" twitter "

Celebrity Power Fuels False Twitter Accounts

The recent bout of “Bieber Fever” to hit South Africa, which saw desperate fans queueing for up to sixteen hours to secure tickets to Bieber’s 2013 South African shows, reminds us of the powerful pull of celebrities.
Twitter users love to follow celebrities such as Justin Bieber and Bieber, Cristiano Ronaldo and Barack Obama are among those most impersonated on Twitter. According to Luis Corrons, technical director of PandaLabs, “soccer stars like Cristiano Ronaldo have many fake profiles on Twitter, some of them with more than 15,000 followers and which include the word official, although the tweets are in Swahili.”

Fake Cristiano Ronaldo Twitter profile with more than 15,000 followers: http://press.pandasecurity.com/usa/wp-content/uploads/2012/12/CR7.jpg

The US President, Barack Obama, also has a fake profile on the social network – and despite this including a link to a Russian page, “he” has managed to attract more than 91,000 followers.

Fake Obama profile on Twitter: http://press.pandasecurity.com/usa/wp-content/uploads/2012/12/OBAMA.jpg
However, the undisputed King of Fake Profiles right now is Justin Bieber. The young teen idol has many fake profiles created by his fans; yet others have been created that do not have such innocent objectives. It seems that simply including the singer’s name in a Twitter profile is synonymous with an avalanche of followers. Some of his profiles, with just two tweets from over three years ago, have more than 491,000 followers.

Fake Justin Bieber Twitter profile with more than 491,000 followers: http://press.pandasecurity.com/usa/wp-content/uploads/2012/12/JUSTINBIEBER.jpg

“Due to its huge popularity, Twitter is one of the social networks on which more attacks are launched to compromise the security of users’ computers. Cyber-criminals take advantage of the popularity of some celebrities to attract followers to whom to send malware and spam through their tweets,” says Corrons. “If you’ve received this type of message from the account of a celebrity that you follow, it’s advisable not to open it under any circumstances; rather unfollow the sender of the message and scan the computer using an antivirus.”
To make sure you are following a legitimate person ensure that the page features a blue verification badge alongside the profile. The badge will appear in the top right of the user profile just above the name, location and bio. Remember, if it appears anywhere else on the profile page of a user (such as in the avatar or in the background) then the account has not been verified! Twitter is constantly proactively verifying accounts, focusing on the most searched for users and does not accept verification requests from the general public.

BEWARE OF VALENTINE’S DAY MALWARE DISTRIBUTION

Panda Security’s anti-malware laboratory, PandaLabs have reported new malware distribution campaigns, which details numerous emails in circulation with links for downloading romantic greeting cards, videos, gift ideas, or Facebook and Twitter messages related to Valentine’s Day.

According to PandaLabs, social engineering is cyber-crooks’ preferred technique for deceiving users by convincing them to take a series of actions therefore obtaining confidential information from users. Crime-ware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.

Cyber-crooks, however, are also exploiting other channels, such as Facebook, Twitter or Google+ and given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as email. 

A Recently discovered, new Facebook attack that utilizes users walls to spread harmless messages inviting users to install a Valentine’s Day theme on Facebook. However, if the user clicks the wall post, they are redirected to a page where they are prompted to install the theme. This installs a malware file which, once run, displays ads from other websites. It also downloads an extension that monitors Web activities and redirects sessions to survey pages that request sensitive information like phone numbers.

Some weeks ago, the PandaLabs blog reported on a link included in a Twitter profile that took users to a dating site: http://pandalabs.pandasecurity.com/sex-lies-and-twitter/. Special dates like Valentine’s Day can see a proliferation of malicious Twitter posts used to steal users’ confidential data and empty their bank accounts through social engineering. 

Here is a collection of some of the Valentine’s Day themed malware campaigns detected by PandaLabs in recent years: 

Waledac.C: This worm spread by email trying to pass itself off as a greeting card. The email message includes a link to download the card. However, if the user clicks the link and accepts the subsequent file download they are actually letting the Waledac.C worm into their computer. Once it infects the computer, the worm uses the affected user’s email to send out spam.

I Love.exe you: This was a RAT (Remote Access Trojan) that gave attackers access to the victim’s computer and all their personal information. The Trojan allowed the virus creator to access target computers remotely, steal passwords and manage files.

Nuwar.OL: This worm spread in email messages with subjects like “I love You So Much”, “Inside My Heart” or “You in My Dreams”. The text of the email included a link to a website that downloads the malicious code. The page was very simple and looked like a romantic greeting card with a large pink heart. Once it infected a computer, the worm sent out a large amount of emails, creating a heavy load on networks and slowing down computers.

 Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.

Valentin.E: This worm spread by email in messages with subjects like “Searching for True Love” or “True Love” and an attached file called “friends4u”. If the targeted user opened the file, a copy of the worm was downloaded. Then, the worm sent out emails with copies of itself from the infected computer to spread and infect more users.

Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background.

Storm Worm: This worm spread via email by employing a number of lures, one of them exploiting Valentine’s Day. If the targeted user clicked the link in the email, a Web page was displayed while the worm was downloaded in the background.

