London, April 10, 2008
Panda Security, one of the world’s leading IT security providers, has today announced the global availability of Panda Security for Internet Transactions, an antifraud service for online transactions to protect against identity theft targeting online banks, pay platforms and e-commerce. This service warns companies when there is a targeted attack through malware and offers the tools to identify and block affected users, thereby reducing the possibility of online fraud.
Panda Security for Internet Transactions is Panda’s response to a dramatic increase in online fraud. Today, more than 40% of new malware is designed for online fraud, and according to a recent study conducted by Gartner, phishing attacks caused only in US alone losses to consumers of US$3.2 billion (£1.6bn) in 2007.
This new solution enables banks and businesses with online services to ensure that users launching transactions on their websites are not infected by any malicious code that affects the service. Banks and pay platforms can see the security status of their users and effectively manage the risk involved in online transactions.
Bankinter, a leader in online banking in Spain, has already implemented this solution to protect clients from the risks of online fraud.
Dominic Hoskins, Country Manager, Panda Security UK, stresses that this service does not just benefit online organizations but also their clients, as this new service will assure that their bank details, passwords, and identity information are safe when operating online.
“This is an innovative new service designed to help reduce the risks associated with online transactions across all online payment platforms. It will dramatically reduce the possibility of fraudulent operations as this is the only service on the market offering information about the security status of clients ”, adds Hoskins.
Panda Security for Internet Transactions leverages the benefits of Collective Intelligence, an innovative security model developed by Panda Security. This system is based on the collection of information concerning malware from the Internet community and the automated processing of this data in new, purpose-built data centers. As the knowledge is accumulated on Panda servers and not on clients’ computers, Collective Intelligence rapidly maximizes the detection capacity of Panda solutions while reducing clients’ bandwidth usage and resource consumption.
The benefits that this service offers organizations include:
- Reduction of online fraud: Panda Security for Internet Transactions provides tools and information to stop fraudulent activity. Organizations are rapidly alerted whenever there is a new malware attack targeting their users, and delivered the information needed to respond in time. Organizations will see how malware operates and how they can protect themselves. They can prevent infected users from accessing their website reducing the effects of online fraud.
- Control and management of threats to online transactions: This is the only service on the market offering information about a security status of clients (Advanced Customer Device Information). This can be used by an organization to create risk profiles, meaning the service can be configured to restrict the permission to carry out transactions to those clients that meet pre-determined security requirements.
- Expanding business thanks to improved security: Users’ lack of confidence in online security is one of the prime reasons for their reticence to use Web services. This tool reduces online fraud and allows companies to offer clients a secure environment for online transactions.
- Reduced operating costs: Currently, when users discover that someone has been operating fraudulently using their identity, they claim against the bank or company involved. Consequently, the bank or company is responsible for the loss and associated costs (compensation, insurance,…), and has to ensure that the attack is not further exploited to steal from other users. They have to find the malware responsible for the attack, discover how to block its effects and implement the strategy, and finally, calculate the impact it has had on its users and its business. This usually takes a minimum of 48 hours; sufficient time for the amount of money lost to increase considerably. Thanks to Panda Security for Internet Transactions these costs can be dramatically reduced by blocking the attempted fraud in real time.
Adware caused most infections in Q1 2008
Adware accounted for 28.58% of all infections, Trojans came second with 25.46%
London, April 1, 2008
According to the Q1 2008 report from PandaLabs (Panda Security) adware was the most common malware type in the first three months of the year and accounted for 28.58% of all infections.
New malware in 1st Q
Trojans with 25.46% of all infections, and worms with 9.94%, were the other most prevalent malicious codes.
With respect to new strains that have appeared over the last three months, 62.16% were Trojans, 20.34% were adware and 8.87% were worms.
“The huge amount of new Trojans put in circulation every month indicates that cyber-criminals are interested in creating new strains more frequently, making detection increasingly difficult for security solutions. These fail to update signature files in time, leaving users unprotected”, says Dominic Hoskins, UK Country Manager, Panda Security UK.
As for the most active viruses in the first quarter of 2008, the list is headed by the Comet adware. Another adware NaviPromo has taken second spot while notorious infection spreader Bagle.HX worm came third.
Threats to cell phones
PandaLabs Q1 2008 report includes a specific section on threats to cell phones: Smartphones, iPhones, etc. According to Panda Security’s laboratory, the main threats to these devices are worms, Trojans and spyware (spyphone).
Hoskins explains that their behaviour and features are similar to malicious codes for computers. He adds: “Trojans designed to steal confidential data like email passwords, instant messaging contacts etc. are the most prevalent, with 54.48% of all infections. This shows attacks against cell phones are becoming increasingly sophisticated”.
PandaLabs has outlined the following issues as the most likely to occur as a result of malicious activities targeting smartphones:
Malfunction: cell phone blocking.
Loss of productivity: battery consumption.
Unnecessary costs: sending of SMS to premium numbers.
Loss of data and information: deletion of folders and messages.
Theft of confidential information: phone numbers, SMS or other sensitive data that could be stored in the device.
PandaLabs Q1 2008 report details information on issues such as the main vulnerabilities discovered over the first three months of the year; a recent innovative attack that uses rootkits capable of replacing the computer’s Master Boot record (MBR); or an analysis of the evolution of “Storm Worm”, considered as one of the most prevalent worms in the previous year.
You can download the PandaLabs Quarterly report from http://www.pandasecurity.com/homeusers/security-info/tools/reports
Security Software industry takes first steps towards forming anti-malware testing standards
February 2, 2008
.jpg)
More than 40 security software technologists and anti-malware testers from around the world recently met in Bilbao, Spain to formalize the charter of the Anti-Malware Testing Standards Organization, or AMTSO. The formation of AMTSO has been driven by industry-wide concern about the increasing mismatch between what anti-malware technologies actually do, and the testing methodologies used to evaluate them. As anti-malware solutions become more complex, many existing tests are unable to evaluate product effectiveness properly, resulting in product reviews that are sometimes incomplete, inaccurate and misleading.
AMTSO is focused on addressing the global need for improvement in the objectivity, quality and relevance of testing methodologies. The organisation also aims to promulgate universally adopted standards and guidelines for anti-malware testing. The vision for AMTSO was formed in May 2007during the International Antivirus Testing Workshop in Reykjavik, Iceland, and developed further during the Antivirus Asia Researchers Conference in Seoul, South Korea last December. Pursuant to its preliminary charter, AMTSO will:
.jpg)
Parties converge to address objectivity, quality and relevance of current anti-malware testing methodologies.
More than 40 security software technologists and anti-malware testers from around the world recently met in Bilbao, Spain to formalize the charter of the Anti-Malware Testing Standards Organization, or AMTSO. The formation of AMTSO has been driven by industry-wide concern about the increasing mismatch between what anti-malware technologies actually do, and the testing methodologies used to evaluate them. As anti-malware solutions become more complex, many existing tests are unable to evaluate product effectiveness properly, resulting in product reviews that are sometimes incomplete, inaccurate and misleading.
AMTSO is focused on addressing the global need for improvement in the objectivity, quality and relevance of testing methodologies. The organisation also aims to promulgate universally adopted standards and guidelines for anti-malware testing. The vision for AMTSO was formed in May 2007during the International Antivirus Testing Workshop in Reykjavik, Iceland, and developed further during the Antivirus Asia Researchers Conference in Seoul, South Korea last December. Pursuant to its preliminary charter, AMTSO will:
- Provide a forum for discussions related to the testing of anti-malware and related products;
- Develop and publicize objective standards and best practices for testing of anti-malware and related products;
- Promote education and awareness of issues related to the testing of anti-malware and related products;
- Provide tools and resources to aid standards-based testing methodologies; and,
- Provide analysis and review of current and future testing of anti-malware and related products.
Hosted by Panda Security, the meeting in Bilbao included representatives from the industry’s leading companies and testing organizations.
Pedro Bustamante, Senior Research Advisor, Panda Security said: “The current Internet threat panorama requires the use of new technologies to provide adequate protection for IT systems. However, existing tests only evaluate certain aspects of the various security solutions available. For this reason, any users who simply go by the results of a test that doesn’t fully analyze each and every one of the capabilities of these solutions, will not have an objective perspective of whether a product is truly effective or not. We are convinced that the work of AMTSO – an organization to which we are proud to belong - will mitigate this situation, thereby contributing to improving IT protection for all users”.
Half a million computers infected with bots every day, PandaLabs annual report
January 22, 2008
Some half a million computers are infected by bots every day, according to data compiled by PandaLabs in its annual report on malware activity in 2007.
Approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85 percent of all spam sent.
Creators of botnets, known also as “bot herders” rent out such networks to the highest bidder. These are used then for downloading malware onto infected computers, causing denial of services, or most frequently sending spam.
According to the report, spam was one of the major threats during 2007. In fact, more than 50 percent of email received by home users was spam, while the percentage in corporate environments ran at between 80 to 95 percent.
PandaLabs estimates that it would take around 2,000 terabytes of disk space to store the total volume of spam sent in one day.
Dominic Hoskins, Panda UK, said: “It is important that Senior IT professionals, Risk Managers and eCommerce Managers are aware of the latest dangers that bots pose. Panda Security is hosting a specialist Security Seminar on the 25th January at the London Stock Exchange that will deliver a detailed assessment of the evolving threat landscape and the impact of malware on business today. The seminar will be an opportunity to learn how to address dangers posed by botnets and types of bots that cybercrooks use to operate as agents for a user or another program to simulate human activity.”
The report further points out that the subject matter and origin of most junk mail is varied. Sexual health was the most popular theme during the first quarter of 2007, accounting for 54 percent of all spam detected. In the second and third quarters, pharmaceuticals topped the list, with 45 percent and 30 percent respectively.
