December 20, 2007
PandaLabs, Panda Security’s anti-malware laboratory, has forecast how Internet threats will evolve in 2008.
One of the key factors will be the increase in the amount of known and unknown malware in circulation. If there has already been a notable increase in 2007 compared to previous years, this trend will most likely intensify in 2008.
PandaLabs also expects this growth to affect platforms that have not previously been targeted by cyber-crooks. There could be an increase in threats aimed at Mac systems or VoIP services.
The objectives of threat creators will remain the same as today, i.e, obtaining confidential data for online fraud and theft. Banker Trojans will continue to be present and there will be a significant rise in the number of Trojans designed to steal information from users of social networks (Myspace, Facebook, etc.), and online games. The year 2007 saw this kind of data theft consolidate as a new criminal business model on the Internet.
According to Luis Corrons, technical director of PandaLabs, “The current platforms will not be the only ones under attack. As systems like iphone, gphone, etc., become more popular among users, malware creators will start to use them to spread their creations and obtain benefits”.
Main means of propagation
Over the current year we have seen the increasing use of malware installation kits capable of exploiting vulnerabilities in servers. These would modify web pages that automatically infected the visitors’ computers. Such activities will increase considerably in 2008, as these tools have proven to be very effective when it comes to infecting a large number of systems. Also, cyber-criminals will continue to be on the lookout for new vulnerabilities in operating systems and applications that allow them to install malware without the user’s knowledge.
In addition to this, classic techniques like social engineering will continue to be used although they could adopt new forms: from greeting cards to fake Windows updates, as has occurred recently.
Another means of propagation in 2008 will be the so-called “drive-by download”, which consists of inserting a page that can detect vulnerabilities on target computers to infect them.
More complex malware
Malware attacks have been increasingly sophisticated throughout 2007 in the technological field and there is evidence that new malware is becoming increasingly complex. This complexity stems from the merging of several types of threats, resulting in the appearance of hybrid malware. It appears that this phenomenon will continue over the next year.
PandaLabs notes that malware such as bots or Trojans will be controlled remotely not only through IRC, but also P2P networks or the HTTP protocol. “This is cyber-crooks’ way of ensuring the success of their malicious activities, as this type of system allows communications to be encrypted, making detection harder”, explains Luis Corrons.
Dominic Hoskins, Panda UK, added: “Thanks to Panda Security's Collective Intelligence Model we continue to be able to detect and analyse new threats rapidly and are well prepared to protect our customers. PandaLabs leads the way in threat detection, which is good news for our customers”.
Panda Security offers several free tools for scanning PCs at http://www.infectedornot.com/
Panda Security Seminar Planned for New Year
In-depth assessment of the issues around online fraud in Internet transactions
December 11, 2007
Panda Security is hosting a Security Seminar in January aimed at delivering a detailed assessment of the evolving threat landscape and the impact of malware on business today.
The one-day event will be held at The London Stock Exchange on Friday January 25th 2008, and is aimed at senior IT professionals, Risk Managers and eCommerce Managers in corporate organisations throughout the UK.
Analysis will be provided by Andrew Jaquith at The Yankee Group on the ‘malware paradox: perception vs. reality’ and the seminar will also hear commentary from Panda’s own senior research advisor, Pedro Bustamente on how solutions are being created to address the key issues. Subjects for discussion will include what motivates cyber criminals; just how far the silent malware epidemic reaches; the techniques used in cyber crime; and details of infection ratios in protected systems.
Dominic Hoskins, Country Manager at Panda UK, said: “In the last fortnight alone two major security alerts have dominated national and international headlines, putting computer security at the very top of the agenda. Delegates to the Panda Security Seminar can expect to come away with a very clear understanding of the current situation relating to Internet threats, and more importantly, the means with which to prevent and combat these ever increasing threats to business.”
Delegate places are being offered free of charge on a strictly limited basis, but organisations that rely at any level on online monetary transactions, Internet banking or other online communication where private and confidential data is transferred should contact Panda for more information at http://www.saferdigitalworld.com/.
December 11, 2007
Panda Security is hosting a Security Seminar in January aimed at delivering a detailed assessment of the evolving threat landscape and the impact of malware on business today.
The one-day event will be held at The London Stock Exchange on Friday January 25th 2008, and is aimed at senior IT professionals, Risk Managers and eCommerce Managers in corporate organisations throughout the UK.
Analysis will be provided by Andrew Jaquith at The Yankee Group on the ‘malware paradox: perception vs. reality’ and the seminar will also hear commentary from Panda’s own senior research advisor, Pedro Bustamente on how solutions are being created to address the key issues. Subjects for discussion will include what motivates cyber criminals; just how far the silent malware epidemic reaches; the techniques used in cyber crime; and details of infection ratios in protected systems.
Dominic Hoskins, Country Manager at Panda UK, said: “In the last fortnight alone two major security alerts have dominated national and international headlines, putting computer security at the very top of the agenda. Delegates to the Panda Security Seminar can expect to come away with a very clear understanding of the current situation relating to Internet threats, and more importantly, the means with which to prevent and combat these ever increasing threats to business.”
Delegate places are being offered free of charge on a strictly limited basis, but organisations that rely at any level on online monetary transactions, Internet banking or other online communication where private and confidential data is transferred should contact Panda for more information at http://www.saferdigitalworld.com/.
New Zealand botnet crackdown dangerous despite 2007 bots drop
December 3, 2007
Panda Security warns that the number of malicious bots has declined in 2007 from 3.46% to 2.25%¹ but their high profile financial notoriety continues to cause significant damage as it was exposed in recent botnet crackdown in New Zealand².
The botnet took control over estimated 1.3 million computers and illegally embezzled £12.1m.
Bots remain top dangerous malicious code picked up on the internet despite steady decline during the second and third quarters of 2007.
“Botnets continue to grab headlines because of their massive scale and impact. The botnet crackdown in New Zealand is only tip of the iceberg. The majority of people with compromised computers do not even know their computers are being used for criminal activity. They themselves may not be financially affected but their computers are used to steal saleable personal data from others, or simply act as relays for spam and phishing”, said Dominic Hoskins, Panda Security UK.
Bots are operated by organized international cyber-crime groups and remain at the heart of botnets considered one of the most lucrative e-crime business models at the moment.
Bots first reach computers in emails that use social engineering and exploit system vulnerabilities. They then get installed silently and operate for long periods until they turn computers into zombies that become part of a larger network.
Dominic Hoskins said: “There is an underground market for renting bots to send spam or install spyware or adware and a zombie spam server will go for as little as £250”.
Botnets also flood websites with data to knock them offline. The launch of iPhone, for instance, was exploited by a botnet made up of over 7,500 zombie computers. In effect, users of infected computers were taken to a spoof “official” iPhone page and had their bank details exploited.
Bots have evolved over the last year and so the way they are controlled is changing too. Until now, most of them have been controlled through IRC servers, which was useful for controlling isolated computers and allowed attackers to send orders while hiding behind the anonymity of chat servers. Now, bots can be controlled through Web consoles using HTTP, which helps control many computers at the same time, and allows checking if and when computers are online or whether the commands have been executed correctly.
Bots can be best prevented by security solutions that rely on proactive technologies but companies are also strongly advised to carry out additional periodic online security audits³.
¹ Source: PandaLabs: Bots infection rate.
JANUARY 2007: 3.46%
FEBRUARY 2007: 3.43%
MARCH 2007: 3.58%
APRIL 2007: 3.28%
MAY 2007: 3.37%
JUNE 2007: 2.74%
JULY 2007: 2.32%
AUGUST 2007: 2.51%
SEPTEMBER 2007: 2.48%
OCTOBER 2007: 2.33%
NOVEMBER 2007: 2.25%
² Source: Bloomberg.com http://www.bloomberg.com/apps/news?pid=20601081&sid=aJga1tAIS7zM&refer=australia
³ Panda Security offers Malware Radar, the first exhaustive and automated online security audit service. Malware Radar relies on a new Collective Intelligence approach managed by PandaLabs. Collective Intelligence is based on exhaustive remote, centralized, and real-time knowledge about malware and non-malicious applications maintained through the automatic processing of all scanned elements. The Collective Intelligence approach provides the ability to maximize malware detection capabilities, while at the same time, minimizing the resource and bandwidth consumption of protected systems. One of the main benefits of this approach is the automation of the entire malware detection and protection cycle, including collection, analysis, classification and remediation. Collective Intelligence provides visibility and knowledge into the processes running on all of the computers scanned. This broad visibility of the community -- in addition to automation -- is what delivers the ability to tackle not only the large volumes of new malware, but also targeted attacks.
Panda Security warns that the number of malicious bots has declined in 2007 from 3.46% to 2.25%¹ but their high profile financial notoriety continues to cause significant damage as it was exposed in recent botnet crackdown in New Zealand².
The botnet took control over estimated 1.3 million computers and illegally embezzled £12.1m.
Bots remain top dangerous malicious code picked up on the internet despite steady decline during the second and third quarters of 2007.
“Botnets continue to grab headlines because of their massive scale and impact. The botnet crackdown in New Zealand is only tip of the iceberg. The majority of people with compromised computers do not even know their computers are being used for criminal activity. They themselves may not be financially affected but their computers are used to steal saleable personal data from others, or simply act as relays for spam and phishing”, said Dominic Hoskins, Panda Security UK.
Bots are operated by organized international cyber-crime groups and remain at the heart of botnets considered one of the most lucrative e-crime business models at the moment.
