December 20, 2007
PandaLabs, Panda Security’s anti-malware laboratory, has forecast how Internet threats will evolve in 2008.
One of the key factors will be the increase in the amount of known and unknown malware in circulation. If there has already been a notable increase in 2007 compared to previous years, this trend will most likely intensify in 2008.
PandaLabs also expects this growth to affect platforms that have not previously been targeted by cyber-crooks. There could be an increase in threats aimed at Mac systems or VoIP services.
The objectives of threat creators will remain the same as today, i.e, obtaining confidential data for online fraud and theft. Banker Trojans will continue to be present and there will be a significant rise in the number of Trojans designed to steal information from users of social networks (Myspace, Facebook, etc.), and online games. The year 2007 saw this kind of data theft consolidate as a new criminal business model on the Internet.
According to Luis Corrons, technical director of PandaLabs, “The current platforms will not be the only ones under attack. As systems like iphone, gphone, etc., become more popular among users, malware creators will start to use them to spread their creations and obtain benefits”.
Main means of propagation
Over the current year we have seen the increasing use of malware installation kits capable of exploiting vulnerabilities in servers. These would modify web pages that automatically infected the visitors’ computers. Such activities will increase considerably in 2008, as these tools have proven to be very effective when it comes to infecting a large number of systems. Also, cyber-criminals will continue to be on the lookout for new vulnerabilities in operating systems and applications that allow them to install malware without the user’s knowledge.
In addition to this, classic techniques like social engineering will continue to be used although they could adopt new forms: from greeting cards to fake Windows updates, as has occurred recently.
Another means of propagation in 2008 will be the so-called “drive-by download”, which consists of inserting a page that can detect vulnerabilities on target computers to infect them.
More complex malware
Malware attacks have been increasingly sophisticated throughout 2007 in the technological field and there is evidence that new malware is becoming increasingly complex. This complexity stems from the merging of several types of threats, resulting in the appearance of hybrid malware. It appears that this phenomenon will continue over the next year.
PandaLabs notes that malware such as bots or Trojans will be controlled remotely not only through IRC, but also P2P networks or the HTTP protocol. “This is cyber-crooks’ way of ensuring the success of their malicious activities, as this type of system allows communications to be encrypted, making detection harder”, explains Luis Corrons.
Dominic Hoskins, Panda UK, added: “Thanks to Panda Security's Collective Intelligence Model we continue to be able to detect and analyse new threats rapidly and are well prepared to protect our customers. PandaLabs leads the way in threat detection, which is good news for our customers”.
Panda Security offers several free tools for scanning PCs at http://www.infectedornot.com/
Panda Security Seminar Planned for New Year
In-depth assessment of the issues around online fraud in Internet transactions
December 11, 2007
Panda Security is hosting a Security Seminar in January aimed at delivering a detailed assessment of the evolving threat landscape and the impact of malware on business today.
The one-day event will be held at The London Stock Exchange on Friday January 25th 2008, and is aimed at senior IT professionals, Risk Managers and eCommerce Managers in corporate organisations throughout the UK.
Analysis will be provided by Andrew Jaquith at The Yankee Group on the ‘malware paradox: perception vs. reality’ and the seminar will also hear commentary from Panda’s own senior research advisor, Pedro Bustamente on how solutions are being created to address the key issues. Subjects for discussion will include what motivates cyber criminals; just how far the silent malware epidemic reaches; the techniques used in cyber crime; and details of infection ratios in protected systems.
Dominic Hoskins, Country Manager at Panda UK, said: “In the last fortnight alone two major security alerts have dominated national and international headlines, putting computer security at the very top of the agenda. Delegates to the Panda Security Seminar can expect to come away with a very clear understanding of the current situation relating to Internet threats, and more importantly, the means with which to prevent and combat these ever increasing threats to business.”
Delegate places are being offered free of charge on a strictly limited basis, but organisations that rely at any level on online monetary transactions, Internet banking or other online communication where private and confidential data is transferred should contact Panda for more information at http://www.saferdigitalworld.com/.