Russia topped the list of most notorious spam senders with 60 percent of all spam detected, while USA came second with 23 percent. Turkey (6 percent), Germany (4.7 percent) and the UK (3 percent) are among other countries from which a significant amount of spam is sent.
In 2007, PandaLabs uncovered several tools such as Zunker or Barracuda used to administer networks of thousands of infected computers across more than 50 countries.
The PandaLabs 2007 Annual Report also examines the following issues relating to malware:
-- Quarterly and annual malware statistics for 2007
-- The evolution malware kits
-- The use of social engineering as a means to distribute
malware
-- Internet crime trends for 2008
To download the PandaLabs 2007 Annual Report go to:
http://www.pandasecurity.com/homeusers/security-info/tools/reports
Bookings for Panda Security Seminar can be made at http://www.saferdigitalworld.com/
Some half a million computers are infected by bots every day, according to data compiled by PandaLabs in its annual report on malware activity in 2007.
Approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85 percent of all spam sent.
Creators of botnets, known also as “bot herders” rent out such networks to the highest bidder. These are used then for downloading malware onto infected computers, causing denial of services, or most frequently sending spam.
According to the report, spam was one of the major threats during 2007. In fact, more than 50 percent of email received by home users was spam, while the percentage in corporate environments ran at between 80 to 95 percent.
PandaLabs estimates that it would take around 2,000 terabytes of disk space to store the total volume of spam sent in one day.
Dominic Hoskins, Panda UK, said: “It is important that Senior IT professionals, Risk Managers and eCommerce Managers are aware of the latest dangers that bots pose. Panda Security is hosting a specialist Security Seminar on the 25th January at the London Stock Exchange that will deliver a detailed assessment of the evolving threat landscape and the impact of malware on business today. The seminar will be an opportunity to learn how to address dangers posed by botnets and types of bots that cybercrooks use to operate as agents for a user or another program to simulate human activity.”
The report further points out that the subject matter and origin of most junk mail is varied. Sexual health was the most popular theme during the first quarter of 2007, accounting for 54 percent of all spam detected. In the second and third quarters, pharmaceuticals topped the list, with 45 percent and 30 percent respectively.
Russia topped the list of most notorious spam senders with 60 percent of all spam detected, while USA came second with 23 percent. Turkey (6 percent), Germany (4.7 percent) and the UK (3 percent) are among other countries from which a significant amount of spam is sent.
In 2007, PandaLabs uncovered several tools such as Zunker or Barracuda used to administer networks of thousands of infected computers across more than 50 countries.
The PandaLabs 2007 Annual Report also examines the following issues relating to malware:
-- Quarterly and annual malware statistics for 2007
-- The evolution malware kits
-- The use of social engineering as a means to distribute
malware
-- Internet crime trends for 2008
To download the PandaLabs 2007 Annual Report go to:
http://www.pandasecurity.com/homeusers/security-info/tools/reports
Bookings for Panda Security Seminar can be made at http://www.saferdigitalworld.com/
2008 will witness avalanche of malware designed for stealing money, PandaLabs reports
December 20, 2007
PandaLabs, Panda Security’s anti-malware laboratory, has forecast how Internet threats will evolve in 2008.
One of the key factors will be the increase in the amount of known and unknown malware in circulation. If there has already been a notable increase in 2007 compared to previous years, this trend will most likely intensify in 2008.
PandaLabs also expects this growth to affect platforms that have not previously been targeted by cyber-crooks. There could be an increase in threats aimed at Mac systems or VoIP services.
The objectives of threat creators will remain the same as today, i.e, obtaining confidential data for online fraud and theft. Banker Trojans will continue to be present and there will be a significant rise in the number of Trojans designed to steal information from users of social networks (Myspace, Facebook, etc.), and online games. The year 2007 saw this kind of data theft consolidate as a new criminal business model on the Internet.
According to Luis Corrons, technical director of PandaLabs, “The current platforms will not be the only ones under attack. As systems like iphone, gphone, etc., become more popular among users, malware creators will start to use them to spread their creations and obtain benefits”.
Main means of propagation
Over the current year we have seen the increasing use of malware installation kits capable of exploiting vulnerabilities in servers. These would modify web pages that automatically infected the visitors’ computers. Such activities will increase considerably in 2008, as these tools have proven to be very effective when it comes to infecting a large number of systems. Also, cyber-criminals will continue to be on the lookout for new vulnerabilities in operating systems and applications that allow them to install malware without the user’s knowledge.
In addition to this, classic techniques like social engineering will continue to be used although they could adopt new forms: from greeting cards to fake Windows updates, as has occurred recently.
Another means of propagation in 2008 will be the so-called “drive-by download”, which consists of inserting a page that can detect vulnerabilities on target computers to infect them.
More complex malware
Malware attacks have been increasingly sophisticated throughout 2007 in the technological field and there is evidence that new malware is becoming increasingly complex. This complexity stems from the merging of several types of threats, resulting in the appearance of hybrid malware. It appears that this phenomenon will continue over the next year.
PandaLabs notes that malware such as bots or Trojans will be controlled remotely not only through IRC, but also P2P networks or the HTTP protocol. “This is cyber-crooks’ way of ensuring the success of their malicious activities, as this type of system allows communications to be encrypted, making detection harder”, explains Luis Corrons.
Dominic Hoskins, Panda UK, added: “Thanks to Panda Security's Collective Intelligence Model we continue to be able to detect and analyse new threats rapidly and are well prepared to protect our customers. PandaLabs leads the way in threat detection, which is good news for our customers”.
Panda Security offers several free tools for scanning PCs at http://www.infectedornot.com/
PandaLabs, Panda Security’s anti-malware laboratory, has forecast how Internet threats will evolve in 2008.
One of the key factors will be the increase in the amount of known and unknown malware in circulation. If there has already been a notable increase in 2007 compared to previous years, this trend will most likely intensify in 2008.
PandaLabs also expects this growth to affect platforms that have not previously been targeted by cyber-crooks. There could be an increase in threats aimed at Mac systems or VoIP services.
The objectives of threat creators will remain the same as today, i.e, obtaining confidential data for online fraud and theft. Banker Trojans will continue to be present and there will be a significant rise in the number of Trojans designed to steal information from users of social networks (Myspace, Facebook, etc.), and online games. The year 2007 saw this kind of data theft consolidate as a new criminal business model on the Internet.
According to Luis Corrons, technical director of PandaLabs, “The current platforms will not be the only ones under attack. As systems like iphone, gphone, etc., become more popular among users, malware creators will start to use them to spread their creations and obtain benefits”.
Main means of propagation
Over the current year we have seen the increasing use of malware installation kits capable of exploiting vulnerabilities in servers. These would modify web pages that automatically infected the visitors’ computers. Such activities will increase considerably in 2008, as these tools have proven to be very effective when it comes to infecting a large number of systems. Also, cyber-criminals will continue to be on the lookout for new vulnerabilities in operating systems and applications that allow them to install malware without the user’s knowledge.
In addition to this, classic techniques like social engineering will continue to be used although they could adopt new forms: from greeting cards to fake Windows updates, as has occurred recently.
Another means of propagation in 2008 will be the so-called “drive-by download”, which consists of inserting a page that can detect vulnerabilities on target computers to infect them.
More complex malware
Malware attacks have been increasingly sophisticated throughout 2007 in the technological field and there is evidence that new malware is becoming increasingly complex. This complexity stems from the merging of several types of threats, resulting in the appearance of hybrid malware. It appears that this phenomenon will continue over the next year.
PandaLabs notes that malware such as bots or Trojans will be controlled remotely not only through IRC, but also P2P networks or the HTTP protocol. “This is cyber-crooks’ way of ensuring the success of their malicious activities, as this type of system allows communications to be encrypted, making detection harder”, explains Luis Corrons.
Dominic Hoskins, Panda UK, added: “Thanks to Panda Security's Collective Intelligence Model we continue to be able to detect and analyse new threats rapidly and are well prepared to protect our customers. PandaLabs leads the way in threat detection, which is good news for our customers”.
Panda Security offers several free tools for scanning PCs at http://www.infectedornot.com/
Panda Security Seminar Planned for New Year
In-depth assessment of the issues around online fraud in Internet transactions
December 11, 2007
Panda Security is hosting a Security Seminar in January aimed at delivering a detailed assessment of the evolving threat landscape and the impact of malware on business today.
The one-day event will be held at The London Stock Exchange on Friday January 25th 2008, and is aimed at senior IT professionals, Risk Managers and eCommerce Managers in corporate organisations throughout the UK.
Analysis will be provided by Andrew Jaquith at The Yankee Group on the ‘malware paradox: perception vs. reality’ and the seminar will also hear commentary from Panda’s own senior research advisor, Pedro Bustamente on how solutions are being created to address the key issues. Subjects for discussion will include what motivates cyber criminals; just how far the silent malware epidemic reaches; the techniques used in cyber crime; and details of infection ratios in protected systems.
Dominic Hoskins, Country Manager at Panda UK, said: “In the last fortnight alone two major security alerts have dominated national and international headlines, putting computer security at the very top of the agenda. Delegates to the Panda Security Seminar can expect to come away with a very clear understanding of the current situation relating to Internet threats, and more importantly, the means with which to prevent and combat these ever increasing threats to business.”
Delegate places are being offered free of charge on a strictly limited basis, but organisations that rely at any level on online monetary transactions, Internet banking or other online communication where private and confidential data is transferred should contact Panda for more information at http://www.saferdigitalworld.com/.
December 11, 2007
Panda Security is hosting a Security Seminar in January aimed at delivering a detailed assessment of the evolving threat landscape and the impact of malware on business today.