Bots first reach computers in emails that use social engineering and exploit system vulnerabilities. They then get installed silently and operate for long periods until they turn computers into zombies that become part of a larger network.
Dominic Hoskins said: “There is an underground market for renting bots to send spam or install spyware or adware and a zombie spam server will go for as little as £250”.
Botnets also flood websites with data to knock them offline. The launch of iPhone, for instance, was exploited by a botnet made up of over 7,500 zombie computers. In effect, users of infected computers were taken to a spoof “official” iPhone page and had their bank details exploited.
Bots have evolved over the last year and so the way they are controlled is changing too. Until now, most of them have been controlled through IRC servers, which was useful for controlling isolated computers and allowed attackers to send orders while hiding behind the anonymity of chat servers. Now, bots can be controlled through Web consoles using HTTP, which helps control many computers at the same time, and allows checking if and when computers are online or whether the commands have been executed correctly.
Bots can be best prevented by security solutions that rely on proactive technologies but companies are also strongly advised to carry out additional periodic online security audits³.
¹ Source: PandaLabs: Bots infection rate.
JANUARY 2007: 3.46%
FEBRUARY 2007: 3.43%
MARCH 2007: 3.58%
APRIL 2007: 3.28%
MAY 2007: 3.37%
JUNE 2007: 2.74%
JULY 2007: 2.32%
AUGUST 2007: 2.51%
SEPTEMBER 2007: 2.48%
OCTOBER 2007: 2.33%
NOVEMBER 2007: 2.25%
² Source: Bloomberg.com http://www.bloomberg.com/apps/news?pid=20601081&sid=aJga1tAIS7zM&refer=australia
³ Panda Security offers Malware Radar, the first exhaustive and automated online security audit service. Malware Radar relies on a new Collective Intelligence approach managed by PandaLabs. Collective Intelligence is based on exhaustive remote, centralized, and real-time knowledge about malware and non-malicious applications maintained through the automatic processing of all scanned elements. The Collective Intelligence approach provides the ability to maximize malware detection capabilities, while at the same time, minimizing the resource and bandwidth consumption of protected systems. One of the main benefits of this approach is the automation of the entire malware detection and protection cycle, including collection, analysis, classification and remediation. Collective Intelligence provides visibility and knowledge into the processes running on all of the computers scanned. This broad visibility of the community -- in addition to automation -- is what delivers the ability to tackle not only the large volumes of new malware, but also targeted attacks.
Is this the end of computer worms?
November 8, 2007
Worms, once responsible for some of the worst virus epidemics in history, are now on the decline and gradually fading into the background. Recent figures compiled by PandaLabs reveal that worms have been outnumbered by more notorious malicious code such as adware or trojans which currently present a combined consideration of approximately 49% of all detected infections.
In its latest malware audit obtained from the Panda ActiveScan online solution in October, worms scored only 8.31% having gradually weakened from 18.14% in November 2006 and 12.11% in January 2007¹. On the contrary, adware and trojans have kept their high corruption rate and now strengthened to an infection score of 25.97% and 23.37% respectively².
The gradual decrease in the number of worms has been down to the arrival of more effective strains of malware and a new strategic approach to malware attacks. The idea is now similar to a guerilla warfare whereby specific chunks of malware are created to attack specific networks or a company. While that form of malware can be incredibly effective and destructive to a targeted network, it ironically remains completely harmless to other networks.
Worms have advanced in terms of their sophistication but their prime focus remains the same. They continue to create havoc and panic but are usually motivated by nothing more than pure hate attacks. Dominic Hoskins, Panda Security UK, said: “Having computers brought to a standstill can result in significant financial losses to the victim but in fact this type of activity is no longer considered attractive and hugely beneficial by malware creators as it does not lead to financial gain for the perpetrators”.
Conversely, targeted guerilla attacks have been on the rise primarily fuelled by a shift in interests focused on malware dynamics. An ever increasing online reliance helped to nurture this new phenomenon which has now influenced malware mindset to the extent where notoriety has been completely played down by financial gain. In effect, the sole purpose of creating new malware is now financially led.
Dominic Hoskins commented: “Crashing computer networks might seem like an achievement but it proves less profitable to an individual than obtaining sensitive confidential information. Malware sophistication still remains the key to overcome AVs and firewalls but it is the new strategic approach to malware attacks that matters. This new approach is financially motivated and involves building malware from scratch for a specific target”.
Trojans have become popular due to their capacity to generate large profits through theft of information used for online fraud or by charging advertisers for sending spam by means of botnets. Adware, embodied by advertising banners, is home to the unscrupulous marketing companies that pay its creators to display unsolicited advertising.
¹ Source: PandaLabs: Worms infection rate.
October 2007: 8,31%
September 2007: 8,39%
August 2007: 8,23%
July 2007: 8,30%
June 2007: 8,71%
May 2007: 9,46%
April 2007: 8%
March 2007: 6%
February 2007: 6%
January 2007: 12,11%
December 2006: 16,16 %
November 2006: 18,14%
² Source: Panda ActiveScan: October 2008
Worms, once responsible for some of the worst virus epidemics in history, are now on the decline and gradually fading into the background. Recent figures compiled by PandaLabs reveal that worms have been outnumbered by more notorious malicious code such as adware or trojans which currently present a combined consideration of approximately 49% of all detected infections.
In its latest malware audit obtained from the Panda ActiveScan online solution in October, worms scored only 8.31% having gradually weakened from 18.14% in November 2006 and 12.11% in January 2007¹. On the contrary, adware and trojans have kept their high corruption rate and now strengthened to an infection score of 25.97% and 23.37% respectively².
The gradual decrease in the number of worms has been down to the arrival of more effective strains of malware and a new strategic approach to malware attacks. The idea is now similar to a guerilla warfare whereby specific chunks of malware are created to attack specific networks or a company. While that form of malware can be incredibly effective and destructive to a targeted network, it ironically remains completely harmless to other networks.
Worms have advanced in terms of their sophistication but their prime focus remains the same. They continue to create havoc and panic but are usually motivated by nothing more than pure hate attacks. Dominic Hoskins, Panda Security UK, said: “Having computers brought to a standstill can result in significant financial losses to the victim but in fact this type of activity is no longer considered attractive and hugely beneficial by malware creators as it does not lead to financial gain for the perpetrators”.
Conversely, targeted guerilla attacks have been on the rise primarily fuelled by a shift in interests focused on malware dynamics. An ever increasing online reliance helped to nurture this new phenomenon which has now influenced malware mindset to the extent where notoriety has been completely played down by financial gain. In effect, the sole purpose of creating new malware is now financially led.
Dominic Hoskins commented: “Crashing computer networks might seem like an achievement but it proves less profitable to an individual than obtaining sensitive confidential information. Malware sophistication still remains the key to overcome AVs and firewalls but it is the new strategic approach to malware attacks that matters. This new approach is financially motivated and involves building malware from scratch for a specific target”.
Trojans have become popular due to their capacity to generate large profits through theft of information used for online fraud or by charging advertisers for sending spam by means of botnets. Adware, embodied by advertising banners, is home to the unscrupulous marketing companies that pay its creators to display unsolicited advertising.
¹ Source: PandaLabs: Worms infection rate.
October 2007: 8,31%
September 2007: 8,39%
August 2007: 8,23%
July 2007: 8,30%
June 2007: 8,71%
May 2007: 9,46%
April 2007: 8%
March 2007: 6%
February 2007: 6%
January 2007: 12,11%
December 2006: 16,16 %
November 2006: 18,14%
² Source: Panda ActiveScan: October 2008
Panda launches GateDefender Performa 3.0: personalized protection for companies of all sizes
October 30, 2007
Panda Security has launched Panda GateDefender Performa 3.0, the new version of its content security appliance for companies of all sizes. The major new feature is the option to set user profiles, which enables administrators to configure security according to the needs of specific workers or departments.
“There are always varying security needs within companies. The types of websites accessed or files and data types sent and received will differ from one department to another. With this new solution, administrators can provide user groups or individuals with protection that adapts perfectly to their specific needs,” explains Alejandro Castañar, Product Manager for security appliances at Panda Security.
Panda GateDefender Performa 3.0 is designed for installation in any network, with no need for configuring or redirecting network traffic. It offers complete corporate protection, blocking malware, spam and malicious or inappropriate content before it enters the network. It does this through scanning of the most common protocols (HTTP, FTP, SMTP, POP3, IMAP4 and NNTP). It can also prevent the use of high-risk applications such as instant messaging and peer-to-peer programs.
“Malware, spam, inappropriate content, instant messaging and peer-to-peer programs are all notorious time-wasters for employees and saturate network resources. A solution like Panda GateDefender Performa 3.0 doesn’t just protect companies, it also helps them become more efficient and productive, as it keeps these malicious and time-wasting elements out of the network,” says Castañar.
Moreover, Panda GateDefender Performa 3.0 ensures that all relevant information will be received, through an innovative system using three separate quarantines:
Quarantine for suspect or non-disinfectable malware.
Quarantine for spam or probable spam
Quarantine for content blocked by the corporate security policy
There is also the option of a direct connection with PandaLabs to detect new malware, create vaccines automatically. The system also allows for items to be recovered or disinfected automatically and forwarded to the recipient without intervention from administrators.
According to Castañar: “This technology ensures that only secure content reaches the interior of the network and with a minimal impact on the network.”