December 11, 2007
Panda Security is hosting a Security Seminar in January aimed at delivering a detailed assessment of the evolving threat landscape and the impact of malware on business today.
The one-day event will be held at The London Stock Exchange on Friday January 25th 2008, and is aimed at senior IT professionals, Risk Managers and eCommerce Managers in corporate organisations throughout the UK.
Analysis will be provided by Andrew Jaquith at The Yankee Group on the ‘malware paradox: perception vs. reality’ and the seminar will also hear commentary from Panda’s own senior research advisor, Pedro Bustamente on how solutions are being created to address the key issues. Subjects for discussion will include what motivates cyber criminals; just how far the silent malware epidemic reaches; the techniques used in cyber crime; and details of infection ratios in protected systems.
Dominic Hoskins, Country Manager at Panda UK, said: “In the last fortnight alone two major security alerts have dominated national and international headlines, putting computer security at the very top of the agenda. Delegates to the Panda Security Seminar can expect to come away with a very clear understanding of the current situation relating to Internet threats, and more importantly, the means with which to prevent and combat these ever increasing threats to business.”
Delegate places are being offered free of charge on a strictly limited basis, but organisations that rely at any level on online monetary transactions, Internet banking or other online communication where private and confidential data is transferred should contact Panda for more information at http://www.saferdigitalworld.com/.
New Zealand botnet crackdown dangerous despite 2007 bots drop
December 3, 2007
Panda Security warns that the number of malicious bots has declined in 2007 from 3.46% to 2.25%¹ but their high profile financial notoriety continues to cause significant damage as it was exposed in recent botnet crackdown in New Zealand².
The botnet took control over estimated 1.3 million computers and illegally embezzled £12.1m.
Bots remain top dangerous malicious code picked up on the internet despite steady decline during the second and third quarters of 2007.
“Botnets continue to grab headlines because of their massive scale and impact. The botnet crackdown in New Zealand is only tip of the iceberg. The majority of people with compromised computers do not even know their computers are being used for criminal activity. They themselves may not be financially affected but their computers are used to steal saleable personal data from others, or simply act as relays for spam and phishing”, said Dominic Hoskins, Panda Security UK.
Bots are operated by organized international cyber-crime groups and remain at the heart of botnets considered one of the most lucrative e-crime business models at the moment.
Bots first reach computers in emails that use social engineering and exploit system vulnerabilities. They then get installed silently and operate for long periods until they turn computers into zombies that become part of a larger network.
Dominic Hoskins said: “There is an underground market for renting bots to send spam or install spyware or adware and a zombie spam server will go for as little as £250”.
Botnets also flood websites with data to knock them offline. The launch of iPhone, for instance, was exploited by a botnet made up of over 7,500 zombie computers. In effect, users of infected computers were taken to a spoof “official” iPhone page and had their bank details exploited.
Bots have evolved over the last year and so the way they are controlled is changing too. Until now, most of them have been controlled through IRC servers, which was useful for controlling isolated computers and allowed attackers to send orders while hiding behind the anonymity of chat servers. Now, bots can be controlled through Web consoles using HTTP, which helps control many computers at the same time, and allows checking if and when computers are online or whether the commands have been executed correctly.
Bots can be best prevented by security solutions that rely on proactive technologies but companies are also strongly advised to carry out additional periodic online security audits³.
¹ Source: PandaLabs: Bots infection rate.