The one-day event will be held at The London Stock Exchange on Friday January 25th 2008, and is aimed at senior IT professionals, Risk Managers and eCommerce Managers in corporate organisations throughout the UK.
Analysis will be provided by Andrew Jaquith at The Yankee Group on the ‘malware paradox: perception vs. reality’ and the seminar will also hear commentary from Panda’s own senior research advisor, Pedro Bustamente on how solutions are being created to address the key issues. Subjects for discussion will include what motivates cyber criminals; just how far the silent malware epidemic reaches; the techniques used in cyber crime; and details of infection ratios in protected systems.
Dominic Hoskins, Country Manager at Panda UK, said: “In the last fortnight alone two major security alerts have dominated national and international headlines, putting computer security at the very top of the agenda. Delegates to the Panda Security Seminar can expect to come away with a very clear understanding of the current situation relating to Internet threats, and more importantly, the means with which to prevent and combat these ever increasing threats to business.”
Delegate places are being offered free of charge on a strictly limited basis, but organisations that rely at any level on online monetary transactions, Internet banking or other online communication where private and confidential data is transferred should contact Panda for more information at http://www.saferdigitalworld.com/.
New Zealand botnet crackdown dangerous despite 2007 bots drop
December 3, 2007
Panda Security warns that the number of malicious bots has declined in 2007 from 3.46% to 2.25%¹ but their high profile financial notoriety continues to cause significant damage as it was exposed in recent botnet crackdown in New Zealand².
The botnet took control over estimated 1.3 million computers and illegally embezzled £12.1m.
Bots remain top dangerous malicious code picked up on the internet despite steady decline during the second and third quarters of 2007.
“Botnets continue to grab headlines because of their massive scale and impact. The botnet crackdown in New Zealand is only tip of the iceberg. The majority of people with compromised computers do not even know their computers are being used for criminal activity. They themselves may not be financially affected but their computers are used to steal saleable personal data from others, or simply act as relays for spam and phishing”, said Dominic Hoskins, Panda Security UK.
Bots are operated by organized international cyber-crime groups and remain at the heart of botnets considered one of the most lucrative e-crime business models at the moment.
Bots first reach computers in emails that use social engineering and exploit system vulnerabilities. They then get installed silently and operate for long periods until they turn computers into zombies that become part of a larger network.
Dominic Hoskins said: “There is an underground market for renting bots to send spam or install spyware or adware and a zombie spam server will go for as little as £250”.
Botnets also flood websites with data to knock them offline. The launch of iPhone, for instance, was exploited by a botnet made up of over 7,500 zombie computers. In effect, users of infected computers were taken to a spoof “official” iPhone page and had their bank details exploited.
Bots have evolved over the last year and so the way they are controlled is changing too. Until now, most of them have been controlled through IRC servers, which was useful for controlling isolated computers and allowed attackers to send orders while hiding behind the anonymity of chat servers. Now, bots can be controlled through Web consoles using HTTP, which helps control many computers at the same time, and allows checking if and when computers are online or whether the commands have been executed correctly.
Bots can be best prevented by security solutions that rely on proactive technologies but companies are also strongly advised to carry out additional periodic online security audits³.
¹ Source: PandaLabs: Bots infection rate.
JANUARY 2007: 3.46%
FEBRUARY 2007: 3.43%
MARCH 2007: 3.58%
APRIL 2007: 3.28%
MAY 2007: 3.37%
JUNE 2007: 2.74%
JULY 2007: 2.32%
AUGUST 2007: 2.51%
SEPTEMBER 2007: 2.48%
OCTOBER 2007: 2.33%
NOVEMBER 2007: 2.25%
² Source: Bloomberg.com http://www.bloomberg.com/apps/news?pid=20601081&sid=aJga1tAIS7zM&refer=australia
³ Panda Security offers Malware Radar, the first exhaustive and automated online security audit service. Malware Radar relies on a new Collective Intelligence approach managed by PandaLabs. Collective Intelligence is based on exhaustive remote, centralized, and real-time knowledge about malware and non-malicious applications maintained through the automatic processing of all scanned elements. The Collective Intelligence approach provides the ability to maximize malware detection capabilities, while at the same time, minimizing the resource and bandwidth consumption of protected systems. One of the main benefits of this approach is the automation of the entire malware detection and protection cycle, including collection, analysis, classification and remediation. Collective Intelligence provides visibility and knowledge into the processes running on all of the computers scanned. This broad visibility of the community -- in addition to automation -- is what delivers the ability to tackle not only the large volumes of new malware, but also targeted attacks.
Panda Security warns that the number of malicious bots has declined in 2007 from 3.46% to 2.25%¹ but their high profile financial notoriety continues to cause significant damage as it was exposed in recent botnet crackdown in New Zealand².
The botnet took control over estimated 1.3 million computers and illegally embezzled £12.1m.
Bots remain top dangerous malicious code picked up on the internet despite steady decline during the second and third quarters of 2007.
“Botnets continue to grab headlines because of their massive scale and impact. The botnet crackdown in New Zealand is only tip of the iceberg. The majority of people with compromised computers do not even know their computers are being used for criminal activity. They themselves may not be financially affected but their computers are used to steal saleable personal data from others, or simply act as relays for spam and phishing”, said Dominic Hoskins, Panda Security UK.
Bots are operated by organized international cyber-crime groups and remain at the heart of botnets considered one of the most lucrative e-crime business models at the moment.
Bots first reach computers in emails that use social engineering and exploit system vulnerabilities. They then get installed silently and operate for long periods until they turn computers into zombies that become part of a larger network.
Dominic Hoskins said: “There is an underground market for renting bots to send spam or install spyware or adware and a zombie spam server will go for as little as £250”.
Botnets also flood websites with data to knock them offline. The launch of iPhone, for instance, was exploited by a botnet made up of over 7,500 zombie computers. In effect, users of infected computers were taken to a spoof “official” iPhone page and had their bank details exploited.
Bots have evolved over the last year and so the way they are controlled is changing too. Until now, most of them have been controlled through IRC servers, which was useful for controlling isolated computers and allowed attackers to send orders while hiding behind the anonymity of chat servers. Now, bots can be controlled through Web consoles using HTTP, which helps control many computers at the same time, and allows checking if and when computers are online or whether the commands have been executed correctly.
Bots can be best prevented by security solutions that rely on proactive technologies but companies are also strongly advised to carry out additional periodic online security audits³.
¹ Source: PandaLabs: Bots infection rate.
JANUARY 2007: 3.46%
FEBRUARY 2007: 3.43%
MARCH 2007: 3.58%
APRIL 2007: 3.28%
MAY 2007: 3.37%
JUNE 2007: 2.74%
JULY 2007: 2.32%
AUGUST 2007: 2.51%
SEPTEMBER 2007: 2.48%
OCTOBER 2007: 2.33%
NOVEMBER 2007: 2.25%
² Source: Bloomberg.com http://www.bloomberg.com/apps/news?pid=20601081&sid=aJga1tAIS7zM&refer=australia
³ Panda Security offers Malware Radar, the first exhaustive and automated online security audit service. Malware Radar relies on a new Collective Intelligence approach managed by PandaLabs. Collective Intelligence is based on exhaustive remote, centralized, and real-time knowledge about malware and non-malicious applications maintained through the automatic processing of all scanned elements. The Collective Intelligence approach provides the ability to maximize malware detection capabilities, while at the same time, minimizing the resource and bandwidth consumption of protected systems. One of the main benefits of this approach is the automation of the entire malware detection and protection cycle, including collection, analysis, classification and remediation. Collective Intelligence provides visibility and knowledge into the processes running on all of the computers scanned. This broad visibility of the community -- in addition to automation -- is what delivers the ability to tackle not only the large volumes of new malware, but also targeted attacks.
Is this the end of computer worms?
November 8, 2007
Worms, once responsible for some of the worst virus epidemics in history, are now on the decline and gradually fading into the background. Recent figures compiled by PandaLabs reveal that worms have been outnumbered by more notorious malicious code such as adware or trojans which currently present a combined consideration of approximately 49% of all detected infections.
In its latest malware audit obtained from the Panda ActiveScan online solution in October, worms scored only 8.31% having gradually weakened from 18.14% in November 2006 and 12.11% in January 2007¹. On the contrary, adware and trojans have kept their high corruption rate and now strengthened to an infection score of 25.97% and 23.37% respectively².
The gradual decrease in the number of worms has been down to the arrival of more effective strains of malware and a new strategic approach to malware attacks. The idea is now similar to a guerilla warfare whereby specific chunks of malware are created to attack specific networks or a company. While that form of malware can be incredibly effective and destructive to a targeted network, it ironically remains completely harmless to other networks.
Worms have advanced in terms of their sophistication but their prime focus remains the same. They continue to create havoc and panic but are usually motivated by nothing more than pure hate attacks. Dominic Hoskins, Panda Security UK, said: “Having computers brought to a standstill can result in significant financial losses to the victim but in fact this type of activity is no longer considered attractive and hugely beneficial by malware creators as it does not lead to financial gain for the perpetrators”.
Conversely, targeted guerilla attacks have been on the rise primarily fuelled by a shift in interests focused on malware dynamics. An ever increasing online reliance helped to nurture this new phenomenon which has now influenced malware mindset to the extent where notoriety has been completely played down by financial gain. In effect, the sole purpose of creating new malware is now financially led.
Dominic Hoskins commented: “Crashing computer networks might seem like an achievement but it proves less profitable to an individual than obtaining sensitive confidential information. Malware sophistication still remains the key to overcome AVs and firewalls but it is the new strategic approach to malware attacks that matters. This new approach is financially motivated and involves building malware from scratch for a specific target”.