Panda GateDefender Performa provides information to administrators about the status of protection and network activity (items blocked, network viruses, users most frequently targeted etc.). This data is provided in real-time in the form of graphs, offering considerable time saving for administrators.
This new appliance from Panda offers five different types of protection:
- Anti-malware protection: Detects and blocks all types of Internet-borne malicious code before it reaches the corporate network. Files containing unknown or non-disinfectable malware can be stored in a special quarantine and eliminated later.
- Content filtering: Allows administrators to establish a corporate security policy to filter out potentially dangerous content, and prevent confidential or personal data from leaving the company.
- Anti-spam protection: Verifies all inbound and outbound mail. Every message is classified as Spam, Probable spam or Not spam. The sensitivity of the anti-spam filter can also be adapted to each network user. Eliminating junk mail in the network perimeter improves network performance and boosts user productivity.
- Web filtering: Administrators define the categories of inappropriate Web content. They can also establish white lists and blacklists of restricted or permitted pages. This optimizes resource usage and improves user productivity. It also shuts down access to offensive, violent or any other inappropriate content.
- Blocking of P2P and IM applications: Peer-to-peer applications eat up corporate bandwidth and represent an important security hole as files are often divided in small packets and cannot be scanned. Instant messaging also affects productivity as it is frequently used for personal ends by workers. Panda GateDefender Performa can block these kinds of applications from within the corporate network.
Panda Security has launched Panda GateDefender Performa 3.0, the new version of its content security appliance for companies of all sizes. The major new feature is the option to set user profiles, which enables administrators to configure security according to the needs of specific workers or departments.
“There are always varying security needs within companies. The types of websites accessed or files and data types sent and received will differ from one department to another. With this new solution, administrators can provide user groups or individuals with protection that adapts perfectly to their specific needs,” explains Alejandro Castañar, Product Manager for security appliances at Panda Security.
Panda GateDefender Performa 3.0 is designed for installation in any network, with no need for configuring or redirecting network traffic. It offers complete corporate protection, blocking malware, spam and malicious or inappropriate content before it enters the network. It does this through scanning of the most common protocols (HTTP, FTP, SMTP, POP3, IMAP4 and NNTP). It can also prevent the use of high-risk applications such as instant messaging and peer-to-peer programs.
“Malware, spam, inappropriate content, instant messaging and peer-to-peer programs are all notorious time-wasters for employees and saturate network resources. A solution like Panda GateDefender Performa 3.0 doesn’t just protect companies, it also helps them become more efficient and productive, as it keeps these malicious and time-wasting elements out of the network,” says Castañar.
Moreover, Panda GateDefender Performa 3.0 ensures that all relevant information will be received, through an innovative system using three separate quarantines:
Quarantine for suspect or non-disinfectable malware.
Quarantine for spam or probable spam
Quarantine for content blocked by the corporate security policy
There is also the option of a direct connection with PandaLabs to detect new malware, create vaccines automatically. The system also allows for items to be recovered or disinfected automatically and forwarded to the recipient without intervention from administrators.
According to Castañar: “This technology ensures that only secure content reaches the interior of the network and with a minimal impact on the network.”
Panda GateDefender Performa provides information to administrators about the status of protection and network activity (items blocked, network viruses, users most frequently targeted etc.). This data is provided in real-time in the form of graphs, offering considerable time saving for administrators.
This new appliance from Panda offers five different types of protection:
- Anti-malware protection: Detects and blocks all types of Internet-borne malicious code before it reaches the corporate network. Files containing unknown or non-disinfectable malware can be stored in a special quarantine and eliminated later.
- Content filtering: Allows administrators to establish a corporate security policy to filter out potentially dangerous content, and prevent confidential or personal data from leaving the company.
- Anti-spam protection: Verifies all inbound and outbound mail. Every message is classified as Spam, Probable spam or Not spam. The sensitivity of the anti-spam filter can also be adapted to each network user. Eliminating junk mail in the network perimeter improves network performance and boosts user productivity.
- Web filtering: Administrators define the categories of inappropriate Web content. They can also establish white lists and blacklists of restricted or permitted pages. This optimizes resource usage and improves user productivity. It also shuts down access to offensive, violent or any other inappropriate content.
- Blocking of P2P and IM applications: Peer-to-peer applications eat up corporate bandwidth and represent an important security hole as files are often divided in small packets and cannot be scanned. Instant messaging also affects productivity as it is frequently used for personal ends by workers. Panda GateDefender Performa can block these kinds of applications from within the corporate network.
Corporate malware on the rise
25 October, 2007
PandaLabs alerts that almost 72% percent of companies with more than 100 computers have active malware on their networks.
The data was collected between May and July, 2007, and consisted of more than 1,200 firms with security solutions installed.
The aim of the study was to uncover the number of ‘protected’ corporate computers, revealing that they are indeed infected and that in majority of cases their owners are not even aware of it.
The study also analysed the type of protection installed on infected computers and its effectiveness relative to malware detection. It revealed that systems protected by Computer Associates had the highest infection rate of 4.55%, which was then closely matched by Trend Micro with 4.3%. Symantec had a rate of 2.8% of infected systems and McAfee 2.28%. Panda outperformed its competitors by a mile with a score of 0.73%.
“The dramatic increase in the amount of malware in circulation can be explained by a shift of interests among malware creators. They are no longer interested in causing general havoc but completely focus on financial benefits. Although traditional security solutions do protect, in the wake of constant malware sophistication these must be complemented with online periodic audits, which, like Malware Radar, are able to detect even the malware that goes undetected by installed protection,” explains Pedro Bustamante, Senior Research Advisor at Panda Security.
Adware is the top malware on corporate networks (63.04%) followed by Trojans accounting for 12.57% of malicious code. Corporate PCs have also faced a significant increase in banker Trojans and Rootkits, which are designed to conceal malicious activities.
In the wake of this increasing threat, Panda Security has developed a new security model based on ‘Collective Intelligence’. This system is based on the collection of information on newly created malware from the Internet community and the automated processing of this data in Panda’s new data laboratories. This is correlated and leveraged to offer greater detection and improved security for clients.
PandaLabs’ report can be downloaded from:
http://www.pandasecurity.com/enterprise/downloads/white-papers/?sitepanda=particulares
PandaLabs alerts that almost 72% percent of companies with more than 100 computers have active malware on their networks.
The data was collected between May and July, 2007, and consisted of more than 1,200 firms with security solutions installed.
The aim of the study was to uncover the number of ‘protected’ corporate computers, revealing that they are indeed infected and that in majority of cases their owners are not even aware of it.
The study also analysed the type of protection installed on infected computers and its effectiveness relative to malware detection. It revealed that systems protected by Computer Associates had the highest infection rate of 4.55%, which was then closely matched by Trend Micro with 4.3%. Symantec had a rate of 2.8% of infected systems and McAfee 2.28%. Panda outperformed its competitors by a mile with a score of 0.73%.
“The dramatic increase in the amount of malware in circulation can be explained by a shift of interests among malware creators. They are no longer interested in causing general havoc but completely focus on financial benefits. Although traditional security solutions do protect, in the wake of constant malware sophistication these must be complemented with online periodic audits, which, like Malware Radar, are able to detect even the malware that goes undetected by installed protection,” explains Pedro Bustamante, Senior Research Advisor at Panda Security.
Adware is the top malware on corporate networks (63.04%) followed by Trojans accounting for 12.57% of malicious code. Corporate PCs have also faced a significant increase in banker Trojans and Rootkits, which are designed to conceal malicious activities.
In the wake of this increasing threat, Panda Security has developed a new security model based on ‘Collective Intelligence’. This system is based on the collection of information on newly created malware from the Internet community and the automated processing of this data in Panda’s new data laboratories. This is correlated and leveraged to offer greater detection and improved security for clients.
PandaLabs’ report can be downloaded from:
http://www.pandasecurity.com/enterprise/downloads/white-papers/?sitepanda=particulares
Panda Security and Commtouch Sign Licensing Deal
23 October, 2007
Panda Security and Commtouch® (NASDAQ: CTCH) announced today that they have signed a licensing agreement to add Commtouch’s Anti-Spam technology to Panda’s TrustLayer Mail.
“We chose Commtouch’s Anti-Spam solution because our TrustLayer Mail service guarantees spam detection ratios of more than 98%, and Commtouch can help us achieve this,” said Jose Antonio López, Corporate Solutions Director at Panda Security.
Commtouch’s Anti-Spam engine is based on Recurrent Pattern Detection™ (RPD™), a content-agnostic technology that detects and blocks spam in any language. RPD analyzes large volumes of Internet traffic in real-time, recognizing and protecting against new spam outbreaks the moment they emerge.
TrustLayer Mail customers include Internet service providers, application service providers and telecommunications operators. TrustLayer provides 24x7 managed services, guaranteeing clean mail with antivirus, anti-spam, mail continuity and content filtering. TrustLayer Mail service quality is backed by an SLA (Service Level Agreement) to guarantee clients’ email is 100% virus-free.
“Panda Security’s customers require consistent, high-level performance from their TrustLayer Mail services, and we’re pleased that Commtouch’s Anti-Spam solution is being used to exceed their expectations,” said Ronni Zehavi, Commtouch Vice President of International Business Development. “We see this agreement as the first step of a long-term cooperative relationship between Panda and Commtouch.”
Panda Security and Commtouch® (NASDAQ: CTCH) announced today that they have signed a licensing agreement to add Commtouch’s Anti-Spam technology to Panda’s TrustLayer Mail.
