" trojans "

50% of PC’s worldwide infected this January

–       According to data gathered by the free online antivirus Panda ActiveScan, 50% of scanned computers were infected with malware, mostly Trojans

According to Global IT vendor Panda Security, 50% of all computers scanned around the globe in January were infected with some kind of malware. This data was gathered from Panda’s free online antivirus  Panda ActiveScan. As for the most damaging malware threat, Trojans caused the most incidents (59% of all cases), followed by traditional viruses (12%) and worms (9%).

The list of most prevalent malware threats is topped by generic Trojans, followed by down-loaders, exploits and adware. It is also worth mentioning the presence of Lineage, an old Trojan that continues to spread and infect systems.

Thailand, China, Taiwan, Russia and Turkey occupy the top positions in the ranking of countries with the largest number of infections (over 50% of scanned computers infected with malware), while other traditional ‘malware paradises’ like Brazil or Poland have slipped down the list this month.

“We don’t see many significant changes regarding the number of worldwide infections from month to month”, says Luis Corrons, Technical Director of PandaLabs. “This just reflects the reality of the current situation: Every day we receive some 61,000 new malware samples at our laboratory, and unless you have a solution like Panda Cloud Antivirus whose latest protection technologies provide near real-time protection, it takes too long for traditional solutions to incorporate new malware signatures. This lapse in time leaves users unprotected against new threats”.

“While South Africa doesn’t occupy the top positions with regards to infections, we are seeing a steady increase in the amount of malware aimed at African users”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This malware usually takes the form of money related scams, targeted at new or inexperienced internet users”, he concludes.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/

Follow Panda South Africa on Twitter @PandaSecurityZA and Facebook

Twitter targeted by hackers this Christmas

–      Numerous Twitter accounts have been created to spread malicious code through festive messages

–      Every year threats are spread via email and social media using Christmas-themed messages

According to Panda Security, cyber-criminals are exploiting Twitter to spread malware in festive-themed messages. Using methods akin to Black Hat SEO techniques, hackers are taking advantage of trending topics to position malware distribution campaigns. Topics such as “Advent calendar”, “Hanukkah” or even “Grinch”, are among the most popular subjects used by hackers to entice users.

Thousands of tweets have been launched using festive-themed phrases, such as “Nobody cares about Hanukkah” or “Shocking video of the Grinch”, along with short URLs pointing to malicious websites.

Users that click the link will be taken to a page that infects systems with false codecs by exploiting a security hole in PDF files and tries to trick users into downloading a codec that is really a downloader Trojan, which in turn downloads more malware onto the compromised computer.

In addition to subjects related to Christmas, cyber-criminals are using other hot topics to spread their creations, including the Sundance festival, the AIDS campaign and the Carling Cup.

According to Jeremy Matthews, head of Panda’s sub-Saharan operations, “Social networks like Facebook and Twitter are becoming increasingly popular with hackers because of their ever-increasing number of users, and the ease at which they (the hackers) can post malicious links. That’s why the number of clicks, and therefore infections, tends to be very high.”

Keep your computer safe this Christmas

With the increased risk over the Christmas period, Panda offers users a series of practical security tips for using social media:

1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Twitter, through other social networks and even via email.

2) If you click on the links, check the target page. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC starts to launch messages or behaves strangely, there is probably malware on your computer. In this case, you should check your computer with a free online scanner such as ActiveScan, available at: www.activescan.com

5) As a general rule, make sure your computer is well protected to ensure that you are not exposed to the risk of infection from any malicious code. You can protect yourself with the new, free Panda Cloud Antivirus solution (www.cloudantivirus.com).

“It is important to remember that hackers will take advantage of any big holiday or event, which is why it is important to remain extra vigilant during these times”, concludes Matthews.

For more information about Panda, visit http://www.pandasecurity.com/.

Mac gets Panda Antivirus

–       Protection for Mac desktops and laptops against all types of threats for Mac OS X and Windows as well as  scanning of other Apple devices: iPhone, iPad and iPod

–       In 2010, 175 vulnerabilities were detected on the Mac operating system

Panda Security has announced the launch of Panda Antivirus for Mac. This new solution delivers complete protection against all types of malware able to affect Mac OS, Mac OS X, Windows and Linux. This new system protects users not just against threats specifically designed to target the Apple platform, but also prevents Mac users from transmitting malware to other operating systems.

Panda Antivirus for Mac scans files and email, detecting, eliminating or blocking all types of threats, like Trojans, spyware and botnets, initially designed for Windows, but which also affect Mac.

“Mac security was something Panda needed to address”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “Because of Apple’s growing popularity, due to products like the iPad, it has become a target for hackers looking to exploit all widely used products.”

The Mac solution includes two scan engines: an on-access scan or resident protection, protecting the computer at all times and alert to any security incident, and an on-demand scan, allowing users to launch scans of the complete system or specific components. It can also scan Apple iPhone, iPad and iPod, thereby ensuring that if any of these devices is carrying malware, it won’t infect other similar devices or Mac computers.

Mac security

Despite the sense of security among the Mac community, there are currently some 5,000 classified strains of malware that specifically affect Apple systems, with around 500 new samples appearing every month. In addition, there are approximately 170,000 macro viruses that Panda has cataloged throughout its 20-year history, and Mac users are also vulnerable to these viruses.

Moreover, in 2009 some 34 vulnerabilities were detected in the Mac OS. So far in 2010, this figure has risen to 175, which is considerably in relation to Apple’s global market share.

