" virus "

Top five urban myths in the IT security sector

The IT security industry is no stranger to urban myths: stories that spread and, over time, become accepted as general truths. Global IT vendor Panda Security has been asking its community, mainly through Facebook and Twitter, which myths come to mind when talking about antivirus companies, and below we look at the top five answers.

  1. Antivirus security companies make the viruses. This is a claim we have often heard at Panda Security throughout our 20 years in the business, and no doubt the same goes for other companies in the sector. The claim is absurd, particularly if you think that we receive around 55,000 new viruses every day. What’s more if it were true, such a scandal would surely have been uncovered in the 20 or more years that the sector has been protecting users. 
  2. Security companies hire hackers. Of course we can’t speak on behalf of the entire industry, but at Panda Security this issue has been a concern for us and we have never knowingly contracted ‘black hat’ hackers. We have however hired -and we are always looking out for- ‘white hat’ (basically, the good guys) hackers. Another variation of this myth is that you have to be an IT engineer to work in IT security, which is also false. The profile of those who work at Panda is highly varied: engineers, mathematicians, physicists, self-taught, etc. 
  3. There are no viruses for Mac, Linux or cell phone platforms. We would all like this to be true! It is commonly held that none of these present any risks to users, as viruses are only designed for Windows platforms. The truth is that there are viruses for all these platforms. The difference lies in the amount of threats circulating in comparison with those designed for Windows. The explanation is simple: hackers are looking for profit. If the aim is to reach as many people as possible and consequently more potential victims to steal from, what is the best target? A platform with 10 million users or one with 500 million? The answer is obvious.
  4. It requires considerable knowledge to be a hacker, develop viruses, infiltrate systems… in some cases yes, in others no. Some years ago it was difficult to develop viruses, worms, Trojans, etc., and it required technical know-how. In fact many hackers started out “just messing around” while they learnt, and acquired significant knowledge of programming languages, communication protocols, etc. Today this is no longer necessary, as in the case we witnessed recently with Operation Mariposa, those responsible had quite limited knowledge. This is because kits are sold across the Internet which enables amateur hackers to generate and configure malware. We wouldn’t quite say that anyone can do it, but with a little bit of knowledge and dedication, it’s possible to construct, for example, a botnet capable of infecting 13 million computers around the world.
  5. Women don’t work in security companies. This assumption is as frequent as it is untrue. At Panda Security the truth is quite different: more than 30% of the workforce is female, and many women are working in technical or management areas. This figure is growing, as an increasing amount of women are training for sectors such as IT security.

More info and urban myths at:

http://pandalabs.pandasecurity.com/deconstructing-the-urban-myths-in-the-it-security-sector/

For more information about Panda, visit http://www.pandasecurity.com/.

Follow us on Facebook and Twitter @PandaSecurityZA

25% of new worms spread through USB devices

–       48% of SMBs worldwide infected every year.

–       Third of infections caused by worms that spread on USB devices

According to Panda Security, 25% of new worms have been specifically designed to spread through USB storage devices. However, these types of threats can copy themselves to any device capable of storing information including cell phones, external hard drives, DVDs, flash memories, MP3/4 players, etc. 

The data gathered suggests that this distribution technique is highly effective. According to Panda’s Second International SMB Security Barometer, which surveyed 10,470 companies across 20 countries, some 48% of SMBs admit to having been infected by some type of malware over the last year. 27% also confirmed that the source of the infection was a USB device connected to a computer.

“Not only does the malware copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer”, says Jeremy Matthews, head of Panda’s sub-Saharan operations. “This has been the case with many of the major infections we have seen this year, like the Mariposa and Vodafone botnets”.

So far, these types of infection are still outnumbered by those that spread via email, but it is a growing trend. There are a growing number of devices on the market that can be connected via USB to a computer. Clearly, this is very convenient for users, yet all these devices have memory cards or internal memories. “This kind of technology makes it very easy for your cell phone, for example, to be carrying a virus without your knowledge”, adds Matthews.

How does it work?

There is an increasing amount of malware which, like the dangerous Conficker worm, spreads via removable devices and drives such as memory sticks, MP3 players, digital cameras, etc. The basic technique used is as follows. Windows uses the Autorun.inf file on these drives or devices to know which action to take whenever they are connected to a computer. This file offers the option to automatically run part of the content on the device when it connects to a computer and it is this feature that is being used by cyber-crooks to spread viruses. The Autorun.inf is modified with commands so that malware stored on the USB drive, for example, is run automatically when the device connects to a computer. The computer in question is then immediately infected.

