" twitter "

Panda marks Universal Children’s Day with web safety advice for kids

Panda Security marked Universal Children’s Day on the 20th of November with advice to children on how to use the Internet responsibly and ensure they enjoy the Web as safely as possible. This initiative from Panda Security aims to promote responsible and secure use of the Internet among young people, and is part of the company’s “Kids on the Web” campaign (www.kidsontheweb.com).

With this in mind, Panda offers this simple, practical guide to children:

  1. Don’t click suspicious links. When using instant messaging programs (such as MSN Messenger or any other chat application) or you receive an email, never click directly on any links. If the message or email comes directly from someone you know, then type the address in the browser. If you don’t know the person that it has come from, the best thing to do is to ignore it.
  2. It is dangerous to download or run files from unknown sources. You have probably gotten instant messages inviting you to download a photo, a song or a video. This file could have been sent by a dangerous program that has infected a friend’s computer and which is trying to spread to other users. Just in case, the best thing to do is ask your friend if they have really sent something. If they haven’t, let them know that they are infected so they can delete the file.
  3. Don’t speak to strangers. In chat rooms, social networks or across instant messaging, you can never be completely sure who you’re speaking to, as you can’t see them. Especially in online communities, where people have never met in real life. Never make friends with strangers, and never ever arrange to meet them in real life.
  4. Don’t send private information across the Internet. Never send private information (your address or phone number, etc.) via email or instant messaging, and never publish this kind of information in a blog or on a forum. You should also take care when you create profiles for sites such as Facebook or Myspace. You should never include information such as your age or your address.
  5. If you have the slightest doubt, be careful. If a program you don’t remember installing begins to display false infections or pop-ups inviting you to buy some type of product, be wary. You probably have some type of malware installed on your computer.
  6. Don’t browse the Web alone. If you’re going to search on the Internet, it’s much better to get an adult to guide and advise you on where to look. It is far more secure to visit trustworthy and official sites rather than unknown Web pages.
  7. Talk to your parents or teachers. If you see something suspicious or you receive a nasty or dangerous email, speak to an adult. They will be able to advise you.

“Many young children have online acces and the ‘digital gap’ between parents and children is exposing many young people to the dangers of the Internet”, explains Jeremy Matthews, head of Panda’s sub-Saharan operations. “We need to make sure our children can enjoy the Web in a healthy way. We always advise that the best way to achieve this is for parents and children to have a relationship based on trust, so it is not necessary to be constantly monitoring kids while they’re on social networks and the like”, he concludes.

More information at www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Visit our Facebook Page and Follow us on Twitter http://www.twitter.com/PandaSecurityZA

Panda Security launches new version of Panda Cloud Internet Protection

–       The new cloud-managed security solution, delivering protection for corporate environments against all types of Internet threats, includes new and powerful features to combat attacks

Panda Security has launched the new version 3.2 of Panda Cloud Internet Protection. The new cloud-managed security solution delivers protection for corporate environments against all types of Internet threats, including botnets, phishing, cross-site scripting and other advanced Web attacks.

The new version of Panda Cloud Internet Protection also delivers powerful access control features allowing companies to filter URLs and restrict access to social networks (Facebook, Twitter, YouTube, etc.), blogs or webmail, etc. This new solution offers three types of protection against such communities:

–       Prevention of infections from IT threats that spread across these types of platforms

–       Regulation of the use of these communities and corresponding bandwidth consumption

–       Detection and protection against data loss through HTTP/HTTPS (SSL) protocols, preventing sensitive corporate information from being published on Facebook or Twitter.

According to the “First Annual Social Media Risk Index for SMBs (Small to Medium Businesses)”, published by Panda Security, the main concerns for SMBs with respect to social networks include privacy issues and financial loss (74%), malware infections (69%), loss of productivity (60%) and issues related with corporate reputation (50%), followed by network performance problems (29%).

Panda Cloud Protection managed security suite

Panda Cloud Internet Protection is included in the Panda Cloud Protection cloud-managed security suite. This cloud-based solution offers maximum protection, cost reduction and increased productivity. The solution can be deployed in just a few minutes and is managed simply and centrally through Panda’s unique, intuitive cloud-based administration console.