“We chose Commtouch’s Anti-Spam solution because our TrustLayer Mail service guarantees spam detection ratios of more than 98%, and Commtouch can help us achieve this,” said Jose Antonio López, Corporate Solutions Director at Panda Security.
Commtouch’s Anti-Spam engine is based on Recurrent Pattern Detection™ (RPD™), a content-agnostic technology that detects and blocks spam in any language. RPD analyzes large volumes of Internet traffic in real-time, recognizing and protecting against new spam outbreaks the moment they emerge.
TrustLayer Mail customers include Internet service providers, application service providers and telecommunications operators. TrustLayer provides 24x7 managed services, guaranteeing clean mail with antivirus, anti-spam, mail continuity and content filtering. TrustLayer Mail service quality is backed by an SLA (Service Level Agreement) to guarantee clients’ email is 100% virus-free.
“Panda Security’s customers require consistent, high-level performance from their TrustLayer Mail services, and we’re pleased that Commtouch’s Anti-Spam solution is being used to exceed their expectations,” said Ronni Zehavi, Commtouch Vice President of International Business Development. “We see this agreement as the first step of a long-term cooperative relationship between Panda and Commtouch.”
Entensys Corporation and Panda Security announce Technology partnership
19 October, 2007
Entensys Corporation has announced a technology partnership with Panda Security to provide antivirus scanning functionality for its UserGate proxy server and future products.
UserGate provides a complete gateway traffic control that now includes Panda Antivirus protection.
The Panda antivirus engine is integrated into UserGate Proxy so that Panda Security works as a filter intercepting all data transferred through various Internet protocols. From all traffic it selects only those objects which are subject to control and analyzes them for viruses and spyware.
“The combination of Panda Antivirus engine with UserGate Internet Security server provides users with an extremely high-performance software solution for protecting and managing their Internet access," said Alexander Levchenko, President of Entensys Corporation. “Entensys offers customers a comprehensive, high-performance all-in-one solution to secure small and medium-size networks, including a built-in firewall, web filtering, user access control, antivirus and antispyware functionality."
“This agreement allows Panda Security to offer its technology to a greater number of customers, providing them with highly effective protection now available in collaboration with Entensys” said José Antonio López, Director of Corporate Solutions at Panda Security.
Entensys Corporation has announced a technology partnership with Panda Security to provide antivirus scanning functionality for its UserGate proxy server and future products.
UserGate provides a complete gateway traffic control that now includes Panda Antivirus protection.
The Panda antivirus engine is integrated into UserGate Proxy so that Panda Security works as a filter intercepting all data transferred through various Internet protocols. From all traffic it selects only those objects which are subject to control and analyzes them for viruses and spyware.
“The combination of Panda Antivirus engine with UserGate Internet Security server provides users with an extremely high-performance software solution for protecting and managing their Internet access," said Alexander Levchenko, President of Entensys Corporation. “Entensys offers customers a comprehensive, high-performance all-in-one solution to secure small and medium-size networks, including a built-in firewall, web filtering, user access control, antivirus and antispyware functionality."
“This agreement allows Panda Security to offer its technology to a greater number of customers, providing them with highly effective protection now available in collaboration with Entensys” said José Antonio López, Director of Corporate Solutions at Panda Security.
Panda Security for Internet Transactions: a service to secure online transactions
16 October, 2007
Panda Security has launched Panda Security for Internet Transactions, an antifraud service for online transactions to protect clients of e-banking, pay-platforms and e-commerce against active malware.
Banks and businesses will be able to scan PCs to ensure that users launching transactions on their websites are not affected by any malicious code. This eliminates the risk of passwords being stolen or other fraudulent operations.
“Fraud and online theft are realities that are currently responsible for considerable financial losses for users as well as banks and other companies that operate transactions over the Internet with clients. In 2007, online fraud has grown 39.71 percent with respect to 2006, highlighting the alarming expansion of this threat”, warns Jose Antonio Lopez, Director of Corporate Solutions at Panda Security.
Panda Security for Internet Transactions protects against these dangers. This service will enable banks and companies to reduce losses through online fraud and react rapidly to malware that specifically targets them, as this product also includes specialized protection against targeted attacks. It also offers benefits for users of online banking and e-commerce services, as they will be able to perform online transactions with peace of mind.
“By ensuring that users, the weakest link in the security chain, are protected, consumer confidence in online transactions will grow rapidly”, affirms Lopez.
Panda Security for Internet Transactions can be fully configured by banks or companies. Options include making the application visible to users, customizing the design, specifying the situations in which clients will be prevented from accessing the website, etc.
“For example, if the system detects that a user is infected with a Trojan that does not pose a threat to the transaction, the user can be allowed to access the website, and administrators can decide whether or not to advise the users that the computer is infected”, explains Lopez.
Banks and business that contract this service can also decide how to perform the scan on clients’ PCs. They can force them to run a scan before entering their details, or include it as a voluntary option. The scan can also be run after the user identification process, on an intermediate web page, or on all the pages that the company chooses. All these parameters are managed and configured through a web console.
Clients of Panda Security for Internet Transactions will also have a direct line to PandaLabs, the malware scanning and detection laboratory at Panda, so product updates will be immediate should a new malicious code appear that targets the specific company.
Scanning takes place in real-time and is imperceptible to users, who can continue to use the Internet without any problems. All that is required is the installation of a small ActiveX control the first time the PC is scanned. The product is compatible with both the Internet Explorer and Firefox browsers.
Panda Security for Internet Transactions detects more than two million malicious codes, and benefits from the new security focus from Panda, called “collective intelligence”. This system is based on the collection of information concerning malware from the Internet community and the automated processing of this data in new data centers. This is correlated and leveraged to offer greater detection and improved security for clients.
Panda Security has launched Panda Security for Internet Transactions, an antifraud service for online transactions to protect clients of e-banking, pay-platforms and e-commerce against active malware.
Banks and businesses will be able to scan PCs to ensure that users launching transactions on their websites are not affected by any malicious code. This eliminates the risk of passwords being stolen or other fraudulent operations.
“Fraud and online theft are realities that are currently responsible for considerable financial losses for users as well as banks and other companies that operate transactions over the Internet with clients. In 2007, online fraud has grown 39.71 percent with respect to 2006, highlighting the alarming expansion of this threat”, warns Jose Antonio Lopez, Director of Corporate Solutions at Panda Security.
Panda Security for Internet Transactions protects against these dangers. This service will enable banks and companies to reduce losses through online fraud and react rapidly to malware that specifically targets them, as this product also includes specialized protection against targeted attacks. It also offers benefits for users of online banking and e-commerce services, as they will be able to perform online transactions with peace of mind.
“By ensuring that users, the weakest link in the security chain, are protected, consumer confidence in online transactions will grow rapidly”, affirms Lopez.
Panda Security for Internet Transactions can be fully configured by banks or companies. Options include making the application visible to users, customizing the design, specifying the situations in which clients will be prevented from accessing the website, etc.
“For example, if the system detects that a user is infected with a Trojan that does not pose a threat to the transaction, the user can be allowed to access the website, and administrators can decide whether or not to advise the users that the computer is infected”, explains Lopez.
Banks and business that contract this service can also decide how to perform the scan on clients’ PCs. They can force them to run a scan before entering their details, or include it as a voluntary option. The scan can also be run after the user identification process, on an intermediate web page, or on all the pages that the company chooses. All these parameters are managed and configured through a web console.
Clients of Panda Security for Internet Transactions will also have a direct line to PandaLabs, the malware scanning and detection laboratory at Panda, so product updates will be immediate should a new malicious code appear that targets the specific company.
Scanning takes place in real-time and is imperceptible to users, who can continue to use the Internet without any problems. All that is required is the installation of a small ActiveX control the first time the PC is scanned. The product is compatible with both the Internet Explorer and Firefox browsers.
Panda Security for Internet Transactions detects more than two million malicious codes, and benefits from the new security focus from Panda, called “collective intelligence”. This system is based on the collection of information concerning malware from the Internet community and the automated processing of this data in new data centers. This is correlated and leveraged to offer greater detection and improved security for clients.
UK has least active malware in Europe
26 September 2007
According to recent data gathered at the Infected or Not website (http://www.infectedornot.com/.infectedornot.com/), UK has the lowest rate of computers infected with active malware, 8.65%, but it still maintains a high number of computers infected by latent malware, 24.94% (not running when the scan was carried out).
Panda Security reports that 18.92% of worldwide users that used its online tools, NanoScan and TotalScan, had active malware on their computers and 24.14% of PCs had latent malware.
France was the country with most computers containing active malware, 28.21% (infections per country can be seen on the website). Spain on the other hand, was the country with most computers infected by latent malware, 29.10%.
Country PCs with active malware PCs with latent malware
Germany; 11.02 %; 15.96 %
Argentina ; 17.41 %; 26.01 %
Brazil; 18.01 %; 19.05 %
Spain; 16.30 %; 29.10 %
Italy; 14.18 %; 21.11 %
France; 28.21 %; 18.09 %
Mexico; 23.12 %; 27.28 %
UK; 8.65 %; 20.75 %
USA; 17.87 %; 24.94 %
Source: Infected or Not (http://www.infectedornot.com/)
According to recent data gathered at the Infected or Not website (http://www.infectedornot.com/.infectedornot.com/), UK has the lowest rate of computers infected with active malware, 8.65%, but it still maintains a high number of computers infected by latent malware, 24.94% (not running when the scan was carried out).
