaSecurityZA

Beware the Bieber: Justin Bieber used as bait to distribute malware

 Blackhat SEO techniques are being used by cyber-criminals to position malicious links in top results in search engines

Other popular topics recently used include the last episode of Lost and the release of Iron Man 2

Global IT vendor Panda security has detected more than 200 spoof Web addresses using the name of Justin Bieber as bait to lure users. By including the name of this popular singer in malicious links, cyber-criminals are distributing the fake antivirus MySecurityEngine. This technique has been used many times before, taking advantage of popular topics such as the last episode of Lost or the release of the movie Iron Man 2.

Pic available at: http://www.flickr.com/photos/panda_security/4903310831/

References to Justin Bieber in malicious links include amongst others:

justin bieber takes estrogen pills

justin bieber smoking weed

justin bieber born in 1998

justin bieber north korea

justin bieber arrested

justin bieber died

justin bieber drinking problem

justin bieber gender change operation

justin bieber hermaphrodite

There is nothing new about the way this infection operates. When somebody runs a search for this singer on the Internet, these fake websites have been indexed to appear among the first results displayed. If users click these links, they will be prompted to accept the download of a file, such as a codec, and the fake antivirus will be installed on their computers.

“These types of activities have become increasingly common”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “Any popular topic or issue is used by cyber-crooks to spread their creations. By positioning websites used to distribute malware among the first results in search engines, they can be sure that numerous Internet users will inadvertently download the fake antivirus”, he concludes.

Panda advises users to take precautions when searching for information on the Internet. They should ensure they have reliable antivirus software installed and use safe browsing tools, such as those offered free by Panda at http://free.pandasecurity.com.

For more information about Panda, visit http://www.pandasecurity.com/.

Panda Internet Security takes top spot in AV-Test report

Panda detected 100% of malware scanned in the AV-Test report, in both private and In The Wild virus lists

Global IT vendor Panda Security has taken the top spot in AV-Test’s Q2 report (http://av-test.org/).  Panda Internet Security 2010 has received the prestigious laboratory’s certification, after passing with above average scores on all protection, cleaning and usability tests as well as those designed to test the solutions’ ability to repair computers infected with malware.  

In the protection test, Panda Internet Security 2010 achieved a score of 5.5 out of 6, as it did in the areas of cleaning and repairing computers infected with malware. The solution scored 5 out of 6 for usability.

In the first section of protection against malware infections, the most significant results came in the detection of the malware batch used by AV-Test as well as those in the ‘In the Wild’ list, where the solution detected 100% of samples. In the detection of 0-day malware attacks on the Internet, including Web and email threats, Panda Security scored 82%, 89% and 74% respectively in the three test months. In the dynamic detection testing, Panda detected 81% of the samples used, which is way above the industry average of 63%. 

Panda Internet Security 2010 also scored 100% in the detection and elimination of rootkits and hidden malware. In the section on cleaning and repairing computers infected with malware, Panda Security achieved 95% in the elimination of active malware components (according to the WildList), once again above the industry average. 

In the usability section, the impact ratio of the antivirus on computer performance was 101 seconds, less than half the industry average of 251 seconds. 

“These results illustrate the great detection capacity of Panda’s Collective Intelligence detection system” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “More significantly, this detection power has no impact on users’ computers, as scanning and the classification of malware takes place in the cloud.”

Andreas Marx, CEO of AV-Test.org adds “At AV-Test.org, we have tested all products with all update functionality and ‘in the cloud’ protection enabled, so no product updates were frozen. This way, the products had to demonstrate their ‘real world’ capabilities using all components and protection layers in realistic test scenarios”.

Marx also spoke about the performance of the Panda solution during the tests: “Panda Internet Security showed impressively high results for the static and dynamic detection of new malware. Not only was the protection against, and removal of, new malware very high, but at the same time Panda had less impact on the system from the usability point of view”.

More information about the full AV-Test results is available at http://av-test.org/ and http://research.pandasecurity.com/

To find out more about the Panda Retail 2011 lineup, launched in July, go to http://www.pandasecurity.com/homeusers/solutions/antivirus