Trojans have become popular due to their capacity to generate large profits through theft of information used for online fraud or by charging advertisers for sending spam by means of botnets. Adware, embodied by advertising banners, is home to the unscrupulous marketing companies that pay its creators to display unsolicited advertising.
¹ Source: PandaLabs: Worms infection rate.
October 2007: 8,31%
September 2007: 8,39%
August 2007: 8,23%
July 2007: 8,30%
June 2007: 8,71%
May 2007: 9,46%
April 2007: 8%
March 2007: 6%
February 2007: 6%
January 2007: 12,11%
December 2006: 16,16 %
November 2006: 18,14%
² Source: Panda ActiveScan: October 2008
Worms, once responsible for some of the worst virus epidemics in history, are now on the decline and gradually fading into the background. Recent figures compiled by PandaLabs reveal that worms have been outnumbered by more notorious malicious code such as adware or trojans which currently present a combined consideration of approximately 49% of all detected infections.
In its latest malware audit obtained from the Panda ActiveScan online solution in October, worms scored only 8.31% having gradually weakened from 18.14% in November 2006 and 12.11% in January 2007¹. On the contrary, adware and trojans have kept their high corruption rate and now strengthened to an infection score of 25.97% and 23.37% respectively².
The gradual decrease in the number of worms has been down to the arrival of more effective strains of malware and a new strategic approach to malware attacks. The idea is now similar to a guerilla warfare whereby specific chunks of malware are created to attack specific networks or a company. While that form of malware can be incredibly effective and destructive to a targeted network, it ironically remains completely harmless to other networks.
Worms have advanced in terms of their sophistication but their prime focus remains the same. They continue to create havoc and panic but are usually motivated by nothing more than pure hate attacks. Dominic Hoskins, Panda Security UK, said: “Having computers brought to a standstill can result in significant financial losses to the victim but in fact this type of activity is no longer considered attractive and hugely beneficial by malware creators as it does not lead to financial gain for the perpetrators”.
Conversely, targeted guerilla attacks have been on the rise primarily fuelled by a shift in interests focused on malware dynamics. An ever increasing online reliance helped to nurture this new phenomenon which has now influenced malware mindset to the extent where notoriety has been completely played down by financial gain. In effect, the sole purpose of creating new malware is now financially led.
Dominic Hoskins commented: “Crashing computer networks might seem like an achievement but it proves less profitable to an individual than obtaining sensitive confidential information. Malware sophistication still remains the key to overcome AVs and firewalls but it is the new strategic approach to malware attacks that matters. This new approach is financially motivated and involves building malware from scratch for a specific target”.
Trojans have become popular due to their capacity to generate large profits through theft of information used for online fraud or by charging advertisers for sending spam by means of botnets. Adware, embodied by advertising banners, is home to the unscrupulous marketing companies that pay its creators to display unsolicited advertising.
¹ Source: PandaLabs: Worms infection rate.
October 2007: 8,31%
September 2007: 8,39%
August 2007: 8,23%
July 2007: 8,30%
June 2007: 8,71%
May 2007: 9,46%
April 2007: 8%
March 2007: 6%
February 2007: 6%
January 2007: 12,11%
December 2006: 16,16 %
November 2006: 18,14%
² Source: Panda ActiveScan: October 2008
Panda launches GateDefender Performa 3.0: personalized protection for companies of all sizes
October 30, 2007
Panda Security has launched Panda GateDefender Performa 3.0, the new version of its content security appliance for companies of all sizes. The major new feature is the option to set user profiles, which enables administrators to configure security according to the needs of specific workers or departments.
“There are always varying security needs within companies. The types of websites accessed or files and data types sent and received will differ from one department to another. With this new solution, administrators can provide user groups or individuals with protection that adapts perfectly to their specific needs,” explains Alejandro Castañar, Product Manager for security appliances at Panda Security.
Panda GateDefender Performa 3.0 is designed for installation in any network, with no need for configuring or redirecting network traffic. It offers complete corporate protection, blocking malware, spam and malicious or inappropriate content before it enters the network. It does this through scanning of the most common protocols (HTTP, FTP, SMTP, POP3, IMAP4 and NNTP). It can also prevent the use of high-risk applications such as instant messaging and peer-to-peer programs.
“Malware, spam, inappropriate content, instant messaging and peer-to-peer programs are all notorious time-wasters for employees and saturate network resources. A solution like Panda GateDefender Performa 3.0 doesn’t just protect companies, it also helps them become more efficient and productive, as it keeps these malicious and time-wasting elements out of the network,” says Castañar.
Moreover, Panda GateDefender Performa 3.0 ensures that all relevant information will be received, through an innovative system using three separate quarantines:
Quarantine for suspect or non-disinfectable malware.
Quarantine for spam or probable spam
Quarantine for content blocked by the corporate security policy
There is also the option of a direct connection with PandaLabs to detect new malware, create vaccines automatically. The system also allows for items to be recovered or disinfected automatically and forwarded to the recipient without intervention from administrators.
According to Castañar: “This technology ensures that only secure content reaches the interior of the network and with a minimal impact on the network.”
Panda GateDefender Performa provides information to administrators about the status of protection and network activity (items blocked, network viruses, users most frequently targeted etc.). This data is provided in real-time in the form of graphs, offering considerable time saving for administrators.
This new appliance from Panda offers five different types of protection:
- Anti-malware protection: Detects and blocks all types of Internet-borne malicious code before it reaches the corporate network. Files containing unknown or non-disinfectable malware can be stored in a special quarantine and eliminated later.
- Content filtering: Allows administrators to establish a corporate security policy to filter out potentially dangerous content, and prevent confidential or personal data from leaving the company.
- Anti-spam protection: Verifies all inbound and outbound mail. Every message is classified as Spam, Probable spam or Not spam. The sensitivity of the anti-spam filter can also be adapted to each network user. Eliminating junk mail in the network perimeter improves network performance and boosts user productivity.
- Web filtering: Administrators define the categories of inappropriate Web content. They can also establish white lists and blacklists of restricted or permitted pages. This optimizes resource usage and improves user productivity. It also shuts down access to offensive, violent or any other inappropriate content.
- Blocking of P2P and IM applications: Peer-to-peer applications eat up corporate bandwidth and represent an important security hole as files are often divided in small packets and cannot be scanned. Instant messaging also affects productivity as it is frequently used for personal ends by workers. Panda GateDefender Performa can block these kinds of applications from within the corporate network.
Panda Security has launched Panda GateDefender Performa 3.0, the new version of its content security appliance for companies of all sizes. The major new feature is the option to set user profiles, which enables administrators to configure security according to the needs of specific workers or departments.
“There are always varying security needs within companies. The types of websites accessed or files and data types sent and received will differ from one department to another. With this new solution, administrators can provide user groups or individuals with protection that adapts perfectly to their specific needs,” explains Alejandro Castañar, Product Manager for security appliances at Panda Security.
Panda GateDefender Performa 3.0 is designed for installation in any network, with no need for configuring or redirecting network traffic. It offers complete corporate protection, blocking malware, spam and malicious or inappropriate content before it enters the network. It does this through scanning of the most common protocols (HTTP, FTP, SMTP, POP3, IMAP4 and NNTP). It can also prevent the use of high-risk applications such as instant messaging and peer-to-peer programs.
“Malware, spam, inappropriate content, instant messaging and peer-to-peer programs are all notorious time-wasters for employees and saturate network resources. A solution like Panda GateDefender Performa 3.0 doesn’t just protect companies, it also helps them become more efficient and productive, as it keeps these malicious and time-wasting elements out of the network,” says Castañar.
Moreover, Panda GateDefender Performa 3.0 ensures that all relevant information will be received, through an innovative system using three separate quarantines:
Quarantine for suspect or non-disinfectable malware.
Quarantine for spam or probable spam
Quarantine for content blocked by the corporate security policy
There is also the option of a direct connection with PandaLabs to detect new malware, create vaccines automatically. The system also allows for items to be recovered or disinfected automatically and forwarded to the recipient without intervention from administrators.
According to Castañar: “This technology ensures that only secure content reaches the interior of the network and with a minimal impact on the network.”
Panda GateDefender Performa provides information to administrators about the status of protection and network activity (items blocked, network viruses, users most frequently targeted etc.). This data is provided in real-time in the form of graphs, offering considerable time saving for administrators.
This new appliance from Panda offers five different types of protection:
- Anti-malware protection: Detects and blocks all types of Internet-borne malicious code before it reaches the corporate network. Files containing unknown or non-disinfectable malware can be stored in a special quarantine and eliminated later.
- Content filtering: Allows administrators to establish a corporate security policy to filter out potentially dangerous content, and prevent confidential or personal data from leaving the company.
- Anti-spam protection: Verifies all inbound and outbound mail. Every message is classified as Spam, Probable spam or Not spam. The sensitivity of the anti-spam filter can also be adapted to each network user. Eliminating junk mail in the network perimeter improves network performance and boosts user productivity.
- Web filtering: Administrators define the categories of inappropriate Web content. They can also establish white lists and blacklists of restricted or permitted pages. This optimizes resource usage and improves user productivity. It also shuts down access to offensive, violent or any other inappropriate content.
- Blocking of P2P and IM applications: Peer-to-peer applications eat up corporate bandwidth and represent an important security hole as files are often divided in small packets and cannot be scanned. Instant messaging also affects productivity as it is frequently used for personal ends by workers. Panda GateDefender Performa can block these kinds of applications from within the corporate network.
Corporate malware on the rise
25 October, 2007
PandaLabs alerts that almost 72% percent of companies with more than 100 computers have active malware on their networks.
The data was collected between May and July, 2007, and consisted of more than 1,200 firms with security solutions installed.