Panda Security reports that 18.92% of worldwide users that used its online tools, NanoScan and TotalScan, had active malware on their computers and 24.14% of PCs had latent malware.
France was the country with most computers containing active malware, 28.21% (infections per country can be seen on the website). Spain on the other hand, was the country with most computers infected by latent malware, 29.10%.
Country PCs with active malware PCs with latent malware
Germany; 11.02 %; 15.96 %
Argentina ; 17.41 %; 26.01 %
Brazil; 18.01 %; 19.05 %
Spain; 16.30 %; 29.10 %
Italy; 14.18 %; 21.11 %
France; 28.21 %; 18.09 %
Mexico; 23.12 %; 27.28 %
UK; 8.65 %; 20.75 %
USA; 17.87 %; 24.94 %
Source: Infected or Not (http://www.infectedornot.com/)
Dixons to stock Panda software following Europe-wide deal
12 September, 2007
The growing reputation of Panda Security has received a huge boost following the announcement that Dixons Stores Group International (DSGI) is to stock its range of software throughout the UK and Europe and in the 27 countries that it serves online.
The deal, negotiated by Formjet plc, which markets, distributes and supports Panda products in the UK, means that Panda’s range of products, including the popular titles Panda Internet Security and Panda Anti-Virus, will be sold in up to 1400 stores, including PC World.
This is a breakthrough agreement for Panda, which will enable it to significantly strengthen its brand, profile and competitiveness. The size and scale of the deal highlights Panda’s strong credentials as one of the world’s leading suppliers of security software and provides a sizeable springboard for further sales growth.
Highlights:
- The full Panda home user and SME range of IT security software will be available from PC World and PC City stores
- Deal represents a significant breakthrough for Panda in traditional IT retailing
- Panda’s brand awareness boosted as agreement opens door for it to compete directly on the shop floor with security software rivals
- This further demonstrates Formjet’s ability to secure contracts with large blue chip companies following recent deals with Tesco, Woolworths and Jungle247
- There is now an opportunity to build relationships to sell other Formjet products through DSGI
The combination of increased shop floor and online presence throughout DSGI’s stores will significantly boost the Panda brand both domestically and internationally. By opening up such a large scale sales channel Panda is now strongly placed to vie with its competitors and further grow its customer base.
Importantly for Panda, PC World has previously restricted its security software range to competitors Norton and McAfee. The fact that it has opened its doors to Panda software highlights the strength of its software range as well as providing a significant new route to the market.
The Panda Security International model of local country partners was an important element of Panda UK gaining the contract, as it will be able to offer localised customer support from the country in which it is sold.
Ingram Micro will handle the Europe-wide distribution of Panda’s products to DSGI’s stores. They will also distribute other Formjet products.
David Johnson, Head of International Buying Software at DSGI, said: “Panda has proven award-winning technology and is a welcome addition, that helps broaden our range proposition.”
Simon Hallworth, sales director at Formjet, said: “We are delighted that Panda has won this order with such a high profile customer. DSGI will provide a high level of exposure for Panda’s products while this deal provides the perfect springboard to further grow the brand in the UK and internationally.
“At Formjet we will continue to focus on growing traditional sales routes for our premium products as well as growing our white label business. The fact that we have added yet another high profile blue-chip company to our client base highlights the continued momentum we are building at the company.”
For more information: http://www.formjetplc.com/
90% mail received by businesses in August was spam
10 September, 2007
According to data compiled by TrustLayer Mail, the managed security service from Panda Security, almost as much as 87.49 percent of email that reached businesses in August was spam.
This data concurs with observations from previous months, where spam percentages have also been around 90 percent.
“Junk mail has become a damaging plague for companies who suffer very serious effects of lost productivity, and an unnecessary drain on networked resources”, confirms Luis Corrons, Technical Director of PandaLabs.
In terms of spam messages infected by malicious code, once again the Netsky.P worm was the most frequently detected culprit. Similarly, there was a significant number of emails containing downloader Trojans, that is, those designed to download malware onto computers.
“The majority of infected messages detected by our solution contained email worms. This type of malicious code is extremely damaging to companies as it saturates corporate servers”, says Corrons.
The Panda Security service blocks threats arriving via email before they reach companies’ mailboxes and ensures that e-mail is virus-free.
Panda Security’s TrustLayer Mail includes technology that combines signature-based protection with a system for consulting a global network of continuously updated security servers. The application of this system helps detect 98.5 percent of all spam and returns a false positive ratio of just 1 in every 27,905 messages processed. This data has been compiled from the networks protected by TrustLayer Mail during the solution’s trial phase.
The TrustLayer system architecture offers has been designed to offer maximum availability (99.99%) to ensure an uninterrupted message delivery service. It is supported by a team of experts, day and night, monitoring the 24x7 mail service and resolving any incidents.
The service is provided from one of the Managed Data Centers of Spain’s largest telecoms Telefonica.
More information on TrustLayer Mail is available at: http://www.pandasecurity.com/trustlayer/default.asp
According to data compiled by TrustLayer Mail, the managed security service from Panda Security, almost as much as 87.49 percent of email that reached businesses in August was spam.
This data concurs with observations from previous months, where spam percentages have also been around 90 percent.
“Junk mail has become a damaging plague for companies who suffer very serious effects of lost productivity, and an unnecessary drain on networked resources”, confirms Luis Corrons, Technical Director of PandaLabs.
In terms of spam messages infected by malicious code, once again the Netsky.P worm was the most frequently detected culprit. Similarly, there was a significant number of emails containing downloader Trojans, that is, those designed to download malware onto computers.
“The majority of infected messages detected by our solution contained email worms. This type of malicious code is extremely damaging to companies as it saturates corporate servers”, says Corrons.
The Panda Security service blocks threats arriving via email before they reach companies’ mailboxes and ensures that e-mail is virus-free.
Panda Security’s TrustLayer Mail includes technology that combines signature-based protection with a system for consulting a global network of continuously updated security servers. The application of this system helps detect 98.5 percent of all spam and returns a false positive ratio of just 1 in every 27,905 messages processed. This data has been compiled from the networks protected by TrustLayer Mail during the solution’s trial phase.
The TrustLayer system architecture offers has been designed to offer maximum availability (99.99%) to ensure an uninterrupted message delivery service. It is supported by a team of experts, day and night, monitoring the 24x7 mail service and resolving any incidents.
The service is provided from one of the Managed Data Centers of Spain’s largest telecoms Telefonica.
More information on TrustLayer Mail is available at: http://www.pandasecurity.com/trustlayer/default.asp
Panda Security launches the Targeted Attack Alert Service to help protect online banks and businesses against growing cyber threat
10 September, 2007
PandaLabs, Panda’s laboratory, provides clients of the service with detailed forensic reports about any attack and its security implications.
Panda Security has launched its Targeted Attack Alert Service. The service will fight cyber attacks that use malware especially designed to target specific online businesses, which has recently become one of the most dangerous Internet threats. The Web is now a breeding ground for a variety of fraudulent and criminal activity, including theft, identity spoofing or industrial espionage.
The most dangerous attacks are those using banker Trojans, designed to steal confidential bank details, credit card numbers, etc. The additional danger is that they are designed to target specific companies, either directly or by stealing their clients’ personal data, then used to make fraudulent transactions.
In 2006, Trojans accounted for 53 percent of all new malware created, and 20 percent of these were banker Trojans. So far in 2007, there has already been almost 40 percent more attacks than in the whole of 2006.
Panda’s Targeted Attack Alert Service is aimed at the financial sector and online businesses (payment platforms, e-commerce, etc.) and is provided directly by the Antifraud Surveillance Department at PandaLabs. This department is able to monitor the evolution of malicious code, through five million behavioral analysis sensors deployed across more than 150 countries.
Panda’s laboratory also has a network of hidden ‘honeypots’ distributed across cyber-space and a centralized online malware detection and processing service. This allows PandaLabs to detect rapidly any new targeted attack that occurs, and immediately inform the companies involved. This in turn allows banks and companies to take appropriate mitigating action, and prevent catastrophes that could affect millions of clients.
As part of this service, PandaLabs will provide companies with proactive information to help them understand the extent of the attack and its consequences. It will also advise on how to achieve optimum protection.
The Targeted Attack Alert Service operates as follows: all file samples received at PandaLabs are analyzed manually and/or automatically to establish whether they could affect the client. If malware is found, a laboratory technician will analyze how it operates.
If it is deemed to be a real threat, it will be completely analyzed. A fully comprehensive Forensic Report is generated and delivered to the client, detailing the identity of the sample, its monitoring techniques, the methods it uses to capture and steal information, the system it uses to steal data, information where it stores stolen data, the detection routine, observations from the analysis (such as country of origin), the URLs it monitors, the methods it uses to infect the host system, screens it shows, and many more.
The Forensic Report prepared by PandaLabs includes all the characteristics of each attack: malware involved, company under attack, strings detected in the code, technical data, effects and consequences, modus operandi, potential victims, symptoms, etc. This allows the company to better protect itself and its clients.
“Some of the benefits that this service offers to companies in the financial sector include proactive risk management to counter identity theft, identification of compromised users and control of online fraud”, explains Luis Corrons, Technical Director of PandaLabs.
Sales model
The Targeted Attack Alert Service is sold as both an annual subscription and as report packs.
PandaLabs, Panda’s laboratory, provides clients of the service with detailed forensic reports about any attack and its security implications.