“We have always held the theory that when Apple reaches a more significant market share, around 15% worldwide (which given its current rapid growth will be achieved shortly), hackers will begin to target attacks against this platform”, says Ivan Fermon, SVP Product Management of Panda Security. “We would even say that today, the Windows operating system is more secure than Mac, simply because Microsoft has been working proactively on security for many years. As the Apple system has yet to be seriously threatened, it may contain more vulnerabilities than those we are aware of, which could be exploited to launch ‘zero-day attacks’ similar to those against Windows”, he concludes.

This theory is supported by analysts like Chris Christiansen, of IDC: “Most Mac users take security too lightly. In fact, most are quite proud of the fact that they don’t run any security at all. That’s an open door and at some point it will be exploited.” (http://www.macnn.com/articles/07/12/31/mac.os.x.a.growing.target/).

Mac users are not just open to infection from malware specifically designed for the platform, but they can also be transmitting Windows threats without realizing –and therefore helping spread viruses, worms and Trojans, which is a crime in many countries. However, Panda is offering an early solution against the growing threats that Mac users face.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Trojans Dominate Cyber Threats in 2010

  • The malware distribution techniques in the spotlight this quarter include clickjacking, BlackHat SEO and 0-day attacks
  • 95% of all email in circulation was spam, and 55% of global spam originated from just 10 countries
  • Android smart phones are being targeted by hackers, thanks to their widespread popularity

Global IT vendor Panda Security has published its quarterly report on global virus activity. This third quarter has once again seen Trojans in the spotlight, as 55% of all new threats created were in this category.

Infection via email, traditionally the most popular vector for spreading malware, has declined in favour of more modern methods: use of social media, such as the clickjacking attacks using the Facebook “Like” button, fake Web pages positioned on search engines (BlackHat SEO) and exploits of 0-day vulnerabilities.

In addition, Google’s Android operating system for smart phones has come into the line of fire. Various threats have appeared recently, aimed above all at racking up phone bills or targeting the geolocalization function of the terminals.

Malware info

55% of new threats created this quarter were Trojans, most of them banker Trojans. This is in line with the general increase in these types of threats that Panda has witnessed over the last two years.

With respect to spam, 95% of all email circulating across the Internet during the last quarter was junk mail. Some 50% of all spam was sent from just ten countries, with India, Brazil and Russia at the top of the list.

“This edition of the report highlights the record levels of threat distribution through new channels”, says Jeremy Matthews, head of Panda’s sub-Saharan operations.

There has also been much talk of two serious 0-day flaws in the code of Microsoft’s operating system. One of these could have been exploited to attack SCADA systems (specifically, nuclear power stations), although this rumor is yet to be confirmed.

On a more positive note, Panda is happy to report the arrest of the creator of the Butterfly botnet kit, source of the notorious Mariposa network that impacted 13 million computers around the world.

And finally, the latest and hopefully last scare of this third quarter: a worm called ‘Rainbow’ or ‘OnMouseOver’. A vulnerability in the code of Twitter allowed JavaScript to be injected, enabling a series of actions: redirecting users to Web pages, publishing javascript on the user’s timeline without their permission or knowledge, etc. Twitter however resolved the problem in just a few hours.

Android: in the firing line of hackers

Over these three months Panda has also witnessed what could be the beginning of a wave of threats targeting smart phones, as it seemed that hackers have started lining up Android, Google’s popular operating system. Two applications have been developed specifically for this platform: FakePlayer, which under the guise of a video player, sends SMS messages generating a hefty phone bill for victims without their knowledge; and TapSnake, an app disguised as a game which sends the geolocalization coordinates of the user to an espionage company.

‘With the rise in social networking attacks and banker Trojans, we encourage users to always be vigilant when using the web, for personal or professional reasons. This coupled with good malware and virus protection, like Panda’s, is the best way to stay safe’, concludes Matthews.

You can download the PandaLabs quarterly report from http://press.pandasecurity.com/press-room/panda-white-paper/

For more information about Panda, visit http://www.pandasecurity.com/.

Trojans 70% of new malware detected

Trojans accounted for 70% of all new malware between April and June 2009, according to data compiled in the latest PandaLabs Quarterly Report.

Trojans were also responsible for more infections than any other type of malware over this period. This type of malware was behind 34.37% of all infections detected by Panda, an increase of 2.86% with respect to the previous quarter. Adware infection levels remained stable, accounting for 19.62% of the total.

One of the most notable findings of the report is the 6.25% drop in spyware, which now represents just 6.9% of all new malware. In contrast, adware rose dramatically over this period, from 7.54% in the previous quarter to 16.37%. This is largely due to the surge in fake antivirus applications, a type of adware that passes itself off as a legitimate security solution.

As for worms, their percentage has also risen slightly, now accounting for 4.4% of all malware. Dialers, at 4.48%, stubbornly refused to disappear despite the overriding trend for broadband instead of dial-up connections.

In terms of specific strains of malware, the number one ranked specimen in Q2 was Downloader.MDW, a Trojan designed to download other malware on to computers. The Virtumonde spyware and Rebooter.J Trojan were also among the malicious codes that caused most infections.

Malicious use of Twitter

A worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users. It then infected the new user’s profile to continue propagating. New variants appeared, and finally the creator’s identity was revealed: one Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using different techniques, above all BlackHat SEO. Twitter has a feature called “Trending Topics”, which is a list of the most popular topics that appears in the interface of all Twitter users. When users select a topic through this feature, they will see all ‘tweets’ published related to this issue.

In this case, malicious users were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded. The first attack focused on just one of the topics, but just a few days later the scope of the attack increased and all popular topics contained malicious links. When the actor David Carradine died, in just a few hours there were hundreds of malicious tweets, and the same occurred with other popular issues on Twitter.

You can download the PandaLabs Quarterly Report here.