In Rogues We Trust: Webroot survey reveals internet users of all skill levels fall for cybercriminals tricky tactics
Webroot Also Finds 2 Out of Every 10 Threats Detected in August Were Fake Security Alerts & Products
Computer-savvy consumers are more susceptible than novices to “fake alerts” and rogue security products – bogus malware infection warnings and malicious programs masquerading as legitimate security applications – according to a new survey from Webroot, a leading provider of Internet security for the consumer, enterprise and SMB markets.
Surveying nearly 1,200 individuals ranging in age and computer proficiency levels, Webroot explored the risks and consequences of infection by malware associated with fake alerts. Among the key findings:
– Advanced users clicked on suspicious messages at a greater rate than less experienced users
– 20 percent of respondents strongly trust the first page of search results – a common target for fraudulent links
– Nearly one fifth reported varying levels of financial or data loss following infection
– Over half experienced infections consistent with those of fake alert-related malware
“Cybercriminals prey on our curiosity,” said Mike Kronenberg, chief technology officer of Webroot’s Consumer Business Unit. “Links to seemingly real search results and videos — and now even ads on reputable news sites – trigger fake warnings claiming you’re infected or need ‘Home Antivirus 2010′ or another bogus product. And business must be booming for these thieves, judging from the rapid rate at which Webroot is seeing new programs and variants created in an attempt to bypass security technology. But with the right education, vigilance and technology, consumers can take steps to protect themselves.”
The Anatomy of a Fake Alert
Webroot has seen a rise in the incidence of fake alerts and rogue security products. According to the Webroot Threat Research team, two out of every 10 threats detected by Webroot’s products in the month of August were associated with fake alerts and rogue security products.
The appearance of fake alerts changes frequently. Ranging from phony Windows Security Center warnings to notifications for security scans and viewer or codec downloads, each is designed to appear legitimate and urgent. According to the Webroot Threat Research team, Internet users can encounter fake alerts through three main vectors:
– Fraudulent links appearing at or near the top of search results. For example, on Monday Webroot found that a search for news stories about the arrest of film director Roman Polanski yielded links that redirected to a fake security scan and to “Windows PC Defender,” a known rogue security product.
– Phony file links. Webroot recently reported on its Threat Blog that the Koobface worm is now sending phony video links, seemingly from a friend, to members of Facebook, MySpace, Twitter and other social networks. The links trigger viewer download messages that activate infection when clicked.
– Ads on legitimate Web sites. Webroot researchers recently investigated the origins of a bogus ad on NYTimes.com earlier this month which contained code leading to a fake alert and rogue product.
Key Findings
Results from the Webroot survey indicate a general lack of awareness of fake alerts and rogue security products, a higher rate of engagement among advanced and power users, and costly and inconvenient consequences of infection.
Lack of awareness leaves individuals vulnerable:
– 20 percent strongly agree the first page of search results includes trustworthy links
– 40 percent did not know the meaning of “fake alerts,” and 69 percent were unfamiliar with “rogue security products”
– 25 percent clicked on links to unfamiliar sites
– 13 percent clicked on pop-up messages requiring the download of a special viewer or codec
Experienced computer users are more susceptible:
– Over 50 percent of advanced users encountered a fake Windows Security enter alert, versus 33 percent of novice users
– 26 percent of advanced users encountered a fake security scan, compared to approximately 10 percent of less experienced users
– 23 percent of advanced users clicked on a fake alert and in some cases purchased rogue security products; conversely, 10 percent of novice users did the same
Clicking a fake alert can lead to consequences ranging from nuisance to costly:
– 43 percent of respondents experienced ongoing pop-up messages after clicking
– 26 percent had to have their computers repaired
– 11 percent lost files and documents following infection
– 8 percent had to purchase a new computer or experienced unauthorized credit card charges
Tips for Safer Surfing
Webroot recommends the following actions to protect against the risks and consequences of fake alerts:
Be vigilant – Do not click pop-up security alerts from unfamiliar companies, or poorly worded messages from known providers. Only purchase security products from reputable companies. Check for links to familiar sites among search engine results. On social networks, do not follow suspicious video links from “friends,” or emails, friend requests, site links and other items from unknown sources
Even with security programs in place, remain vigilant – Malware authors are continually writing new programs to avoid detection, so pay close attention to suspicious behavior
Always install updates – Equally if not more important, if you’re using antimalware software, be sure to install updates which include the latest malware definitions to protect you from new variants of known threats; do the same with updates to your operating system
If you’re not protected – Scan your machine for dormant viruses with a free scan; and protect your PC with an Internet security suite that includes antivirus, antispyware, and firewall technologies
Webroot offers several comprehensive Internet security solutions for consumers including Webroot® AntiVirus with Spy Sweeper®, and Webroot® Internet Security Essentials. For more information about these and other products, please visit http://www.webroot.com/En_US/consumer.html.
