" phishing "

iPads infected with iPhone virus

Panda  Security has found that malware designed to infect iPhones can also compromise the popular iPad.

Given the increasing popularity of Apple devices and their growing market share, malware designed specifically to target these platforms is beginning to attract more attention. Last year, Panda raised the alert about a worm, iPhone/Eeki, able to infect jailbroken iPhones (i.e. those that have been tampered with in order to install unofficial applications). The worm was also able to spread to iPod Touch.

Logically, all malware designed for iPhones will have the same ability to infect and spread to iPad devices. This is because the iPad and the iPhone share the same operating system, known as iPhone (v3), or iOS (v4) in the forthcoming version.

‘This doesn’t mean we’re about to face an avalanche of infections’, says Jeremy Matthews, head of Panda’s sub-Saharan operations. ‘However, we have always stated that as Apple takes more market share, cyber-crooks will begin to show more interest in targeting those that use this platform.’

Despite the fact that Apple decided to totally close off the hardware (making it impossible to install peripherals) and the software (all applications are installed from the manufacturer’s App Store) cyber-criminals have found a way to infect jailbroken devices with malware.

‘With more and more proof of Apple being targeted, we advise all Mac users to follow the manufacturer’s recommendations to increase security on their operating systems’ concludes Matthews.

Since 1990, Panda’s mission has been to detect and eliminate new threats as rapidly as possible in order to offer maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda’s new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4% of malware detected by Panda is analyzed through this system of collective intelligence. This is complemented by the work of several teams, each specialised in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc).This translates into simple, secure and resource-friendly solutions for users.

For more information, visit http://www.pandasecurity.com/.

Identity-theft surges in downturn

Research by Panda Security has revealed that the number of users affected by malware designed for identity theft has increased 600% so far this year with respect to the same period in 2008. Most of these are Trojans, but there are also many examples of phishing, worms and spyware.

“There’s been major growth in the selling of personal information on the black market – such as credit card numbers and Paypal or Ebay accounts,” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “We’ve also seen an increase of the distribution and infection of this identity-theft malware through social networks.”

Panda’s anti-malware laboratory receives nearly 37,000 samples of new viruses, worms, Trojans and other types of Internet threats every day. Between January and July 2009 Panda received 11 million new threats, 8 million – 71% – of which were Trojans, compared to 51% during the same period in 2007. Trojans are mostly aimed at stealing bank details or credit card numbers as well as passwords for other commercial services.

Changing trends in identity theft

Hackers have also been busy exploring new channels for propagating threats as well as new sources of revenue. In the past malware samples mainly targeted users’ online banking information by getting them to enter their user name and password in a spoof bank website. Now, however, potential victims are taken to any platform or online site in which their bank details may be stored or where they might have to enter them.

This resulted, says Matthews, in an increase in targeted attacks on pay platforms like Paypal and other services where users often save their payment details. “These include popular online stores, such as Amazon, online auctions like eBay or even NGO portals where they make charitable donations,” says Matthews.

Similarly, whereas email was practically the only channel used in the past for contacting victims, many other methods are now being used:

– Message distribution across social networks with fake URLs, such as Twitter or Facebook

– Cloning of Web pages to make them appear among the first results in searches by keywords in popular search engines.

– SMS messages to cell phones.

– Infecting computers with spyware which displays alarming messages and takes users to fake websites (e.g. fake antivirus programs)

Messages that use social engineering are often the final touch to lure users into taking the bait. Once they have obtained credit card or bank details, the cyber-crooks can either sell the details on black market for about 3 euros each or use them to make purchases (which victims will be unaware of until they receive their bank statement).

How can users avoid identity theft?

Panda estimates that around 3% of all users have been victims of this techniques. The problem with these types of threats, unlike traditional viruses of the past, is that they are designed to go undetected, and therefore users do not realize they have become victims until it is too late.

Panda suggests several basic prevention measures:

1. Firstly, it is extremely improbable that online banks, payment platforms or social networks will ever send messages (emails, texts, etc.) to users asking for their login credentials, and much less for their credit card details.

2. Whenever you access an online bank, store, etc. always type the address directly in your browser. It is never advisable to enter these sites through links received through any channel nor links returned by search engine results.

3. Even having typed the address in the browser, check that the URL is really the one you have entered, and that the address has not changed into something unusual when you have clicked Enter.

4. Check that the page contains the corresponding security certificates (these are generally displayed with a ‘locked padlock’ icon in the browser).

5. You should always have a good security solution installed on your computer. This will help detect if you are entering a spoof Web page. It is always good to have a second opinion to ensure that you have not been infected by Trojans etc. You can get this through any reliable free online application, such as Panda ActiveScan (available at www.pandasecurity.com ).

6. Above all, if you have any suspicions don’t enter your details and contact the corresponding bank, store or service provider that you are trying to access.

7. If you are someone that frequently uses online services for shopping and banking, you can also get insurance for your online activity, which will cover you in the case of fraud.