To prevent this, Panda Security has developed Panda USB Vaccine, a free product which offers a double layer of preventive protection, disabling the AutoRun feature on computers as well as on USB drives and other devices.

“This is a useful tool as there is no simple way of disabling the AutoRun feature in Windows. The vaccine makes it simple for users and offers a high level of security against infections through removable drives and devices”, concludes Matthews.

Download Panda USB Vaccine free from: http://www.pandasecurity.com/homeusers/downloads/usbvaccine/.

More information about the Second International SMB Security Barometer is available at: http://press.pandasecurity.com/wp-content/uploads/2010/08/2nd-International-Security-Barometer.pdf

For more information about Panda, visit http://www.pandasecurity.com/

10 tell-tale signs of PC infection

  • Does your computer talk to you? Can’t use the Internet? Have your files disappeared? You might be infected…

Users are often advised to use an antivirus to check if their systems are infected, but with the current cyber-crime scenario, this is simply not enough.

“It takes a least a basic grasp of security issues to work out if a computer is infected, and many first-time users have little or no idea” says Jeremy Matthews, head of Panda’s sub-Saharan operations. “However, while many of today’s threats are specifically designed to go undetected, there are still some tell-tale signs if a system has been compromised.”

Global IT vendor Panda Security has produced a simple guide to the 10 most common symptoms of infection, to help users identify if their systems are at risk:

1. My computer speaks to me: There are all types of pop-ups and messages on the desktop either advertising things, saying that the PC is infected and needs protection etc. This is a typical, surefire case of an infection. There is either spyware on the computer, or it has been infected by a fake antivirus also known as “rogueware”.

2. My computer is running extremely slowly: This could be a symptom of many things, including infection by a virus. If it has been infected by a virus, worm or Trojan, among other things, which are running on the computer, they could be running tasks that consume a lot of resources, making the system run more slowly than usual.

3. Applications won’t start: How many times have you tried to run an application from the start menu or desktop and nothing happens? Sometimes another program might even run. This could be another type of problem, but it’s a symptom that tells you that something is wrong.

4. I cannot connect to the Internet or it runs very slowly: Loss of Internet communication is another common symptom of infection, although it could also be due to a problem with your service provider or router. You might also have a connection that runs much more slowly than usual. If you have been infected, the malware could be connecting to a URL or opening separate connection sessions, thereby reducing your available bandwidth or making it impossible to use the Internet.

5. When I connect to the Internet, all types of windows open or the browser displays pages I have not requested: This is certain sign of infection. Many threats are designed to redirect traffic to certain websites against the user’s will, and can even spoof Web pages, making you think you are on a legitimate site when really you have been taken to a malicious imitation. 

6. Where have my files gone? Hopefully nobody will be asking this type of question, although there are still some threats around designed to delete or encrypt information and to move documents from one place to another. If you find yourself in this situation, get help as quickly as possible.

 7. My antivirus has disappeared, my firewall is disabled: Another typical characteristic of many threats is that they disable security systems (antivirus, firewall, etc.) installed on computers. Perhaps if one thing shuts down it might just be a specific software failure; but if all your security components are disabled, you are almost certainly infected.

 8. My computer is speaking a strange language: If the language of certain applications changes, the screen appears back-to-front or strange insects start ‘eating’ the desktop; it is likely that you have an infected system.

 9. Library files for running games, programs, etc. have disappeared from my computer: Once again, this could be a sign of infection, although it could also be down to incomplete or incorrect installation of programs.

10. My computer has gone mad… literally: If the computer starts acting on its own, you suddenly find your system has been sending emails without your knowledge, Internet sessions or applications open sporadically on their own, your system is probably compromised by malware.

Panda advises all users, who have identified with one or more of the scenarios above, to look for alternative security applications to the one (if any) they have installed. Users don’t need to uninstall their existing application; but can simply use a free, online antivirus such as Panda ActiveScan. Alternatively, they can install an antivirus that is compatible with other engines, such as Panda Cloud Antivirus, which is also free.

“Getting a second opinion on the health of your PC could save your data, your privacy and in many cases, your money”, concludes Matthews.

More information is available in the PandaLabs blog: http://www.pandalabs.com

For more information about Panda, visit http://www.pandasecurity.com/.

iPads infected with iPhone virus

Panda  Security has found that malware designed to infect iPhones can also compromise the popular iPad.