Panda Security announces Windows 7 compatibility for all 2010 Consumer Solutions
Users can download free beta version from http://www.pandasecurity.com/windows7
Panda Security, the Cloud Security Company, announced that PandaLabs, the company’s laboratory for detecting and analyzing malware, has launched a beta version of its Panda 2010 security solutions to be compatible with the Windows 7 beta. Users who have installed the beta version of the new Microsoft operating system will benefit from the best protection against malware. The general release version will be available as soon as the new operating system is launched on October 22.
Panda’s 2010 solutions use Collective Intelligence, the company’s exclusive cloud-computing technology, to leverage the knowledge gathered from the community of millions of Panda users around the world. Each new file received is classified automatically within six minutes. The Collective Intelligence servers automatically classify more than 50,000 new malware samples every day. These technologies correlate information on malware received from each computer to continuously improve the protection level for the worldwide community of users. In addition, Panda’s 2010 solutions have perpetual, real-time contact with this vast knowledge base, guaranteeing users the fastest response against new malware that appears every day.
The new Panda 2010 solutions, recently launched on the market, are designed specifically to offer maximum protection with minimum resource consumption. The new 2010 product line has achieved an 80 percent performance improvement compared to previous versions. Panda’s new retail solutions also deliver 60 percent improved browsing speed and 40 percent improved download speed over previous versions, consuming just 8 MB of PC memory.
Microsoft unveils Microsoft Project 2010
Part of the next wave of Office-related products, Microsoft Project 2010 helps customers reduce costs, improve efficiency, and simplify project and portfolio management.
Microsoft Corp. announced that the public beta of Microsoft Project 2010 will become available later this year, and revealed the product’s enhanced project and portfolio management features for the first time. Microsoft also disclosed packaging information that streamlines the number of Microsoft Project editions from four to three. Starting today, customers can pre-register for the Microsoft Project 2010 beta at http://www.microsoft.com/project/2010.
“Microsoft Project 2010 is the most significant release of Microsoft Project in over a decade,” said Chris Capossela, senior vice president of the Information Worker Product Management Group at Microsoft. “The fresh, simple and intuitive features of Microsoft Project 2010 will enable teams and organizations of all sizes to select and deliver the right projects on time and on budget.”
Microsoft Project 2010 builds on the Microsoft Office Project 2007 foundation with flexible work management solutions and the right collaboration tools for occasional and professional project managers, and includes a pathway to more advanced project and portfolio management capabilities as business needs evolve.
The release of Microsoft Project 2010 comes at a time when the industry is gaining steam. According to IDC, the project and portfolio management market will see growth as companies will rely on project and portfolio management tools to analyze their current and future project performance.*
Microsoft Project 2010 helps organizations reduce costs by enabling smarter and more informed decisions about budgeting and resource allocation. Through a dramatically enhanced user experience, Microsoft Project 2010 also drives team productivity with integration across familiar Microsoft technologies including Microsoft SharePoint Server and Microsoft Exchange Server. This integration allows a powerful business collaboration platform and proven project and portfolio management to result in a familiar, connected environment for customers to manage the simplest or the most complex projects.