The aim of the study was to uncover the number of ‘protected’ corporate computers, revealing that they are indeed infected and that in majority of cases their owners are not even aware of it.
The study also analysed the type of protection installed on infected computers and its effectiveness relative to malware detection. It revealed that systems protected by Computer Associates had the highest infection rate of 4.55%, which was then closely matched by Trend Micro with 4.3%. Symantec had a rate of 2.8% of infected systems and McAfee 2.28%. Panda outperformed its competitors by a mile with a score of 0.73%.
“The dramatic increase in the amount of malware in circulation can be explained by a shift of interests among malware creators. They are no longer interested in causing general havoc but completely focus on financial benefits. Although traditional security solutions do protect, in the wake of constant malware sophistication these must be complemented with online periodic audits, which, like Malware Radar, are able to detect even the malware that goes undetected by installed protection,” explains Pedro Bustamante, Senior Research Advisor at Panda Security.
Adware is the top malware on corporate networks (63.04%) followed by Trojans accounting for 12.57% of malicious code. Corporate PCs have also faced a significant increase in banker Trojans and Rootkits, which are designed to conceal malicious activities.
In the wake of this increasing threat, Panda Security has developed a new security model based on ‘Collective Intelligence’. This system is based on the collection of information on newly created malware from the Internet community and the automated processing of this data in Panda’s new data laboratories. This is correlated and leveraged to offer greater detection and improved security for clients.
PandaLabs’ report can be downloaded from:
http://www.pandasecurity.com/enterprise/downloads/white-papers/?sitepanda=particulares
PandaLabs alerts that almost 72% percent of companies with more than 100 computers have active malware on their networks.
The data was collected between May and July, 2007, and consisted of more than 1,200 firms with security solutions installed.
The aim of the study was to uncover the number of ‘protected’ corporate computers, revealing that they are indeed infected and that in majority of cases their owners are not even aware of it.
The study also analysed the type of protection installed on infected computers and its effectiveness relative to malware detection. It revealed that systems protected by Computer Associates had the highest infection rate of 4.55%, which was then closely matched by Trend Micro with 4.3%. Symantec had a rate of 2.8% of infected systems and McAfee 2.28%. Panda outperformed its competitors by a mile with a score of 0.73%.
“The dramatic increase in the amount of malware in circulation can be explained by a shift of interests among malware creators. They are no longer interested in causing general havoc but completely focus on financial benefits. Although traditional security solutions do protect, in the wake of constant malware sophistication these must be complemented with online periodic audits, which, like Malware Radar, are able to detect even the malware that goes undetected by installed protection,” explains Pedro Bustamante, Senior Research Advisor at Panda Security.
Adware is the top malware on corporate networks (63.04%) followed by Trojans accounting for 12.57% of malicious code. Corporate PCs have also faced a significant increase in banker Trojans and Rootkits, which are designed to conceal malicious activities.
In the wake of this increasing threat, Panda Security has developed a new security model based on ‘Collective Intelligence’. This system is based on the collection of information on newly created malware from the Internet community and the automated processing of this data in Panda’s new data laboratories. This is correlated and leveraged to offer greater detection and improved security for clients.
PandaLabs’ report can be downloaded from:
http://www.pandasecurity.com/enterprise/downloads/white-papers/?sitepanda=particulares
Panda Security and Commtouch Sign Licensing Deal
23 October, 2007
Panda Security and Commtouch® (NASDAQ: CTCH) announced today that they have signed a licensing agreement to add Commtouch’s Anti-Spam technology to Panda’s TrustLayer Mail.
“We chose Commtouch’s Anti-Spam solution because our TrustLayer Mail service guarantees spam detection ratios of more than 98%, and Commtouch can help us achieve this,” said Jose Antonio López, Corporate Solutions Director at Panda Security.
Commtouch’s Anti-Spam engine is based on Recurrent Pattern Detection™ (RPD™), a content-agnostic technology that detects and blocks spam in any language. RPD analyzes large volumes of Internet traffic in real-time, recognizing and protecting against new spam outbreaks the moment they emerge.
TrustLayer Mail customers include Internet service providers, application service providers and telecommunications operators. TrustLayer provides 24x7 managed services, guaranteeing clean mail with antivirus, anti-spam, mail continuity and content filtering. TrustLayer Mail service quality is backed by an SLA (Service Level Agreement) to guarantee clients’ email is 100% virus-free.
“Panda Security’s customers require consistent, high-level performance from their TrustLayer Mail services, and we’re pleased that Commtouch’s Anti-Spam solution is being used to exceed their expectations,” said Ronni Zehavi, Commtouch Vice President of International Business Development. “We see this agreement as the first step of a long-term cooperative relationship between Panda and Commtouch.”
Panda Security and Commtouch® (NASDAQ: CTCH) announced today that they have signed a licensing agreement to add Commtouch’s Anti-Spam technology to Panda’s TrustLayer Mail.
“We chose Commtouch’s Anti-Spam solution because our TrustLayer Mail service guarantees spam detection ratios of more than 98%, and Commtouch can help us achieve this,” said Jose Antonio López, Corporate Solutions Director at Panda Security.
Commtouch’s Anti-Spam engine is based on Recurrent Pattern Detection™ (RPD™), a content-agnostic technology that detects and blocks spam in any language. RPD analyzes large volumes of Internet traffic in real-time, recognizing and protecting against new spam outbreaks the moment they emerge.
TrustLayer Mail customers include Internet service providers, application service providers and telecommunications operators. TrustLayer provides 24x7 managed services, guaranteeing clean mail with antivirus, anti-spam, mail continuity and content filtering. TrustLayer Mail service quality is backed by an SLA (Service Level Agreement) to guarantee clients’ email is 100% virus-free.
“Panda Security’s customers require consistent, high-level performance from their TrustLayer Mail services, and we’re pleased that Commtouch’s Anti-Spam solution is being used to exceed their expectations,” said Ronni Zehavi, Commtouch Vice President of International Business Development. “We see this agreement as the first step of a long-term cooperative relationship between Panda and Commtouch.”
Entensys Corporation and Panda Security announce Technology partnership
19 October, 2007
Entensys Corporation has announced a technology partnership with Panda Security to provide antivirus scanning functionality for its UserGate proxy server and future products.
UserGate provides a complete gateway traffic control that now includes Panda Antivirus protection.
The Panda antivirus engine is integrated into UserGate Proxy so that Panda Security works as a filter intercepting all data transferred through various Internet protocols. From all traffic it selects only those objects which are subject to control and analyzes them for viruses and spyware.
“The combination of Panda Antivirus engine with UserGate Internet Security server provides users with an extremely high-performance software solution for protecting and managing their Internet access," said Alexander Levchenko, President of Entensys Corporation. “Entensys offers customers a comprehensive, high-performance all-in-one solution to secure small and medium-size networks, including a built-in firewall, web filtering, user access control, antivirus and antispyware functionality."
“This agreement allows Panda Security to offer its technology to a greater number of customers, providing them with highly effective protection now available in collaboration with Entensys” said José Antonio López, Director of Corporate Solutions at Panda Security.
Entensys Corporation has announced a technology partnership with Panda Security to provide antivirus scanning functionality for its UserGate proxy server and future products.
UserGate provides a complete gateway traffic control that now includes Panda Antivirus protection.
The Panda antivirus engine is integrated into UserGate Proxy so that Panda Security works as a filter intercepting all data transferred through various Internet protocols. From all traffic it selects only those objects which are subject to control and analyzes them for viruses and spyware.
“The combination of Panda Antivirus engine with UserGate Internet Security server provides users with an extremely high-performance software solution for protecting and managing their Internet access," said Alexander Levchenko, President of Entensys Corporation. “Entensys offers customers a comprehensive, high-performance all-in-one solution to secure small and medium-size networks, including a built-in firewall, web filtering, user access control, antivirus and antispyware functionality."
“This agreement allows Panda Security to offer its technology to a greater number of customers, providing them with highly effective protection now available in collaboration with Entensys” said José Antonio López, Director of Corporate Solutions at Panda Security.
Panda Security for Internet Transactions: a service to secure online transactions
16 October, 2007
Panda Security has launched Panda Security for Internet Transactions, an antifraud service for online transactions to protect clients of e-banking, pay-platforms and e-commerce against active malware.
Banks and businesses will be able to scan PCs to ensure that users launching transactions on their websites are not affected by any malicious code. This eliminates the risk of passwords being stolen or other fraudulent operations.
“Fraud and online theft are realities that are currently responsible for considerable financial losses for users as well as banks and other companies that operate transactions over the Internet with clients. In 2007, online fraud has grown 39.71 percent with respect to 2006, highlighting the alarming expansion of this threat”, warns Jose Antonio Lopez, Director of Corporate Solutions at Panda Security.
Panda Security for Internet Transactions protects against these dangers. This service will enable banks and companies to reduce losses through online fraud and react rapidly to malware that specifically targets them, as this product also includes specialized protection against targeted attacks. It also offers benefits for users of online banking and e-commerce services, as they will be able to perform online transactions with peace of mind.
“By ensuring that users, the weakest link in the security chain, are protected, consumer confidence in online transactions will grow rapidly”, affirms Lopez.
Panda Security for Internet Transactions can be fully configured by banks or companies. Options include making the application visible to users, customizing the design, specifying the situations in which clients will be prevented from accessing the website, etc.
“For example, if the system detects that a user is infected with a Trojan that does not pose a threat to the transaction, the user can be allowed to access the website, and administrators can decide whether or not to advise the users that the computer is infected”, explains Lopez.
Banks and business that contract this service can also decide how to perform the scan on clients’ PCs. They can force them to run a scan before entering their details, or include it as a voluntary option. The scan can also be run after the user identification process, on an intermediate web page, or on all the pages that the company chooses. All these parameters are managed and configured through a web console.