JANUARY 2007: 3.46%
FEBRUARY 2007: 3.43%
MARCH 2007: 3.58%
APRIL 2007: 3.28%
MAY 2007: 3.37%
JUNE 2007: 2.74%
JULY 2007: 2.32%
AUGUST 2007: 2.51%
SEPTEMBER 2007: 2.48%
OCTOBER 2007: 2.33%
NOVEMBER 2007: 2.25%
² Source: Bloomberg.com http://www.bloomberg.com/apps/news?pid=20601081&sid=aJga1tAIS7zM&refer=australia
³ Panda Security offers Malware Radar, the first exhaustive and automated online security audit service. Malware Radar relies on a new Collective Intelligence approach managed by PandaLabs. Collective Intelligence is based on exhaustive remote, centralized, and real-time knowledge about malware and non-malicious applications maintained through the automatic processing of all scanned elements. The Collective Intelligence approach provides the ability to maximize malware detection capabilities, while at the same time, minimizing the resource and bandwidth consumption of protected systems. One of the main benefits of this approach is the automation of the entire malware detection and protection cycle, including collection, analysis, classification and remediation. Collective Intelligence provides visibility and knowledge into the processes running on all of the computers scanned. This broad visibility of the community -- in addition to automation -- is what delivers the ability to tackle not only the large volumes of new malware, but also targeted attacks.
Panda Security warns that the number of malicious bots has declined in 2007 from 3.46% to 2.25%¹ but their high profile financial notoriety continues to cause significant damage as it was exposed in recent botnet crackdown in New Zealand².
The botnet took control over estimated 1.3 million computers and illegally embezzled £12.1m.
Bots remain top dangerous malicious code picked up on the internet despite steady decline during the second and third quarters of 2007.
“Botnets continue to grab headlines because of their massive scale and impact. The botnet crackdown in New Zealand is only tip of the iceberg. The majority of people with compromised computers do not even know their computers are being used for criminal activity. They themselves may not be financially affected but their computers are used to steal saleable personal data from others, or simply act as relays for spam and phishing”, said Dominic Hoskins, Panda Security UK.
Bots are operated by organized international cyber-crime groups and remain at the heart of botnets considered one of the most lucrative e-crime business models at the moment.
Bots first reach computers in emails that use social engineering and exploit system vulnerabilities. They then get installed silently and operate for long periods until they turn computers into zombies that become part of a larger network.
Dominic Hoskins said: “There is an underground market for renting bots to send spam or install spyware or adware and a zombie spam server will go for as little as £250”.
Botnets also flood websites with data to knock them offline. The launch of iPhone, for instance, was exploited by a botnet made up of over 7,500 zombie computers. In effect, users of infected computers were taken to a spoof “official” iPhone page and had their bank details exploited.
Bots have evolved over the last year and so the way they are controlled is changing too. Until now, most of them have been controlled through IRC servers, which was useful for controlling isolated computers and allowed attackers to send orders while hiding behind the anonymity of chat servers. Now, bots can be controlled through Web consoles using HTTP, which helps control many computers at the same time, and allows checking if and when computers are online or whether the commands have been executed correctly.
Bots can be best prevented by security solutions that rely on proactive technologies but companies are also strongly advised to carry out additional periodic online security audits³.
¹ Source: PandaLabs: Bots infection rate.
JANUARY 2007: 3.46%
FEBRUARY 2007: 3.43%
MARCH 2007: 3.58%
APRIL 2007: 3.28%
MAY 2007: 3.37%
JUNE 2007: 2.74%
JULY 2007: 2.32%
AUGUST 2007: 2.51%
SEPTEMBER 2007: 2.48%
OCTOBER 2007: 2.33%
NOVEMBER 2007: 2.25%
² Source: Bloomberg.com http://www.bloomberg.com/apps/news?pid=20601081&sid=aJga1tAIS7zM&refer=australia
³ Panda Security offers Malware Radar, the first exhaustive and automated online security audit service. Malware Radar relies on a new Collective Intelligence approach managed by PandaLabs. Collective Intelligence is based on exhaustive remote, centralized, and real-time knowledge about malware and non-malicious applications maintained through the automatic processing of all scanned elements. The Collective Intelligence approach provides the ability to maximize malware detection capabilities, while at the same time, minimizing the resource and bandwidth consumption of protected systems. One of the main benefits of this approach is the automation of the entire malware detection and protection cycle, including collection, analysis, classification and remediation. Collective Intelligence provides visibility and knowledge into the processes running on all of the computers scanned. This broad visibility of the community -- in addition to automation -- is what delivers the ability to tackle not only the large volumes of new malware, but also targeted attacks.
Subscribe to:
Posts (Atom)