Panda Security has launched its Targeted Attack Alert Service. The service will fight cyber attacks that use malware especially designed to target specific online businesses, which has recently become one of the most dangerous Internet threats. The Web is now a breeding ground for a variety of fraudulent and criminal activity, including theft, identity spoofing or industrial espionage.
The most dangerous attacks are those using banker Trojans, designed to steal confidential bank details, credit card numbers, etc. The additional danger is that they are designed to target specific companies, either directly or by stealing their clients’ personal data, then used to make fraudulent transactions.
In 2006, Trojans accounted for 53 percent of all new malware created, and 20 percent of these were banker Trojans. So far in 2007, there has already been almost 40 percent more attacks than in the whole of 2006.
Panda’s Targeted Attack Alert Service is aimed at the financial sector and online businesses (payment platforms, e-commerce, etc.) and is provided directly by the Antifraud Surveillance Department at PandaLabs. This department is able to monitor the evolution of malicious code, through five million behavioral analysis sensors deployed across more than 150 countries.
Panda’s laboratory also has a network of hidden ‘honeypots’ distributed across cyber-space and a centralized online malware detection and processing service. This allows PandaLabs to detect rapidly any new targeted attack that occurs, and immediately inform the companies involved. This in turn allows banks and companies to take appropriate mitigating action, and prevent catastrophes that could affect millions of clients.
As part of this service, PandaLabs will provide companies with proactive information to help them understand the extent of the attack and its consequences. It will also advise on how to achieve optimum protection.
The Targeted Attack Alert Service operates as follows: all file samples received at PandaLabs are analyzed manually and/or automatically to establish whether they could affect the client. If malware is found, a laboratory technician will analyze how it operates.
If it is deemed to be a real threat, it will be completely analyzed. A fully comprehensive Forensic Report is generated and delivered to the client, detailing the identity of the sample, its monitoring techniques, the methods it uses to capture and steal information, the system it uses to steal data, information where it stores stolen data, the detection routine, observations from the analysis (such as country of origin), the URLs it monitors, the methods it uses to infect the host system, screens it shows, and many more.
The Forensic Report prepared by PandaLabs includes all the characteristics of each attack: malware involved, company under attack, strings detected in the code, technical data, effects and consequences, modus operandi, potential victims, symptoms, etc. This allows the company to better protect itself and its clients.
“Some of the benefits that this service offers to companies in the financial sector include proactive risk management to counter identity theft, identification of compromised users and control of online fraud”, explains Luis Corrons, Technical Director of PandaLabs.
Sales model
The Targeted Attack Alert Service is sold as both an annual subscription and as report packs.
PandaLabs analyses the new models of cyber-crime in its Q2-2007 report
5 September, 2007
The increase in malicious code and illegal activity on the Web has caused the creation of a malware black-market and a new type of highly specialized and professional cyber-criminals
PandaLabs’ report on malware activity in the second quarter of 2007 takes a close look at the new criminal business models on the Web. This report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
“In recent months we have witnessed the growing professionalization of digital crime. The first step for cyber-crooks was when they started looking for profits from their activity instead of just notoriety. Now they are creating a vast online malware market, where there are even specialized segments. New business models are appearing, as we speak”, explains Luis Corrons, Technical Director of PandaLabs.
In this new market there are criminals specialized in creating malicious code, with some dedicated to distributing them and others simply renting them out. As with any established market, there is now even competition between vendors of tools and services.
One of these new illicit businesses is the generation and sale of specific tools for cyber-crooks, allowing them to build malware, or even manage botnets, etc. PandaLabs has dedicated part of its quarterly report to an analysis of the type of tools that allow malware to be distributed using exploits. Criminals use these tools to take advantage of design flaws in web pages, manipulating the site and infecting users.
The PandaLabs report offers several examples of the prices being paid on the Internet for the products and services traded between cyber-crooks. Contracting a denial of service attack can cost between £5 and £10 per hour, while a spam server can be rented for £250 a day and a list of 32 million email accounts fetches around £750, according to the anti-malware laboratory at Panda Security.
“With the data we have, we can even confirm that there are people online selling official documentation such as passports, work permits, etc.”, says Luis Corrons.
This full report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
The increase in malicious code and illegal activity on the Web has caused the creation of a malware black-market and a new type of highly specialized and professional cyber-criminals
PandaLabs’ report on malware activity in the second quarter of 2007 takes a close look at the new criminal business models on the Web. This report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
“In recent months we have witnessed the growing professionalization of digital crime. The first step for cyber-crooks was when they started looking for profits from their activity instead of just notoriety. Now they are creating a vast online malware market, where there are even specialized segments. New business models are appearing, as we speak”, explains Luis Corrons, Technical Director of PandaLabs.
In this new market there are criminals specialized in creating malicious code, with some dedicated to distributing them and others simply renting them out. As with any established market, there is now even competition between vendors of tools and services.
One of these new illicit businesses is the generation and sale of specific tools for cyber-crooks, allowing them to build malware, or even manage botnets, etc. PandaLabs has dedicated part of its quarterly report to an analysis of the type of tools that allow malware to be distributed using exploits. Criminals use these tools to take advantage of design flaws in web pages, manipulating the site and infecting users.
The PandaLabs report offers several examples of the prices being paid on the Internet for the products and services traded between cyber-crooks. Contracting a denial of service attack can cost between £5 and £10 per hour, while a spam server can be rented for £250 a day and a list of 32 million email accounts fetches around £750, according to the anti-malware laboratory at Panda Security.
“With the data we have, we can even confirm that there are people online selling official documentation such as passports, work permits, etc.”, says Luis Corrons.
This full report is available at: http://pandalabs.pandasecurity.com/PandaLabs-Quarterly-Report.aspx
Trojans and adware the worst threats in August
According to data from the Panda ActiveScan online antivirus solution, Trojans and adware were the most active threats in August. Specifically, they were responsible for 25.92% and 24.81% respectively of all infections detected. This once again underlines the strategy of cyber-criminals to use this type of malicious code for financial gain.
Worms, responsible for over eight percent of infections, were the third most active type of malware. The other types of malicious code to attack users' systems were backdoors (3.59%) dialers (3.03%), spyware (2.96%) and bots (2.51%).
“The figures in August are similar to those observed in July, suggesting that the prime financial motive of malware creators is unchanged”, explains Luis Corrons, technical director of PandaLabs, who adds: “The versatility of Trojans makes them ideal for this purpose. It’s therefore no surprise that these threats head the ranking of the most active threats”.
With respect to the specific strains of malware that were most active last month, in first place comes Downloader.MDW. This malicious code downloads other malware onto compromised computers. Second and third places in the list are occupied by two new malicious codes: the ZLFake.A.drp Trojan and the virus ZlFake.A.
Name Previous position
Trj/Downloader.MDW ; 1=
W32/ZLFake.A.drp ; New
W32/ZlFake.A ; New
Trj/Lineage.BZE ; 3 Down
W32/Brontok.H.worm ; 2 Down
Application/SuperFast ; 10 Up
W32/Sdbot.ftp.worm ; 5 Down
W32/Puce.E.worm ; 9 Up
Trj/Dropper.UN ; 7 Down
Trj/Perlovga.A ; 8 Down
In fourth place, down one spot from last month, is Lineage.BZE, a Trojan designed to steal passwords. Similarly, Brontok.H, in fifth place, has dropped down the ranking since the previous month.
On the other hand, the SuperFast PUP (Potentially Unwanted Program) has moved up four places from tenth to sixth.
Sdbot.ftp, the script used by Sdbot worms to infect computers, has dropped down to seventh place. The Puce.E worm is another malicious code that became more active in August, and is now in eighth place.
Finally, two Trojans, Dropper.UN and Perlovga.A came ninth and tenth in the list.
Worms, responsible for over eight percent of infections, were the third most active type of malware. The other types of malicious code to attack users' systems were backdoors (3.59%) dialers (3.03%), spyware (2.96%) and bots (2.51%).
“The figures in August are similar to those observed in July, suggesting that the prime financial motive of malware creators is unchanged”, explains Luis Corrons, technical director of PandaLabs, who adds: “The versatility of Trojans makes them ideal for this purpose. It’s therefore no surprise that these threats head the ranking of the most active threats”.
With respect to the specific strains of malware that were most active last month, in first place comes Downloader.MDW. This malicious code downloads other malware onto compromised computers. Second and third places in the list are occupied by two new malicious codes: the ZLFake.A.drp Trojan and the virus ZlFake.A.
Name Previous position
Trj/Downloader.MDW ; 1=
W32/ZLFake.A.drp ; New
W32/ZlFake.A ; New
Trj/Lineage.BZE ; 3 Down
W32/Brontok.H.worm ; 2 Down
Application/SuperFast ; 10 Up
W32/Sdbot.ftp.worm ; 5 Down
W32/Puce.E.worm ; 9 Up
Trj/Dropper.UN ; 7 Down
Trj/Perlovga.A ; 8 Down
In fourth place, down one spot from last month, is Lineage.BZE, a Trojan designed to steal passwords. Similarly, Brontok.H, in fifth place, has dropped down the ranking since the previous month.
On the other hand, the SuperFast PUP (Potentially Unwanted Program) has moved up four places from tenth to sixth.
Sdbot.ftp, the script used by Sdbot worms to infect computers, has dropped down to seventh place. The Puce.E worm is another malicious code that became more active in August, and is now in eighth place.