Microsoft will release three editions of Microsoft Project: Microsoft Project Standard 2010, Microsoft Project Professional 2010 and Microsoft Project Server 2010. Key enhancements designed to appeal to both IT administrators and end users include these:
– Unified project and portfolio management with a common user interface and experience across the project life cycle; improved workflow controls that can be customized; better demand management to capture all types of work requests across an organization; and powerful reporting and business intelligence capabilities
– Improved productivity with effective collaboration built on Microsoft SharePoint Server 2010; enhanced collaboration and reporting; integration with Microsoft Outlook 2007 and 2010; and simplified time reporting
– Enhanced user experience and adoption with the familiar Microsoft Office Fluent user interface and new intuitive design; user-controlled scheduling for greater flexibility when creating simple or detailed project plans; the addition of a new timeline view for sequential overview of project schedules; and new Web-based project editing
– A scalable and connected platform with integration across related Microsoft technologies for connected and familiar work management on the PC, mobile phone and browser; better interoperability with third-party systems from updates to the Project Server Interface; 64-bit compatibility for performance improvement; and removal of ActiveX dependency for improved security and ease of deployment across an organization
Microsoft Project 2010 is part of the next wave of Microsoft Office-related products, which includes Microsoft Office 2010, Microsoft SharePoint Server 2010, Microsoft Exchange 2010 and Microsoft Visio 2010, and is designed to give people a consistent experience across devices, making it easier to create and edit documents and collaborate from any location.
Availability
All Microsoft Project Conference registered attendees will receive a free licensed copy of Microsoft Project Professional 2010 after launch; more information is available at http://www.keystoneondemand.com/tour/content/microsoft_project_2010_training. Microsoft Project 2010 will be available in the first half of 2010. More information about Microsoft Project 2010 can be found at http://www.microsoft.com/project.
* Source: IDC: “Worldwide Project and Portfolio Management (PPM) Applications 2009-2013 Forecast: PPM Remains a Profitability Engine in Recession,” Doc # 219381, August 2009
Source: Microsoft Corp.
Panda Security ranks the most dangerous computer threats of the last 20 years
Panda Security, the Cloud Security Company, announced that PandaLabs, the company’s laboratory for detecting and analyzing malware, has issued a ranking of the most dangerous threats to home and business users of the last 20 years. Coinciding with the 20th anniversary of the company, experts from PandaLabs wanted to research the most insidious malware threats that have surfaced in the past two decades.
The following threats have been selected for the notoriety they achieved through widespread epidemic and the damage caused:
– Friday 13 or Jerusalem: Created in Israel in 1988 and first reported in Jerusalem, this supposedly commemorated the 40th anniversary of Israel. Whenever the date was Friday 13, it would delete all programs run on an infected computer.
– Barrotes: The first well-known Spanish virus appeared in 1993. Once on the computer, it would remain hidden until January 5, when it would activate displaying just a series of bars on the monitor.
– Cascade or Falling Letters: Created in Germany in 1997, this virus would make the letters on the screen fall in a cascade whenever it infected a computer.
– CIH or Chernobyl: This virus was produced in Taiwan in 1998, and took just one week to propagate and infect thousands of computers.
– Melissa: First appeared on March 26, 1999 in the USA. This ultra-smart malicious code used social engineering to spread, with a message that read “Here is that document you asked for. . . don’t show anyone else 
”
– ILoveYou or Loveletter: So famous, it hardly needs introduction. This romantic virus emerged from the Philippines in 2000. With the subject ‘ILoveYou’ it infected millions of computers around the world and even hit organizations like the Pentagon.
– Klez: Created in 2001 in Germany, it only infected computers on the 13th of odd months.
– Nimda: The name is basically ‘admin’ spelled backwards, as it was able to create administrator privileges on infected computers. It originated in China on September 18, 2001.
– SQLSlammer: This was another major headache for companies. It first appeared on January 25, 2003, and affected more than half a million servers in just a few days.
– Blaster: This virus, created in the USA on August 11, 2003, contained a message in its code: “I just want to say love you, San!!” (We still don’t know who ‘San’ is), and “Billy gates, why do you make this possible? Stop making money and fix your software”.