Clients of Panda Security for Internet Transactions will also have a direct line to PandaLabs, the malware scanning and detection laboratory at Panda, so product updates will be immediate should a new malicious code appear that targets the specific company.
Scanning takes place in real-time and is imperceptible to users, who can continue to use the Internet without any problems. All that is required is the installation of a small ActiveX control the first time the PC is scanned. The product is compatible with both the Internet Explorer and Firefox browsers.
Panda Security for Internet Transactions detects more than two million malicious codes, and benefits from the new security focus from Panda, called “collective intelligence”. This system is based on the collection of information concerning malware from the Internet community and the automated processing of this data in new data centers. This is correlated and leveraged to offer greater detection and improved security for clients.
Panda Security has launched Panda Security for Internet Transactions, an antifraud service for online transactions to protect clients of e-banking, pay-platforms and e-commerce against active malware.
Banks and businesses will be able to scan PCs to ensure that users launching transactions on their websites are not affected by any malicious code. This eliminates the risk of passwords being stolen or other fraudulent operations.
“Fraud and online theft are realities that are currently responsible for considerable financial losses for users as well as banks and other companies that operate transactions over the Internet with clients. In 2007, online fraud has grown 39.71 percent with respect to 2006, highlighting the alarming expansion of this threat”, warns Jose Antonio Lopez, Director of Corporate Solutions at Panda Security.
Panda Security for Internet Transactions protects against these dangers. This service will enable banks and companies to reduce losses through online fraud and react rapidly to malware that specifically targets them, as this product also includes specialized protection against targeted attacks. It also offers benefits for users of online banking and e-commerce services, as they will be able to perform online transactions with peace of mind.
“By ensuring that users, the weakest link in the security chain, are protected, consumer confidence in online transactions will grow rapidly”, affirms Lopez.
Panda Security for Internet Transactions can be fully configured by banks or companies. Options include making the application visible to users, customizing the design, specifying the situations in which clients will be prevented from accessing the website, etc.
“For example, if the system detects that a user is infected with a Trojan that does not pose a threat to the transaction, the user can be allowed to access the website, and administrators can decide whether or not to advise the users that the computer is infected”, explains Lopez.
Banks and business that contract this service can also decide how to perform the scan on clients’ PCs. They can force them to run a scan before entering their details, or include it as a voluntary option. The scan can also be run after the user identification process, on an intermediate web page, or on all the pages that the company chooses. All these parameters are managed and configured through a web console.
Clients of Panda Security for Internet Transactions will also have a direct line to PandaLabs, the malware scanning and detection laboratory at Panda, so product updates will be immediate should a new malicious code appear that targets the specific company.
Scanning takes place in real-time and is imperceptible to users, who can continue to use the Internet without any problems. All that is required is the installation of a small ActiveX control the first time the PC is scanned. The product is compatible with both the Internet Explorer and Firefox browsers.
Panda Security for Internet Transactions detects more than two million malicious codes, and benefits from the new security focus from Panda, called “collective intelligence”. This system is based on the collection of information concerning malware from the Internet community and the automated processing of this data in new data centers. This is correlated and leveraged to offer greater detection and improved security for clients.
UK has least active malware in Europe
26 September 2007
According to recent data gathered at the Infected or Not website (http://www.infectedornot.com/.infectedornot.com/), UK has the lowest rate of computers infected with active malware, 8.65%, but it still maintains a high number of computers infected by latent malware, 24.94% (not running when the scan was carried out).
Panda Security reports that 18.92% of worldwide users that used its online tools, NanoScan and TotalScan, had active malware on their computers and 24.14% of PCs had latent malware.
France was the country with most computers containing active malware, 28.21% (infections per country can be seen on the website). Spain on the other hand, was the country with most computers infected by latent malware, 29.10%.
Country PCs with active malware PCs with latent malware
Germany; 11.02 %; 15.96 %
Argentina ; 17.41 %; 26.01 %
Brazil; 18.01 %; 19.05 %
Spain; 16.30 %; 29.10 %
Italy; 14.18 %; 21.11 %
France; 28.21 %; 18.09 %
Mexico; 23.12 %; 27.28 %
UK; 8.65 %; 20.75 %
USA; 17.87 %; 24.94 %
Source: Infected or Not (http://www.infectedornot.com/)
According to recent data gathered at the Infected or Not website (http://www.infectedornot.com/.infectedornot.com/), UK has the lowest rate of computers infected with active malware, 8.65%, but it still maintains a high number of computers infected by latent malware, 24.94% (not running when the scan was carried out).
Panda Security reports that 18.92% of worldwide users that used its online tools, NanoScan and TotalScan, had active malware on their computers and 24.14% of PCs had latent malware.
France was the country with most computers containing active malware, 28.21% (infections per country can be seen on the website). Spain on the other hand, was the country with most computers infected by latent malware, 29.10%.
Country PCs with active malware PCs with latent malware
Germany; 11.02 %; 15.96 %
Argentina ; 17.41 %; 26.01 %
Brazil; 18.01 %; 19.05 %
Spain; 16.30 %; 29.10 %
Italy; 14.18 %; 21.11 %
France; 28.21 %; 18.09 %
Mexico; 23.12 %; 27.28 %
UK; 8.65 %; 20.75 %
USA; 17.87 %; 24.94 %
Source: Infected or Not (http://www.infectedornot.com/)
Dixons to stock Panda software following Europe-wide deal
12 September, 2007
The growing reputation of Panda Security has received a huge boost following the announcement that Dixons Stores Group International (DSGI) is to stock its range of software throughout the UK and Europe and in the 27 countries that it serves online.
The deal, negotiated by Formjet plc, which markets, distributes and supports Panda products in the UK, means that Panda’s range of products, including the popular titles Panda Internet Security and Panda Anti-Virus, will be sold in up to 1400 stores, including PC World.
This is a breakthrough agreement for Panda, which will enable it to significantly strengthen its brand, profile and competitiveness. The size and scale of the deal highlights Panda’s strong credentials as one of the world’s leading suppliers of security software and provides a sizeable springboard for further sales growth.
Highlights:
- The full Panda home user and SME range of IT security software will be available from PC World and PC City stores
- Deal represents a significant breakthrough for Panda in traditional IT retailing
- Panda’s brand awareness boosted as agreement opens door for it to compete directly on the shop floor with security software rivals
- This further demonstrates Formjet’s ability to secure contracts with large blue chip companies following recent deals with Tesco, Woolworths and Jungle247
- There is now an opportunity to build relationships to sell other Formjet products through DSGI
The combination of increased shop floor and online presence throughout DSGI’s stores will significantly boost the Panda brand both domestically and internationally. By opening up such a large scale sales channel Panda is now strongly placed to vie with its competitors and further grow its customer base.
Importantly for Panda, PC World has previously restricted its security software range to competitors Norton and McAfee. The fact that it has opened its doors to Panda software highlights the strength of its software range as well as providing a significant new route to the market.
The Panda Security International model of local country partners was an important element of Panda UK gaining the contract, as it will be able to offer localised customer support from the country in which it is sold.
Ingram Micro will handle the Europe-wide distribution of Panda’s products to DSGI’s stores. They will also distribute other Formjet products.
David Johnson, Head of International Buying Software at DSGI, said: “Panda has proven award-winning technology and is a welcome addition, that helps broaden our range proposition.”
Simon Hallworth, sales director at Formjet, said: “We are delighted that Panda has won this order with such a high profile customer. DSGI will provide a high level of exposure for Panda’s products while this deal provides the perfect springboard to further grow the brand in the UK and internationally.
“At Formjet we will continue to focus on growing traditional sales routes for our premium products as well as growing our white label business. The fact that we have added yet another high profile blue-chip company to our client base highlights the continued momentum we are building at the company.”
For more information: http://www.formjetplc.com/
90% mail received by businesses in August was spam
10 September, 2007
According to data compiled by TrustLayer Mail, the managed security service from Panda Security, almost as much as 87.49 percent of email that reached businesses in August was spam.
This data concurs with observations from previous months, where spam percentages have also been around 90 percent.
“Junk mail has become a damaging plague for companies who suffer very serious effects of lost productivity, and an unnecessary drain on networked resources”, confirms Luis Corrons, Technical Director of PandaLabs.
In terms of spam messages infected by malicious code, once again the Netsky.P worm was the most frequently detected culprit. Similarly, there was a significant number of emails containing downloader Trojans, that is, those designed to download malware onto computers.
“The majority of infected messages detected by our solution contained email worms. This type of malicious code is extremely damaging to companies as it saturates corporate servers”, says Corrons.
The Panda Security service blocks threats arriving via email before they reach companies’ mailboxes and ensures that e-mail is virus-free.
Panda Security’s TrustLayer Mail includes technology that combines signature-based protection with a system for consulting a global network of continuously updated security servers. The application of this system helps detect 98.5 percent of all spam and returns a false positive ratio of just 1 in every 27,905 messages processed. This data has been compiled from the networks protected by TrustLayer Mail during the solution’s trial phase.
The TrustLayer system architecture offers has been designed to offer maximum availability (99.99%) to ensure an uninterrupted message delivery service. It is supported by a team of experts, day and night, monitoring the 24x7 mail service and resolving any incidents.
The service is provided from one of the Managed Data Centers of Spain’s largest telecoms Telefonica.
More information on TrustLayer Mail is available at: http://www.pandasecurity.com/trustlayer/default.asp
According to data compiled by TrustLayer Mail, the managed security service from Panda Security, almost as much as 87.49 percent of email that reached businesses in August was spam.
This data concurs with observations from previous months, where spam percentages have also been around 90 percent.