Finally, two Trojans, Dropper.UN and Perlovga.A came ninth and tenth in the list.
Malicious toolbars top the list of most common malware
Panda Security informs that almost 28 percent of computers with installed protection scanned at the Infected or Not website (http://www.infectedornot.com) last week were infected by some kind of malicious code. As for computers with no protection installed, the infection percentage was over 40 percent..
MyWebSearch was the malware most frequently detected this week by TotalScan (www.pandasecurity.com/totalscan.com), Panda Security’s online scanner for detecting active and latent malware. MyWebSearch is a PUP (Potentially Unwanted Program) that installs a toolbar that changes results displayed by some search engines to redirect users to certain vendors’ web pages.
There are eight PUPs among the Top Ten malicious codes detected by TotalScan. “One of the reasons for the widespread distribution of this type of malware is the fact that many users think it is harmless. However, it poses a threat to their privacy, and some malware is even capable of downloading other types of malicious code, including Trojans, onto infected systems”, explains Luis Corrons, Technical Director of PandaLabs.
Position Malware type Name
1 PUP MyWebSearch
2 PUP FunWeb
3 PUP KillApp.B
4 PUP HideWindow.S
5 PUP Processor
6 Adware CWS
7 Worm ZLFake.A.drp
8 Adware WhenUSearch
9 PUP RealSpy
10 PUP CloseApp
Of all the new malicious codes analyzed this week by PandaLabs, this week’s report looks at the IRCPass.A backdooor and the MSNFunny.B and Sohanat.CU worms.
IRCPass.A is designed to allow cyber-crooks to take control of computers via HTTP and steal their passwords, for example, passwords saved by the auto-complete feature in Internet Explorer or Opera.
This malicious code opens a system port and waits to receive commands from its creator, who will be notified every time the backdoor infects a computer.
MSNFunny.B spreads through MSN Messenger. To do this, it closes all currently open MSN Messenger windows and sends all the targeted user’s contacts a message with an attached .zip file and a text enticing users to open it. This text can be written in several languages, for example: “lol you got to see this” or “viu este?”.
The worm creates several copies of itself on the system and connects to the Internet to download other malicious codes, like Dialer.KOS and the Sfc.A.mod Trojan.
MSNFunny.B creates a new key in the Windows Registry to run on every system restart and modifies other entries to, for example, disable the Registry editor. It also disables notifications from the firewall and antivirus updates and operating system updates. All this is designed to leave the PC more vulnerable to future attacks.
Sohanat.CU also spreads through instant messaging. To do this, the worm sends random messages to the infected user’s contacts that are connected to the application at the time the malware is run. These messages include: “hot pics this week" or ":D who is beside you in this pic ". Finally, the message shows a link that takes the user to a worm download.
This malware performs malicious actions such as changing the Internet Explorer home page, disabling the option that allows users to change it, or preventing access to the Windows Task Manager. Finally, it edits the Windows Registry to ensure it is run every time the system is started up.
For further information about these and other computer threats, visit Panda Security's Encyclopedia.
If you think your computer might have been infected by malicious code, you can scan it free at http://www.infectedornot.com
MyWebSearch was the malware most frequently detected this week by TotalScan (www.pandasecurity.com/totalscan.com), Panda Security’s online scanner for detecting active and latent malware. MyWebSearch is a PUP (Potentially Unwanted Program) that installs a toolbar that changes results displayed by some search engines to redirect users to certain vendors’ web pages.
There are eight PUPs among the Top Ten malicious codes detected by TotalScan. “One of the reasons for the widespread distribution of this type of malware is the fact that many users think it is harmless. However, it poses a threat to their privacy, and some malware is even capable of downloading other types of malicious code, including Trojans, onto infected systems”, explains Luis Corrons, Technical Director of PandaLabs.
Position Malware type Name
1 PUP MyWebSearch
2 PUP FunWeb
3 PUP KillApp.B
4 PUP HideWindow.S
5 PUP Processor
6 Adware CWS
7 Worm ZLFake.A.drp
8 Adware WhenUSearch
9 PUP RealSpy
10 PUP CloseApp
Of all the new malicious codes analyzed this week by PandaLabs, this week’s report looks at the IRCPass.A backdooor and the MSNFunny.B and Sohanat.CU worms.
IRCPass.A is designed to allow cyber-crooks to take control of computers via HTTP and steal their passwords, for example, passwords saved by the auto-complete feature in Internet Explorer or Opera.
This malicious code opens a system port and waits to receive commands from its creator, who will be notified every time the backdoor infects a computer.
MSNFunny.B spreads through MSN Messenger. To do this, it closes all currently open MSN Messenger windows and sends all the targeted user’s contacts a message with an attached .zip file and a text enticing users to open it. This text can be written in several languages, for example: “lol you got to see this” or “viu este?”.
The worm creates several copies of itself on the system and connects to the Internet to download other malicious codes, like Dialer.KOS and the Sfc.A.mod Trojan.
MSNFunny.B creates a new key in the Windows Registry to run on every system restart and modifies other entries to, for example, disable the Registry editor. It also disables notifications from the firewall and antivirus updates and operating system updates. All this is designed to leave the PC more vulnerable to future attacks.
Sohanat.CU also spreads through instant messaging. To do this, the worm sends random messages to the infected user’s contacts that are connected to the application at the time the malware is run. These messages include: “hot pics this week" or ":D who is beside you in this pic ". Finally, the message shows a link that takes the user to a worm download.
This malware performs malicious actions such as changing the Internet Explorer home page, disabling the option that allows users to change it, or preventing access to the Windows Task Manager. Finally, it edits the Windows Registry to ensure it is run every time the system is started up.
For further information about these and other computer threats, visit Panda Security's Encyclopedia.
If you think your computer might have been infected by malicious code, you can scan it free at http://www.infectedornot.com
Up to 59% of companies could have active malware on their networks, according to data gathered by Malware Radar
Some 59% of companies that scanned between 20 and 30,000 PCs with Malware Radar had active malware on their computers, according to Panda Security’s Malware Radar, an online, on-demand, automated malware audit service for businesses.
The increase in malware and the need for companies to have additional protection is reflected in the data gathered by Malware Radar from over 4,500 companies of all sizes. Active malicious code was found in almost half (47%) of companies that audited between 10 and 19 computers. 37% of companies that scanned between 5 and 9 computers had malware running at the time of the scan. As for companies that scanned between 1 and 4 computers, active malware was found in 35% of cases.
Detection ratios
Companies
With active malware
1 to 4 PCs
35%
5 PCs or more
37%
10 PCs or more
47%
20 PCs or more
59%
“This spectacular increase in the amount of malicious code in circulation (PandaLabs detected as much malware in 2006 as in the previous 15 years combined) has shown that traditional solutions are no longer enough. Panda offers companies a new security model based on complementing solutions already installed on desktops and servers. The model features periodic scans with Malware Radar, capable of finding and removing even the malware that evades traditional solutions”, explains Borja Bonilla, Malware Radar Product Manager.
The Malware Rader detects and eliminates all malicious code (viruses, Trojans, spyware...) installed on corporate networks and also identifies security flaws in computers. It is based on a new Collective Intelligence system developed by Panda Research and housed in a network of data centers. The system is based on three key factors:
1) Collection of data from the community. The system centrally collects and stores behavioral patterns of programs, file traces, new malware samples, etc. This data comes from Panda users, and from other companies and collaborators. This extensive capacity to collect information provides greater visibility of active Internet threats.
2) Automatic leverage of data. The system automatically analyzes and classifies the thousands of new samples received every day. To do this, an expert system correlates the data received from the user community with PandaLab’s extensive malware knowledge base. The system automatically returns verdicts (malware or goodware) on the new files received, thereby drastically reducing the manual workload at PandaLabs.
3) Making the knowledge available. This knowledge is delivered to users as Web services or through signature file updates.
As it’s an online service, it does not require installation on computers; simply a computer with an Internet connection is enough to scan the corporate network.
Malware Radar is not only compatible with any anti-malware solution installed on the computer, but complements them to improve network security. The service is also transparent to the end-user and resource usage can be adapted to the administrator's preferences.
Free trials of Malware Radar, as well as the full product, are available online from http://www.malwareradar.com.
The increase in malware and the need for companies to have additional protection is reflected in the data gathered by Malware Radar from over 4,500 companies of all sizes. Active malicious code was found in almost half (47%) of companies that audited between 10 and 19 computers. 37% of companies that scanned between 5 and 9 computers had malware running at the time of the scan. As for companies that scanned between 1 and 4 computers, active malware was found in 35% of cases.
Detection ratios
Companies
With active malware
1 to 4 PCs
35%
5 PCs or more
37%
10 PCs or more
47%
20 PCs or more
59%
“This spectacular increase in the amount of malicious code in circulation (PandaLabs detected as much malware in 2006 as in the previous 15 years combined) has shown that traditional solutions are no longer enough. Panda offers companies a new security model based on complementing solutions already installed on desktops and servers. The model features periodic scans with Malware Radar, capable of finding and removing even the malware that evades traditional solutions”, explains Borja Bonilla, Malware Radar Product Manager.
The Malware Rader detects and eliminates all malicious code (viruses, Trojans, spyware...) installed on corporate networks and also identifies security flaws in computers. It is based on a new Collective Intelligence system developed by Panda Research and housed in a network of data centers. The system is based on three key factors:
1) Collection of data from the community. The system centrally collects and stores behavioral patterns of programs, file traces, new malware samples, etc. This data comes from Panda users, and from other companies and collaborators. This extensive capacity to collect information provides greater visibility of active Internet threats.