Panda Cloud Internet Protection is sold on its own or as part of the Panda Cloud Protection suite, completing the cloud-based security lineup of Panda Security. The company’s SaaS offer now covers all major infection vectors: workstations and servers are protected with Panda Cloud Office Protection; corporate email with Panda Cloud Email Protection and now Internet protection is delivered by the new solution.

Panda Security’s innovative cloud solutions have received numerous international awards and recognition, including the Wall Street Journal Technological Innovation award.

For more information and free trials, go to http://cloudprotection.pandasecurity.com.

For more information about Panda, visit http://www.pandasecurity.com/.

Visit our Facebook Page and Follow us on Twitter  @PandaSecurityZA

‘Rainbow worm’ infected millions of twitter users

–       As many as 1,000 infections every 10 seconds was recorded

–       The attack is fully patched and is no longer exploitable

Global IT vendor Panda Security witnessed yesterday (21 September) the first massive infection of the popular social media site, Twitter. The source of the attack appears to be an account created in Twitter, called Rainbow, the name which has now been given to the worm: Image available at: http://www.flickr.com/photos/panda_security/5011843008/

This infection was caused by a weak spot in Twitter that lead to various unexpected occurrences when users on www.twitter.com ‘moused’ over the malicious tweet. Some of the effects included the automatic distribution of the malicious tweet to user’s followers and the appearance of strange messages, with giant letters reading ‘Hello’, as well as blacked out tweets. Users visiting their profiles were also redirected to other web addresses.

The vulnerability allowed javascript to be run, opening a host of possibilities to users with malicious intentions. The first injections of javascript appeared to be pranks. However, they have evolved, and it would seem that some users have been exploiting the vulnerability for other, more malicious ends.

“The scary thing is that the URL used in the attack could be used to exploit other vulnerabilities in users’ computers”, explains Jeremy Matthews, head of Panda’s sub-Saharan operations. “If, in addition to re-tweeting the code, a criminal was to embed the URL with drive-by-download techniques, we would be looking at millions of potential victims. However, this is unlikely as Twitter will presumably fix the security hole before this happens.”

Twitter clients that didn’t run javascript, such as TweetDeck, were unaffected and were therefore able to continue using the social network without risks. According to Panda, the Twitter site may now be used directly, as the vulnerability has been patched.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

The 2010 Panda Challenge begins

Panda Security is launching the Panda Challenge. Last year’s edition of the competition saw more than 4,000 entrants putting their considerable computer skills to the test.

This year the Panda Challenge asks participants to find the solution to two practical problems published in the PandaLabs Blog. In the first phase, users will have to download the game and then make a keyfile in order to play it; while the second phase involves finding a valid license for a program.

“We launched this challenge for the first time last year, unaware of the fantastic response we would get” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “We were pleasantly surprised to see such a high number of participants with such technical expertise. The challenges were not easy but lots of users managed to find the solution.”

The first challenge will be published on Saturday, July 17 at 09:00 (GMT + 2) and solutions must be received by Monday, July 19 at 17:00 PM (GMT + 2). The second challenge will be published the following weekend, on Saturday, July 24 at the same time, and solutions must be received by Monday, July 26. The winner will be the first contestant to send the correct solution to pandachallenge@pandasecurity.com.

Anyone, from any country, can take part, with no need to register or comply with any requirements. All participants can follow the contest and interact with each other on Twitter, using the hashtag #PC2010.

“This year we have taken into account the suggestions of contestants to better adapt the challenge to everyone’s needs: we’re running it at the weekend, with a timetable that allows people from all over the world to take part, etc. We hope users enjoy it as much as last year”, concludes Matthews.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Social network apps used to aid housebreaking

With the boom in social networks and the numerous applications now available for sharing information across the Internet, global IT vendor Panda Security advises users to take extra precautions in order to prevent falling victim to computer fraud.

“This year we advise users to take particular care with the information they share across social networks”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This applies particularly to applications used to plan journeys or to locate people geographically through GPS devices, as this information could easily be exploited and used to aid housebreaking.”