– Sobig: This German virus was famous in the summer of 2003. The F variant was the most damaging, it attacked on August 19 of the same year and generated more than 1 million copies of itself.
– Bagle: This emerged on January 18, 2004, and has been one of the most prolific viruses with respect to the number of variants.
– Netsky: This worm also came from Germany in 2004 and exploited vulnerabilities in Internet Explorer. Its creator was also responsible for the notorious Sasser virus.
– Conficker: Last on the list and most recent, it appeared in November 2008. Oddly enough, if your keyboard is configured in Ukrainian, it won’t affect you. . .
Source: Panda Security
Apple premieres iTunes 9
Featuring iTunes LP, Home Sharing, Genius Mixes & Improved Syncing
Apple introduced iTunes 9, the latest version of the world’s most popular software application to purchase, manage and play media, packed with innovative features such as iTunes LP, Home Sharing and Genius Mixes, as well as a redesigned store and improved syncing. iTunes 9 makes it easier than ever to discover, purchase and enjoy your music, movies, TV shows, and apps for iPhone(TM) and iPod touch from Apple’s revolutionary App Store. Plus, Home Sharing now lets you easily transfer songs, movies and TV shows to other computers in your home.
“iTunes 9 is a great iTunes release, with innovative features that make using iTunes better than ever and iTunes content richer than ever,” said Steve Jobs, Apple’s CEO. “iTunes LP, for example, lets artists share more of their creativity with fans and gives music lovers the feeling of being immersed in an entire album with art, lyrics, liner notes, photos and videos.”
iTunes LP is the next evolution of the music album delivering a rich, immersive experience for select albums on the iTunes Store by combining beautiful design with expanded visual features like live performance videos, lyrics, artwork, liner notes, interviews, photos, album credits and more. iTunes LP debuts today with albums including Bob Dylan’s “Highway 61 Revisited,” Norah Jones’ “Come Away With Me,” The Grateful Dead’s “American Beauty” and Dave Matthews Band’s “Big Whiskey and the GrooGrux King: iTunes Pass.” The new iTunes Extras provides a similar experience for movies on iTunes with features including documentaries, deleted scenes, interviews and interactive galleries. iTunes Extras is now available for select movies including “Twilight,” “Batman Begins,” “WALL-E,” “Iron Man” and “The Da Vinci Code.” Customers can enjoy iTunes LP and iTunes Extras on a Mac or PC.
iTunes 9 also introduces Home Sharing, which lets you easily transfer music, movies and TV shows among up to five authorized computers in your home. Family members can now view up to five iTunes libraries on their home network, see only the portion of these libraries they don’t already have, import their favorite content directly to their own libraries, and automatically add new purchases from other computers into their library.
The incredibly popular Genius feature gets even better with Genius Mixes which are created using the results of over 27 million music libraries with over 54 billion songs that have been submitted and analyzed by Genius. The new Genius Mixes feature is like having a “Genius” DJ that automatically generates up to 12 endless mixes of songs from your iTunes library that go great together.
With improved syncing in iTunes 9 and iPhone OS 3.1, you can now organize your iPhone apps right in iTunes and they will automatically appear on your iPhone with the same layout. Plus, syncing music, photos, movies and TV shows is easier than ever with the added ability to sync music by artist and genre and sync photos by Events and Faces. The iTunes Store on iPhone now features precut ringtone downloads with over 20,000 ringtones priced at just $1.29.
iTunes 9 is available immediately as a free download at www.itunes.com.
The iTunes Store is the world’s most popular online music, TV and movie store with a catalog of over 11 million songs, over 50,000 TV episodes and over 7,500 films including over 2,000 in stunning high definition video. With Apple’s legendary ease of use, pioneering features such as iTunes Movie Rentals, integrated podcasting support, the ability to turn previously purchased tracks into complete albums at a reduced price, and seamless integration with iPod and iPhone, the iTunes Store is the best way for Mac and PC users to legally discover, purchase and download music and video online.
Source: Apple