Web page displayed by Storm Worm. You can see the image at: http://prensa.pandasecurity.com/wp-content/uploads/2012/02/STORMWORM.jpg

 PandaLabs offers users a series of tips to avoid falling victim to computer threats:

  •  Do not open emails or messages received on social networks from unknown senders.
  •  Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc. If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
  •  Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Valentine Day’s greeting cards, romantic videos, etc.
  •  Even if the page seems legitimate, but asks you to download something, you should be suspicious and don’t accept the download. If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.
  •  If you are making any purchases online, type the address of the store in the browser, rather than going through any links that have been sent to you. Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page.
  •  Do not use shared or public computers, or an unsecured WiFi connection, for making transactions or operations that require you to enter passwords or other personal details.
  •  Have an effective security solution installed, capable of detecting both known and new malware strains.

 Panda Security offers you several free tools for scanning computers for malware, like Panda Cloud Antivirus: www.cloudantivirus.com

 More information is available in the PandaLabs blog: http://pandalabs.pandasecurity.com

Protect Yourself against the Growing Cyber-Crime Black Market

Global IT Vendor Panda Security has launched a campaign against the ever growing world of cyber-crime. The campaign aims to educate both businesses and home users about the dangers of cyber-crime, and the ways in which becoming a victim of its growth may be avoided.

“Cyber-crime preys on unsuspecting users”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “That’s why these campaigns are so important-they provide very necessary and useful information that may help many individuals and businesses avoid becoming victims.”

Trojans: The Tools of the Trade

The year 2003 saw the creation of the first banker Trojan. Since then, Trojans have become one of the most common types of malware, accounting for 71% of all threats, because they are the best tool for hackers and organisations involved in identity and detail theft. Every day, increasingly sophisticated variants emerge, designed to evade the security measures put in place by banks, online stores, pay platforms, etc. The reason for this rapid growth is clearly profit based.

How the Cyber-crime Black Market Works

Online mafias are highly organised and strategic with regards to their operations and deployment. Not only do they seem like real companies, they operate across the globe, throwing their nets wide.

The cyber-crime black market works in a two step process. Step one involves the creation of malware and it distribution to potential victims. The heads of the criminal organisations hire hackers and programmers to create malware like Trojans, bots and spam. This malware is then usually spread through email and social media sites like Facebook, YouTube, MySpace and Twitter. Once a victim has been caught in the trap, their confidential information is stolen and then stored for sale on a server.

In step two, the confidential data is sold on underground sites. The black market offers confidential personal data from as little as $2 but it can reach prices exceeding $700. Often, money is stolen directly from victims’ bank accounts. In this case, money mules are used to forward the stolen funds in exchange for commission. Sometimes these mules do not know that they are moving funds illegally until they are caught and used as scapegoats in the event of arrests being made. Finally, the stolen funds are transferred into the hands of the gang leaders through services like Western Union.

Panda’s Security Advice

While the spread of cyber-crime is increasing, there are a few precautions one can take to stave off becoming a victim.

Precautions such as memorising your passwords, instead of saving them on your PC can minimise your risk. Users are also advised to never give away personal information telephonically or on the internet if the company or website is unknown.

Closing all your browser sessions and working with just one at a time can also decrease your chance of being lured into a fake website.

Lastly, if you get any suspicious messages from the bank, an online store or a payment platform, contact the customer relations department from the company it was supposedly sent from. If this suspicious activity persists, or if you notice any unusual account transactions, do not hesitate to inform your bank.

“Cyber-crime is a scary reality but those who take the time to inform themselves and then take the necessary precautions advised on the mini-site should remain safe”, concludes Matthews.

The mini-site also includes a link to scan your personal or business PC for infections and is available at: http://cybercrime.pandasecurity.com/blackmarket/index.php

For more information about Panda, visit http://www.pandasecurity.com/.

Follow Panda SA on Facebook and Twitter

Facebook, favourite bait of cyber-crooks in 2011

–       In just three days, two new malicious codes using Facebook have been discovered

The recent trend for developing computer threats designed to spread by exploiting the most popular social media continues to gather pace, reports global IT vendor Panda Security. In the last three days alone, two new malicious codes that use Facebook to ensnare victims have been wreaking havoc.

One of these, Asprox.N, is a Trojan that reaches potential victims via email. It deceives users by telling them that their Facebook account is being used to distribute spam and that, for their security, the login credentials have been changed. It includes a fake Word document supposedly containing the new password.

The email attachment has an unusual Word icon, and is called Facebook_details.exe. This file is really the Trojan which, when run, downloads a .doc file that runs Word to make users think the original file has opened.

The Trojan, when run, downloads another file designed to open all available ports, connecting to various mail service providers in an attempt to spam as many users as possible.

The other, Lolbot.Q, is distributed across IM applications such as MSN and Yahoo!, displaying a message with a malicious link. This link downloads a worm designed to hijack Facebook accounts and prevent users from accessing them. If users then try to login to Facebook, a message appears informing that the account has been suspended and that to reactivate them they must complete a questionnaire, with the offer of prizes –including laptops, iPads, etc.– to encourage users to take part.