“Junk mail has become a damaging plague for companies who suffer very serious effects of lost productivity, and an unnecessary drain on networked resources”, confirms Luis Corrons, Technical Director of PandaLabs.
In terms of spam messages infected by malicious code, once again the Netsky.P worm was the most frequently detected culprit. Similarly, there was a significant number of emails containing downloader Trojans, that is, those designed to download malware onto computers.
“The majority of infected messages detected by our solution contained email worms. This type of malicious code is extremely damaging to companies as it saturates corporate servers”, says Corrons.
The Panda Security service blocks threats arriving via email before they reach companies’ mailboxes and ensures that e-mail is virus-free.
Panda Security’s TrustLayer Mail includes technology that combines signature-based protection with a system for consulting a global network of continuously updated security servers. The application of this system helps detect 98.5 percent of all spam and returns a false positive ratio of just 1 in every 27,905 messages processed. This data has been compiled from the networks protected by TrustLayer Mail during the solution’s trial phase.
The TrustLayer system architecture offers has been designed to offer maximum availability (99.99%) to ensure an uninterrupted message delivery service. It is supported by a team of experts, day and night, monitoring the 24x7 mail service and resolving any incidents.
The service is provided from one of the Managed Data Centers of Spain’s largest telecoms Telefonica.
More information on TrustLayer Mail is available at: http://www.pandasecurity.com/trustlayer/default.asp
Panda Security launches the Targeted Attack Alert Service to help protect online banks and businesses against growing cyber threat
10 September, 2007
PandaLabs, Panda’s laboratory, provides clients of the service with detailed forensic reports about any attack and its security implications.
Panda Security has launched its Targeted Attack Alert Service. The service will fight cyber attacks that use malware especially designed to target specific online businesses, which has recently become one of the most dangerous Internet threats. The Web is now a breeding ground for a variety of fraudulent and criminal activity, including theft, identity spoofing or industrial espionage.
The most dangerous attacks are those using banker Trojans, designed to steal confidential bank details, credit card numbers, etc. The additional danger is that they are designed to target specific companies, either directly or by stealing their clients’ personal data, then used to make fraudulent transactions.
In 2006, Trojans accounted for 53 percent of all new malware created, and 20 percent of these were banker Trojans. So far in 2007, there has already been almost 40 percent more attacks than in the whole of 2006.
Panda’s Targeted Attack Alert Service is aimed at the financial sector and online businesses (payment platforms, e-commerce, etc.) and is provided directly by the Antifraud Surveillance Department at PandaLabs. This department is able to monitor the evolution of malicious code, through five million behavioral analysis sensors deployed across more than 150 countries.
Panda’s laboratory also has a network of hidden ‘honeypots’ distributed across cyber-space and a centralized online malware detection and processing service. This allows PandaLabs to detect rapidly any new targeted attack that occurs, and immediately inform the companies involved. This in turn allows banks and companies to take appropriate mitigating action, and prevent catastrophes that could affect millions of clients.
As part of this service, PandaLabs will provide companies with proactive information to help them understand the extent of the attack and its consequences. It will also advise on how to achieve optimum protection.
The Targeted Attack Alert Service operates as follows: all file samples received at PandaLabs are analyzed manually and/or automatically to establish whether they could affect the client. If malware is found, a laboratory technician will analyze how it operates.
If it is deemed to be a real threat, it will be completely analyzed. A fully comprehensive Forensic Report is generated and delivered to the client, detailing the identity of the sample, its monitoring techniques, the methods it uses to capture and steal information, the system it uses to steal data, information where it stores stolen data, the detection routine, observations from the analysis (such as country of origin), the URLs it monitors, the methods it uses to infect the host system, screens it shows, and many more.
The Forensic Report prepared by PandaLabs includes all the characteristics of each attack: malware involved, company under attack, strings detected in the code, technical data, effects and consequences, modus operandi, potential victims, symptoms, etc. This allows the company to better protect itself and its clients.
“Some of the benefits that this service offers to companies in the financial sector include proactive risk management to counter identity theft, identification of compromised users and control of online fraud”, explains Luis Corrons, Technical Director of PandaLabs.
Sales model
The Targeted Attack Alert Service is sold as both an annual subscription and as report packs.
PandaLabs, Panda’s laboratory, provides clients of the service with detailed forensic reports about any attack and its security implications.
Panda Security has launched its Targeted Attack Alert Service. The service will fight cyber attacks that use malware especially designed to target specific online businesses, which has recently become one of the most dangerous Internet threats. The Web is now a breeding ground for a variety of fraudulent and criminal activity, including theft, identity spoofing or industrial espionage.
The most dangerous attacks are those using banker Trojans, designed to steal confidential bank details, credit card numbers, etc. The additional danger is that they are designed to target specific companies, either directly or by stealing their clients’ personal data, then used to make fraudulent transactions.
In 2006, Trojans accounted for 53 percent of all new malware created, and 20 percent of these were banker Trojans. So far in 2007, there has already been almost 40 percent more attacks than in the whole of 2006.
Panda’s Targeted Attack Alert Service is aimed at the financial sector and online businesses (payment platforms, e-commerce, etc.) and is provided directly by the Antifraud Surveillance Department at PandaLabs. This department is able to monitor the evolution of malicious code, through five million behavioral analysis sensors deployed across more than 150 countries.
Panda’s laboratory also has a network of hidden ‘honeypots’ distributed across cyber-space and a centralized online malware detection and processing service. This allows PandaLabs to detect rapidly any new targeted attack that occurs, and immediately inform the companies involved. This in turn allows banks and companies to take appropriate mitigating action, and prevent catastrophes that could affect millions of clients.
As part of this service, PandaLabs will provide companies with proactive information to help them understand the extent of the attack and its consequences. It will also advise on how to achieve optimum protection.
The Targeted Attack Alert Service operates as follows: all file samples received at PandaLabs are analyzed manually and/or automatically to establish whether they could affect the client. If malware is found, a laboratory technician will analyze how it operates.
If it is deemed to be a real threat, it will be completely analyzed. A fully comprehensive Forensic Report is generated and delivered to the client, detailing the identity of the sample, its monitoring techniques, the methods it uses to capture and steal information, the system it uses to steal data, information where it stores stolen data, the detection routine, observations from the analysis (such as country of origin), the URLs it monitors, the methods it uses to infect the host system, screens it shows, and many more.
The Forensic Report prepared by PandaLabs includes all the characteristics of each attack: malware involved, company under attack, strings detected in the code, technical data, effects and consequences, modus operandi, potential victims, symptoms, etc. This allows the company to better protect itself and its clients.
“Some of the benefits that this service offers to companies in the financial sector include proactive risk management to counter identity theft, identification of compromised users and control of online fraud”, explains Luis Corrons, Technical Director of PandaLabs.
Sales model
The Targeted Attack Alert Service is sold as both an annual subscription and as report packs.
PandaLabs analyses the new models of cyber-crime in its Q2-2007 report
5 September, 2007
The increase in malicious code and illegal activity on the Web has caused the creation of a malware black-market and a new type of highly specialized and professional cyber-criminals
PandaLabs’ report on malware activity in the second quarter of 2007 takes a close look at the new criminal business models on the Web. This report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
“In recent months we have witnessed the growing professionalization of digital crime. The first step for cyber-crooks was when they started looking for profits from their activity instead of just notoriety. Now they are creating a vast online malware market, where there are even specialized segments. New business models are appearing, as we speak”, explains Luis Corrons, Technical Director of PandaLabs.
In this new market there are criminals specialized in creating malicious code, with some dedicated to distributing them and others simply renting them out. As with any established market, there is now even competition between vendors of tools and services.
One of these new illicit businesses is the generation and sale of specific tools for cyber-crooks, allowing them to build malware, or even manage botnets, etc. PandaLabs has dedicated part of its quarterly report to an analysis of the type of tools that allow malware to be distributed using exploits. Criminals use these tools to take advantage of design flaws in web pages, manipulating the site and infecting users.
The PandaLabs report offers several examples of the prices being paid on the Internet for the products and services traded between cyber-crooks. Contracting a denial of service attack can cost between £5 and £10 per hour, while a spam server can be rented for £250 a day and a list of 32 million email accounts fetches around £750, according to the anti-malware laboratory at Panda Security.
“With the data we have, we can even confirm that there are people online selling official documentation such as passports, work permits, etc.”, says Luis Corrons.
This full report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
The increase in malicious code and illegal activity on the Web has caused the creation of a malware black-market and a new type of highly specialized and professional cyber-criminals
PandaLabs’ report on malware activity in the second quarter of 2007 takes a close look at the new criminal business models on the Web. This report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
“In recent months we have witnessed the growing professionalization of digital crime. The first step for cyber-crooks was when they started looking for profits from their activity instead of just notoriety. Now they are creating a vast online malware market, where there are even specialized segments. New business models are appearing, as we speak”, explains Luis Corrons, Technical Director of PandaLabs.
In this new market there are criminals specialized in creating malicious code, with some dedicated to distributing them and others simply renting them out. As with any established market, there is now even competition between vendors of tools and services.
One of these new illicit businesses is the generation and sale of specific tools for cyber-crooks, allowing them to build malware, or even manage botnets, etc. PandaLabs has dedicated part of its quarterly report to an analysis of the type of tools that allow malware to be distributed using exploits. Criminals use these tools to take advantage of design flaws in web pages, manipulating the site and infecting users.
The PandaLabs report offers several examples of the prices being paid on the Internet for the products and services traded between cyber-crooks. Contracting a denial of service attack can cost between £5 and £10 per hour, while a spam server can be rented for £250 a day and a list of 32 million email accounts fetches around £750, according to the anti-malware laboratory at Panda Security.