2) Automatic leverage of data. The system automatically analyzes and classifies the thousands of new samples received every day. To do this, an expert system correlates the data received from the user community with PandaLab’s extensive malware knowledge base. The system automatically returns verdicts (malware or goodware) on the new files received, thereby drastically reducing the manual workload at PandaLabs.
3) Making the knowledge available. This knowledge is delivered to users as Web services or through signature file updates.
As it’s an online service, it does not require installation on computers; simply a computer with an Internet connection is enough to scan the corporate network.
Malware Radar is not only compatible with any anti-malware solution installed on the computer, but complements them to improve network security. The service is also transparent to the end-user and resource usage can be adapted to the administrator's preferences.
Free trials of Malware Radar, as well as the full product, are available online from http://www.malwareradar.com.
Panda Security’s new consumer solutions protect against malware distributed from web pages
Panda’s solutions detect infection attempts launched from web pages, warning users and blocking the attacks.
Panda Security’s new consumer solutions (Panda Antivirus 2008, Panda Antivirus+Firewall 2008 and Panda Internet Security 2008) include a technology that allows detecting infection attempts from web pages. If a user’s security is compromised on visiting a web page, then the Panda solutions warn them and stop the attack.
Panda consumer solutions can detect scripts (sections of malicious code written in languages like JavaScript and designed to exploit vulnerabilities on computers) hosted on web pages that are trying to infect the user’s system. If this happens, users are warned that their security is at risk and that they must leave the web page.
“Cases like Mpack, a tool for installing malware through exploits which distributed malware from over 350,000 web pages, highlights the importance of having a tool that can protect users from this type of infection”, explains Almike Santisteban, Consumer Product Manager at Panda Security.
Panda Security consumer solutions can also detect vulnerabilities existing on users’ computers and report them so they can be patched. In this way, protection against malware hosted on web pages is further reinforced.
“These malicious codes exploit design flaws in programs to infect computers. If users keep their computers up-to-date, codes like those will be useless. We help users protect themselves by warning them against vulnerabilities on their computers”, says Santisteban.
This protection is complemented with blocking of malicious URLs. The system consists of a blacklist of pages that try to download spyware onto computers. If a user tries to access any of these pages, the Panda solutions will prevent them from doing so, warning them of the implicit risk.
“You must take into account that, on many occasions, the pages that download malware are legitimate pages which, due to a design flaw, are used by cyber-crooks to insert their creations in them and infect visitors. For this reason, it‘s essential that you have a good security solution that can warn you when you are in danger”, concludes Santisteban.
Panda Security’s new consumer solutions (Panda Antivirus 2008, Panda Antivirus+Firewall 2008 and Panda Internet Security 2008) include a technology that allows detecting infection attempts from web pages. If a user’s security is compromised on visiting a web page, then the Panda solutions warn them and stop the attack.
Panda consumer solutions can detect scripts (sections of malicious code written in languages like JavaScript and designed to exploit vulnerabilities on computers) hosted on web pages that are trying to infect the user’s system. If this happens, users are warned that their security is at risk and that they must leave the web page.
“Cases like Mpack, a tool for installing malware through exploits which distributed malware from over 350,000 web pages, highlights the importance of having a tool that can protect users from this type of infection”, explains Almike Santisteban, Consumer Product Manager at Panda Security.
Panda Security consumer solutions can also detect vulnerabilities existing on users’ computers and report them so they can be patched. In this way, protection against malware hosted on web pages is further reinforced.
“These malicious codes exploit design flaws in programs to infect computers. If users keep their computers up-to-date, codes like those will be useless. We help users protect themselves by warning them against vulnerabilities on their computers”, says Santisteban.
This protection is complemented with blocking of malicious URLs. The system consists of a blacklist of pages that try to download spyware onto computers. If a user tries to access any of these pages, the Panda solutions will prevent them from doing so, warning them of the implicit risk.
“You must take into account that, on many occasions, the pages that download malware are legitimate pages which, due to a design flaw, are used by cyber-crooks to insert their creations in them and infect visitors. For this reason, it‘s essential that you have a good security solution that can warn you when you are in danger”, concludes Santisteban.
£600 to become a cyber-crook
This is all needed for Web criminals to earn millions of pounds. Hundreds of Internet pages and forums offer tools needed to infect users.
A Trojan costs between £175 and £350, while lists with one million email addresses are sold for £50.
Just over six hundred pounds can buy a cyber-crook the tool needed to turn malicious action into financial profit, according to data from PandaLabs. This is thanks to a black market on the Web where malicious code and tools are available at knock-down prices.
All types of crimeware tools can be bought on hundreds of forums. Even though most Web pages are located in Eastern Europe, Internet mafia networks extend worldwide.
Buying malware
If a cyber-crook wanted to buy a Trojan, say, he would only have to shell out between £175 and £350. A password stealer Trojan for example, costs £300, and a Limbo Trojan–with less features- costs around £250, although they have been sold for as little as £175. They both steal passwords to access online banks. Cyber-crooks would have to pay £250 for a Trojan that captures payment platform accounts, such as Webmoney, although there are often ‘special offers’. In one case, the first 100 buyers only had to pay £200.
The next step is to get a list of email addresses to distribute the Trojan. For this, they only have to visit another web page, where they can get mailing lists of all sizes. Prices vary from £50 per million addresses to £750 for 32 million. If they also want to send links that download the Trojan to instant messaging users, they can buy a million ICQ addresses for £75.
The next step? Making sure antivirus programs will not detect the malicious code. For between one and five dollars per hidden executable, they can hire a service that protects the malware against security tools. If they want to do it themselves, they can get polymorphic encryption software called Polaris for just £10.
The last step is to send emails to distribute the Trojan. For approximately £250, cyber-crooks can rent a spam server. Then, they just have to wait for the victims to be infected.
The profitability of malware
A few simple calculations are all that’s needed to underline how lucrative this activity can be. If a Trojan costs £250 and a million-address mailing list costs around £50, that means £300 is enough to infect a million people. Then add a £10 encryption program and a £250 spam server. With almost a 10 percent (really low) success rate, hackers could infect 100,000 people.
If they then managed to steal bank details from 10 percent of them, it would mean access to 10,000 bank accounts. Just imagine the money the average person has in a current account and multiply it by 10,000 to calculate the cyber-crooks’ profits.
However, emptying thousands of accounts would be very suspicious and crooks seek to obtain money invisibly. They, therefore, only take a small sum of money from each account, a hundred pounds, for example. Multiplied by 10,000, it still totals a million pounds. In other words, cyber-crooks can become millionaires with a £600 investment in very little time. Bearing in mind that very low success ratios were used in the calculations, the amount could be higher in real life.
If you think your computer might have been infected by these or other malicious codes, you can scan it free at www.nanoscan.com
A Trojan costs between £175 and £350, while lists with one million email addresses are sold for £50.
Just over six hundred pounds can buy a cyber-crook the tool needed to turn malicious action into financial profit, according to data from PandaLabs. This is thanks to a black market on the Web where malicious code and tools are available at knock-down prices.
All types of crimeware tools can be bought on hundreds of forums. Even though most Web pages are located in Eastern Europe, Internet mafia networks extend worldwide.
Buying malware
If a cyber-crook wanted to buy a Trojan, say, he would only have to shell out between £175 and £350. A password stealer Trojan for example, costs £300, and a Limbo Trojan–with less features- costs around £250, although they have been sold for as little as £175. They both steal passwords to access online banks. Cyber-crooks would have to pay £250 for a Trojan that captures payment platform accounts, such as Webmoney, although there are often ‘special offers’. In one case, the first 100 buyers only had to pay £200.
The next step is to get a list of email addresses to distribute the Trojan. For this, they only have to visit another web page, where they can get mailing lists of all sizes. Prices vary from £50 per million addresses to £750 for 32 million. If they also want to send links that download the Trojan to instant messaging users, they can buy a million ICQ addresses for £75.
The next step? Making sure antivirus programs will not detect the malicious code. For between one and five dollars per hidden executable, they can hire a service that protects the malware against security tools. If they want to do it themselves, they can get polymorphic encryption software called Polaris for just £10.
The last step is to send emails to distribute the Trojan. For approximately £250, cyber-crooks can rent a spam server. Then, they just have to wait for the victims to be infected.
The profitability of malware
A few simple calculations are all that’s needed to underline how lucrative this activity can be. If a Trojan costs £250 and a million-address mailing list costs around £50, that means £300 is enough to infect a million people. Then add a £10 encryption program and a £250 spam server. With almost a 10 percent (really low) success rate, hackers could infect 100,000 people.
If they then managed to steal bank details from 10 percent of them, it would mean access to 10,000 bank accounts. Just imagine the money the average person has in a current account and multiply it by 10,000 to calculate the cyber-crooks’ profits.
However, emptying thousands of accounts would be very suspicious and crooks seek to obtain money invisibly. They, therefore, only take a small sum of money from each account, a hundred pounds, for example. Multiplied by 10,000, it still totals a million pounds. In other words, cyber-crooks can become millionaires with a £600 investment in very little time. Bearing in mind that very low success ratios were used in the calculations, the amount could be higher in real life.
If you think your computer might have been infected by these or other malicious codes, you can scan it free at www.nanoscan.com
Subscribe to:
Posts (Atom)