After several questions, users are asked to enter their cell phone number, where they will receive data download credits for a cost of R83 a week. On subscribing to the service, victims will receive a password with which they can recover access to their Facebook account.

“Once again cyber-criminals are using social engineering to trick victims and infect them with malware” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “Given the increasing popularity of social media, it is no surprise that it is being exploited to lure potential victims”.

PandaLabs advises all users to be wary of any messages with unusually eye-catching subjects, whether via email or IM or any other channel; and to be careful when clicking on external links in Web pages. Obviously, we also warn users not to enter any personal data in applications attempting to sell any type of test.

For more information visit: www.pandalabs.com

Follow Panda Security South Africa on Facebook and Twitter @PandaSecurityZA

Anonymous cyber-activist group launches attack in defense of Wikileaks founder

–      “We want transparency and we counter censorship”, says the group as they carry out attacks on various targets for anti-Wikileaks behavior

–      Anonymous has announced a series of new targets for the next few days, including Twitter for allegedly censoring Wikileaks discussions

According to global IT vendor Panda Security the cyber-group responsible for launching a series of attacks against copyright societies worldwide last October is now performing further attacks in defense of Wikileaks* founder Julian Assange. Anonymous has circulated a statement indicating that it has no affiliation with Wikileaks or its founder, but shows its full support of Assange, as “They fight for the same reason: Transparency and anti-censorship”.

So far Panda has detected three attacks. The first two hit Paypal and its blog for suspending donations to Wikileaks, and have resulted in over 8 hours of total downtime.

The third attack, however, affected the PostFinance.ch bank for freezing Assange’s account and has already resulted in more than 11 hours of downtime. Users even turned to Twitter to ask cyber-activists to stop the attack for at least 10 minutes to be able to use the bank’s online services.

Finally, last Monday, the Anonymous group’s own website suffered a series of DDoS attacks that rendered it inactive for some hours.

Anonymous is planning to continue with its campaign in favor of Julian Assange by attacking any institution who tries to silence or discourage Wikileaks. The group has already threatened Twitter for allegedly suppressing Wikileaks discussions (tweets with the hashtag #wikileaks), even though these threats have not yet materialized.

*Wikileaks is an international organization that publishes otherwise unavailable documents and news from anonymous news sources and leaks. These documents are often very controversial and have included private documents relating to the war in Afganistan. Julian Assange is recognized as the group founder and director.

Visit the PandaLabs blog for the latest information about the attacks.

For more information about Panda, visit http://www.pandasecurity.com/.

Twitter targeted by hackers this Christmas

–      Numerous Twitter accounts have been created to spread malicious code through festive messages

–      Every year threats are spread via email and social media using Christmas-themed messages

According to Panda Security, cyber-criminals are exploiting Twitter to spread malware in festive-themed messages. Using methods akin to Black Hat SEO techniques, hackers are taking advantage of trending topics to position malware distribution campaigns. Topics such as “Advent calendar”, “Hanukkah” or even “Grinch”, are among the most popular subjects used by hackers to entice users.

Thousands of tweets have been launched using festive-themed phrases, such as “Nobody cares about Hanukkah” or “Shocking video of the Grinch”, along with short URLs pointing to malicious websites.

Users that click the link will be taken to a page that infects systems with false codecs by exploiting a security hole in PDF files and tries to trick users into downloading a codec that is really a downloader Trojan, which in turn downloads more malware onto the compromised computer.

In addition to subjects related to Christmas, cyber-criminals are using other hot topics to spread their creations, including the Sundance festival, the AIDS campaign and the Carling Cup.

According to Jeremy Matthews, head of Panda’s sub-Saharan operations, “Social networks like Facebook and Twitter are becoming increasingly popular with hackers because of their ever-increasing number of users, and the ease at which they (the hackers) can post malicious links. That’s why the number of clicks, and therefore infections, tends to be very high.”

Keep your computer safe this Christmas

With the increased risk over the Christmas period, Panda offers users a series of practical security tips for using social media:

1) Don’t click suspicious links from non-trusted sources. This should apply to messages received through Twitter, through other social networks and even via email.

2) If you click on the links, check the target page. If you don’t recognize it, close your browser.

3) Even if you don’t see anything strange in the target page, but you are asked to download something, don’t accept.

4) If you do download or install an executable file and the PC starts to launch messages or behaves strangely, there is probably malware on your computer. In this case, you should check your computer with a free online scanner such as ActiveScan, available at: www.activescan.com

5) As a general rule, make sure your computer is well protected to ensure that you are not exposed to the risk of infection from any malicious code. You can protect yourself with the new, free Panda Cloud Antivirus solution (www.cloudantivirus.com).

“It is important to remember that hackers will take advantage of any big holiday or event, which is why it is important to remain extra vigilant during these times”, concludes Matthews.

For more information about Panda, visit http://www.pandasecurity.com/.