“With the data we have, we can even confirm that there are people online selling official documentation such as passports, work permits, etc.”, says Luis Corrons.
This full report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
Trojans and adware the worst threats in August
According to data from the Panda ActiveScan online antivirus solution, Trojans and adware were the most active threats in August. Specifically, they were responsible for 25.92% and 24.81% respectively of all infections detected. This once again underlines the strategy of cyber-criminals to use this type of malicious code for financial gain.
Worms, responsible for over eight percent of infections, were the third most active type of malware. The other types of malicious code to attack users' systems were backdoors (3.59%) dialers (3.03%), spyware (2.96%) and bots (2.51%).
“The figures in August are similar to those observed in July, suggesting that the prime financial motive of malware creators is unchanged”, explains Luis Corrons, technical director of PandaLabs, who adds: “The versatility of Trojans makes them ideal for this purpose. It’s therefore no surprise that these threats head the ranking of the most active threats”.
With respect to the specific strains of malware that were most active last month, in first place comes Downloader.MDW. This malicious code downloads other malware onto compromised computers. Second and third places in the list are occupied by two new malicious codes: the ZLFake.A.drp Trojan and the virus ZlFake.A.
Name Previous position
Trj/Downloader.MDW ; 1=
W32/ZLFake.A.drp ; New
W32/ZlFake.A ; New
Trj/Lineage.BZE ; 3 Down
W32/Brontok.H.worm ; 2 Down
Application/SuperFast ; 10 Up
W32/Sdbot.ftp.worm ; 5 Down
W32/Puce.E.worm ; 9 Up
Trj/Dropper.UN ; 7 Down
Trj/Perlovga.A ; 8 Down
In fourth place, down one spot from last month, is Lineage.BZE, a Trojan designed to steal passwords. Similarly, Brontok.H, in fifth place, has dropped down the ranking since the previous month.
On the other hand, the SuperFast PUP (Potentially Unwanted Program) has moved up four places from tenth to sixth.
Sdbot.ftp, the script used by Sdbot worms to infect computers, has dropped down to seventh place. The Puce.E worm is another malicious code that became more active in August, and is now in eighth place.
Finally, two Trojans, Dropper.UN and Perlovga.A came ninth and tenth in the list.
Worms, responsible for over eight percent of infections, were the third most active type of malware. The other types of malicious code to attack users' systems were backdoors (3.59%) dialers (3.03%), spyware (2.96%) and bots (2.51%).
“The figures in August are similar to those observed in July, suggesting that the prime financial motive of malware creators is unchanged”, explains Luis Corrons, technical director of PandaLabs, who adds: “The versatility of Trojans makes them ideal for this purpose. It’s therefore no surprise that these threats head the ranking of the most active threats”.
With respect to the specific strains of malware that were most active last month, in first place comes Downloader.MDW. This malicious code downloads other malware onto compromised computers. Second and third places in the list are occupied by two new malicious codes: the ZLFake.A.drp Trojan and the virus ZlFake.A.
Name Previous position
Trj/Downloader.MDW ; 1=
W32/ZLFake.A.drp ; New
W32/ZlFake.A ; New
Trj/Lineage.BZE ; 3 Down
W32/Brontok.H.worm ; 2 Down
Application/SuperFast ; 10 Up
W32/Sdbot.ftp.worm ; 5 Down
W32/Puce.E.worm ; 9 Up
Trj/Dropper.UN ; 7 Down
Trj/Perlovga.A ; 8 Down
In fourth place, down one spot from last month, is Lineage.BZE, a Trojan designed to steal passwords. Similarly, Brontok.H, in fifth place, has dropped down the ranking since the previous month.
On the other hand, the SuperFast PUP (Potentially Unwanted Program) has moved up four places from tenth to sixth.
Sdbot.ftp, the script used by Sdbot worms to infect computers, has dropped down to seventh place. The Puce.E worm is another malicious code that became more active in August, and is now in eighth place.
Finally, two Trojans, Dropper.UN and Perlovga.A came ninth and tenth in the list.
Malicious toolbars top the list of most common malware
Panda Security informs that almost 28 percent of computers with installed protection scanned at the Infected or Not website (http://www.infectedornot.com) last week were infected by some kind of malicious code. As for computers with no protection installed, the infection percentage was over 40 percent..
MyWebSearch was the malware most frequently detected this week by TotalScan (www.pandasecurity.com/totalscan.com), Panda Security’s online scanner for detecting active and latent malware. MyWebSearch is a PUP (Potentially Unwanted Program) that installs a toolbar that changes results displayed by some search engines to redirect users to certain vendors’ web pages.
There are eight PUPs among the Top Ten malicious codes detected by TotalScan. “One of the reasons for the widespread distribution of this type of malware is the fact that many users think it is harmless. However, it poses a threat to their privacy, and some malware is even capable of downloading other types of malicious code, including Trojans, onto infected systems”, explains Luis Corrons, Technical Director of PandaLabs.
Position Malware type Name
1 PUP MyWebSearch
2 PUP FunWeb
3 PUP KillApp.B
4 PUP HideWindow.S
5 PUP Processor
6 Adware CWS
7 Worm ZLFake.A.drp
8 Adware WhenUSearch
9 PUP RealSpy
10 PUP CloseApp
Of all the new malicious codes analyzed this week by PandaLabs, this week’s report looks at the IRCPass.A backdooor and the MSNFunny.B and Sohanat.CU worms.
IRCPass.A is designed to allow cyber-crooks to take control of computers via HTTP and steal their passwords, for example, passwords saved by the auto-complete feature in Internet Explorer or Opera.
This malicious code opens a system port and waits to receive commands from its creator, who will be notified every time the backdoor infects a computer.
MSNFunny.B spreads through MSN Messenger. To do this, it closes all currently open MSN Messenger windows and sends all the targeted user’s contacts a message with an attached .zip file and a text enticing users to open it. This text can be written in several languages, for example: “lol you got to see this” or “viu este?”.
The worm creates several copies of itself on the system and connects to the Internet to download other malicious codes, like Dialer.KOS and the Sfc.A.mod Trojan.
MSNFunny.B creates a new key in the Windows Registry to run on every system restart and modifies other entries to, for example, disable the Registry editor. It also disables notifications from the firewall and antivirus updates and operating system updates. All this is designed to leave the PC more vulnerable to future attacks.
Sohanat.CU also spreads through instant messaging. To do this, the worm sends random messages to the infected user’s contacts that are connected to the application at the time the malware is run. These messages include: “hot pics this week" or ":D who is beside you in this pic ". Finally, the message shows a link that takes the user to a worm download.
This malware performs malicious actions such as changing the Internet Explorer home page, disabling the option that allows users to change it, or preventing access to the Windows Task Manager. Finally, it edits the Windows Registry to ensure it is run every time the system is started up.
For further information about these and other computer threats, visit Panda Security's Encyclopedia.
If you think your computer might have been infected by malicious code, you can scan it free at http://www.infectedornot.com
MyWebSearch was the malware most frequently detected this week by TotalScan (www.pandasecurity.com/totalscan.com), Panda Security’s online scanner for detecting active and latent malware. MyWebSearch is a PUP (Potentially Unwanted Program) that installs a toolbar that changes results displayed by some search engines to redirect users to certain vendors’ web pages.
There are eight PUPs among the Top Ten malicious codes detected by TotalScan. “One of the reasons for the widespread distribution of this type of malware is the fact that many users think it is harmless. However, it poses a threat to their privacy, and some malware is even capable of downloading other types of malicious code, including Trojans, onto infected systems”, explains Luis Corrons, Technical Director of PandaLabs.
Position Malware type Name
1 PUP MyWebSearch
2 PUP FunWeb
3 PUP KillApp.B
4 PUP HideWindow.S
5 PUP Processor
6 Adware CWS
7 Worm ZLFake.A.drp
8 Adware WhenUSearch
9 PUP RealSpy
10 PUP CloseApp
Of all the new malicious codes analyzed this week by PandaLabs, this week’s report looks at the IRCPass.A backdooor and the MSNFunny.B and Sohanat.CU worms.
IRCPass.A is designed to allow cyber-crooks to take control of computers via HTTP and steal their passwords, for example, passwords saved by the auto-complete feature in Internet Explorer or Opera.
This malicious code opens a system port and waits to receive commands from its creator, who will be notified every time the backdoor infects a computer.
MSNFunny.B spreads through MSN Messenger. To do this, it closes all currently open MSN Messenger windows and sends all the targeted user’s contacts a message with an attached .zip file and a text enticing users to open it. This text can be written in several languages, for example: “lol you got to see this” or “viu este?”.
The worm creates several copies of itself on the system and connects to the Internet to download other malicious codes, like Dialer.KOS and the Sfc.A.mod Trojan.
MSNFunny.B creates a new key in the Windows Registry to run on every system restart and modifies other entries to, for example, disable the Registry editor. It also disables notifications from the firewall and antivirus updates and operating system updates. All this is designed to leave the PC more vulnerable to future attacks.
Sohanat.CU also spreads through instant messaging. To do this, the worm sends random messages to the infected user’s contacts that are connected to the application at the time the malware is run. These messages include: “hot pics this week" or ":D who is beside you in this pic ". Finally, the message shows a link that takes the user to a worm download.
This malware performs malicious actions such as changing the Internet Explorer home page, disabling the option that allows users to change it, or preventing access to the Windows Task Manager. Finally, it edits the Windows Registry to ensure it is run every time the system is started up.
For further information about these and other computer threats, visit Panda Security's Encyclopedia.
If you think your computer might have been infected by malicious code, you can scan it free at http://www.infectedornot.com
Subscribe to:
Posts (Atom)