These types of applications have become highly popular over the last year. Facebook apps such as Doorpl or Trip Advisor (which show messages describing where you are or where and when you are planning to go); the Twitter geolocation utility (displaying where tweets have been sent from), or services for locating mobile devices through GPS (now widely employed by iPhone or Android users), are just a few examples.

While many of these programs are interesting and fun, the problem lies in the exploitation of this information by criminals. The emergence (and closure) of services like Pleaserobme, which as its name suggests, connects with these applications to offer information about who is not at home, is just one example of the abuse of these applications. “This underlines how careless we can be as users when offering personal information publicly”, adds Matthews.

There are numerous precautions that users are encouraged to take in order to prevent being exploited during the holiday season.

Users who take their PC’s with them on holiday are advised to back up all their information as they face the risk of having their PC’s stolen or breaking down while away. In addition they are advised to have reliable, up-to-date protection with all the necessary security patches installed.  

Although encrypting the information on their hard disks may seem a tiresome or complex task, is another strong security measure Panda encourages users to take as it prevents anyone from accessing data without the right password.

Furthermore, users should never connect to unprotected WiFi networks, as they could be hooking up to a network set up by hackers to steal any information that they share across the Internet. It is always better to use secure, trusted networks, even if it means paying more. Lastly, users are advised to take care with email as phishing attacks and spam are becoming increasingly sophisticated.

In addition to this holiday advice, there are constant precautions that should always be taken.

No one should use applications for planning journeys offered by social networks, to ensure that you can’t be located. Similarly, users shouldn’t accept the geolocation function in Twitter or use this application from their cell phones.

Users who do spend time in chat rooms while on holiday should also never reveal any personal or confidential details to anyone unknown. If users notice any suspicious behavior on social networks (strangers with too much of an interest in your holiday destination, dates, etc.) they should contact the police. All these safety tips should be shared with children, who are more naïve than their parents and therefore make easier targets.

“In addition to the above, it is worth remembering some of the basic security measures at this time of year. Turn off your router when you leave home, beware of typical, holiday-themed phishing, take care with dubious looking websites, as many of them are designed to infect your computer… and, above all, have a great holiday”, concludes Matthews.

More information is available at the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

Trojans 70% of new malware detected

Trojans accounted for 70% of all new malware between April and June 2009, according to data compiled in the latest PandaLabs Quarterly Report.

Trojans were also responsible for more infections than any other type of malware over this period. This type of malware was behind 34.37% of all infections detected by Panda, an increase of 2.86% with respect to the previous quarter. Adware infection levels remained stable, accounting for 19.62% of the total.

One of the most notable findings of the report is the 6.25% drop in spyware, which now represents just 6.9% of all new malware. In contrast, adware rose dramatically over this period, from 7.54% in the previous quarter to 16.37%. This is largely due to the surge in fake antivirus applications, a type of adware that passes itself off as a legitimate security solution.

As for worms, their percentage has also risen slightly, now accounting for 4.4% of all malware. Dialers, at 4.48%, stubbornly refused to disappear despite the overriding trend for broadband instead of dial-up connections.

In terms of specific strains of malware, the number one ranked specimen in Q2 was Downloader.MDW, a Trojan designed to download other malware on to computers. The Virtumonde spyware and Rebooter.J Trojan were also among the malicious codes that caused most infections.

Malicious use of Twitter

A worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users. It then infected the new user’s profile to continue propagating. New variants appeared, and finally the creator’s identity was revealed: one Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using different techniques, above all BlackHat SEO. Twitter has a feature called “Trending Topics”, which is a list of the most popular topics that appears in the interface of all Twitter users. When users select a topic through this feature, they will see all ‘tweets’ published related to this issue.

In this case, malicious users were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded. The first attack focused on just one of the topics, but just a few days later the scope of the attack increased and all popular topics contained malicious links. When the actor David Carradine died, in just a few hours there were hundreds of malicious tweets, and the same occurred with other popular issues on Twitter.

You can download the PandaLabs Quarterly Report here.