Given the increasing popularity of Apple devices and their growing market share, malware designed specifically to target these platforms is beginning to attract more attention. Last year, Panda raised the alert about a worm, iPhone/Eeki, able to infect jailbroken iPhones (i.e. those that have been tampered with in order to install unofficial applications). The worm was also able to spread to iPod Touch.

Logically, all malware designed for iPhones will have the same ability to infect and spread to iPad devices. This is because the iPad and the iPhone share the same operating system, known as iPhone (v3), or iOS (v4) in the forthcoming version.

‘This doesn’t mean we’re about to face an avalanche of infections’, says Jeremy Matthews, head of Panda’s sub-Saharan operations. ‘However, we have always stated that as Apple takes more market share, cyber-crooks will begin to show more interest in targeting those that use this platform.’

Despite the fact that Apple decided to totally close off the hardware (making it impossible to install peripherals) and the software (all applications are installed from the manufacturer’s App Store) cyber-criminals have found a way to infect jailbroken devices with malware.

‘With more and more proof of Apple being targeted, we advise all Mac users to follow the manufacturer’s recommendations to increase security on their operating systems’ concludes Matthews.

Since 1990, Panda’s mission has been to detect and eliminate new threats as rapidly as possible in order to offer maximum security. To do so, PandaLabs has an innovative automated system that analyzes and classifies thousands of new samples a day and returns automatic verdicts (malware or goodware). This system is the basis of collective intelligence, Panda’s new security model which can even detect malware that has evaded other security solutions.

Currently, 99.4% of malware detected by Panda is analyzed through this system of collective intelligence. This is complemented by the work of several teams, each specialised in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc).This translates into simple, secure and resource-friendly solutions for users.

For more information, visit http://www.pandasecurity.com/.

Malware goes retro with the spread of the Sality.AO virus

Panda Security’s malware detection and analysis laboratory has noted an increase in the number of infections caused by Sality.AO, a virus that combines the features of traditional viruses (infecting files and damaging as many computers as possible to achieve notoriety for creators) with the objectives of new malware, i.e. generating financial returns for cyber-criminals. The global security vendor is therefore advising users to be on their guard against a potentially massive attack.

“Sality.AO uses some techniques which haven’t been seen for years, such as EPO or Cavity,” says Jeremy Matthews, the head of Panda Security’s sub-Saharan operations. “These techniques relate to the way in which the original file is modified in order to infect it, making it more difficult to detect these changes and to disinfect it. EPO allows part of a legitimate file to be run before infection starts, making it difficult to detect the malware while Cavity involves inserting the virus code in blank spaces within the legitimate file’s code, making it both more difficult to locate and to disinfect infected files.”

Matthews says that these techniques are far more complex than those that can be achieved with automatic malware creation tools, which have been responsible for much of the increase in the number of threats in circulation recently. They require much greater skill and knowledge of malicious code programming.

In addition to these techniques related with early malware, Sality.AO includes a series of features associated with new malware trends, such as the possibility to connect to IRC channels to receive remote commands, which could potentially turn the infected computer into a zombie. Such zombie computers can be used for sending spam, distributing malware and denial of service attacks.

Similarly, infections are not just restricted to files, as was the case with old viruses, but also look to propagate across the Internet, in line with new trends. To this end, it uses an iFrame to infect PHP, ASP and .HTML files on the computer. The result is that when any of these files are run the browser is redirected, without the user’s knowledge, to a malicious page that launches an exploit against a computer in order to download more malware.

If any of the infected files are posted on a webpage – bearing in mind these file types are typically uploaded to the Web – any users downloading the files or visiting the webpages will become infected.

The file downloaded through this technique is regarded by Panda as “hybrid malware” as it combines the functions of Trojans and viruses. The Trojan, in addition, has downloader features for downloading other strains of malware to the computer. The URLs used by this downloader were still not operative at the time of the Panda’s analysis, but they could become active as the number of infected computers increases.

“As we forecast in the annual PandaLabs report, the distribution of classic malicious code such as viruses will be a major trend in 2009. The use of increasingly sophisticated detection technologies like Panda Security’s Collective Intelligence, capable of detecting even low-level attacks and the newest malware techniques, will make cyber-crooks return to old codes, adapted to new needs. This means they won’t be viruses designed simply to spread or damage computers, as they were 10 years ago, but will be designed, such as in this case, to hide Trojans or turn computers into zombies,” concludes Matthews.