• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • February 2012
  • January 2012
  • December 2011
  • November 2011
  • October 2011
  • September 2011
  • August 2011
  • July 2011
  • June 2011
  • May 2011
  • April 2011
  • March 2011
  • February 2011
  • January 2011
  • December 2010
  • November 2010
  • October 2010
  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML
Tweet

Banker Trojans comprised more than 60 percent of new threats created in Q1

PandaLabs Q1 report shows resurgence in traditional viruses after decline in recent years

BlackHat SEO attacks using Apple and Facebook are among cybercriminals preferred strategies

Panda Security involved in takedown of Mariposa, one of the largest botnets on record

PandaLabs  has published its Q1 2010 report, analyzing the IT security events and incidents of the first three months of the year. The report can be downloaded for free at: http://www.pandasecurity.com/homeusers/security-info/tools/reports.htm.

As forecasted by PandaLabs, the amount of new malware in circulation has continued to increase at a record pace. In this first quarter, the most prevalent category was once again banker Trojans, accounting for 61 percent of all new malware. Interestingly, the second most prevalent type was traditional viruses, comprising more than 15 percent of all malware, despite having shown a dramatic decrease in recent years. A graph of the types of malware samples received by PandaLabs in Q1 is available at: http://www.flickr.com/photos/panda_security/4461973069/

“The growing prevalence of banker Trojans signals to us that online accounts for both consumers and businesses continue to be increasingly attractive financial targets for cybercriminals,” said Sean-Paul Correll, threat researcher at PandaLabs. “In addition, the widespread availability of DIY kits online has spurred new, less technical individuals into the cybercrime business as evidenced by the Mariposa case. The simultaneous growth in traditional virus activity is an interesting trend and we suspect this means that cybercriminals are attempting to draw the attention of anti-virus laboratories away from other seemingly more harmful threats.”

In other areas of IT security, botnets have seen considerable activity in 2010. For example, Panda Security played a key role in dismantling Mariposa, one of the largest botnets known to date, and subsequently detected Mariposa malware on y Vodafone devices. Mariposa stole account information for social media sites and other online e-mail services, usernames and passwords, banking credentials and credit card data through infiltrating an estimated 12.7 million compromised personal, corporate, government and university IP addresses in more than 190 countries. The botnet was shut down and rendered inactive on December 23rd, 2009, thanks to the collaborative effort of different security experts and law enforcement, including Panda Security, Defence Intelligence, the FBI and Spanish Guardia Civil.

In addition, popular online search topics, including Apple’s iPad and Facebook applications, were once again used in BlackHat SEO attacks. Similarly, cybercriminals continue to use social networks to distribute malware, a trend that saw a considerable uptick in 2009 and will continue throughout 2010.

SonicWALL identifies growing threat of cybercriminals attacking new searches

Over 284 Top Search Terms attacked over the last 7 days with 6600 Malicious URLS; Threat team outlines tips to protect against searching threats

SonicWALL announced it identified that cybercriminals are continuing to attack Google’s top search items. In the last 7 days, more than 284 top search terms have been attacked by more than 6600 malicious URLS. The threat team has found up to nine of the top 20 search terms are under attack at any one time. To help individuals defend against these types of threats, SonicWALL’s threat research team has identified certain search terms that have returned the greatest number of malicious sites and has developed several tips for combing through search terms.

“Cybercriminals use whatever is at their disposal to spread malware. In this instance they are launching attacks against Google’s top search terms that identify the most popular stories of the day,” said Deepen Desai, Lead Malware Researcher, SonicWALL. “These criminals are now going after these top search terms using their knowledge to insert malware infected websites almost immediately after people show interest in a particular news site.”

Using social engineering tactics, cybercriminals are able to jump onto the latest news events ranking high on Hot Search to draw more traffic to their infected websites. Search Engine Optimization (SEO) tactics are then used to make the websites show up higher in the search results, thus making it more likely that individuals will click on them.

The counter offensive to remove these threats is on-going. However, some sites have remained within search results for a number of hours before being removed. Recent and topical infected searches include:

• A search on “elinor burkett” within a 24 hour period between March 8th and 9th presented 40 unique malicious URLs appearing in Google search’s top 30 results.
• A search on “the new tenants” on March 8th presented 56 unique malicious URLs appearing in Google search’s top 30 results.

SonicWALL suggests you remember the following tips when searching for a news event:

• Be diligent when clicking on the links that show up in search engine results. Be sure to look at the URL before you click on it. Quite often the legitimate sites show up with complete readable sentences in their description whereas the malicious sites show up with jumbled keywords.
• If you do click on a malicious website, quickly get out of it. Most of the malware found redirect to fake antivirus websites that pretend to discover malware on a computer and offers to sell antivirus software that will clean it up.
• Make sure that your antivirus is up to date. Use defense-in-depth by layering protection, having antivirus both on the gateway and the client.
• Steer clear of any kind of video codecs or protection software executables downloads prompted by most of these sites.
• Do not execute any files that come through e-mail attachments.

For more information and to track the latest network and e-mail security threats, go to: http://www.sonicwall.com/securitycenter.asp?tab=NS

Cybercriminals continue to show their love for Valentine’s Day

PandaLabs provides tips for Internet users to protect their PCs from holiday-themed malware

PandaLabs, Panda Security’s malware analysis and detection laboratory, warns that cybercriminals are continuing to exploit Valentine’s Day with holiday-themed malware as a lure to trick users and infect computers.

As in years past, Internet users can expect to see numerous e-mails this weekend with links to malicious downloads, which are often perpetrated through romantic greeting cards or messages with subject lines related to Valentine’s Day. In 2010, cyber-crooks are also exploiting social networking sites such as Facebook or Twitter.

Social engineering remains cyber-crooks’ preferred technique for deceiving users. In these cases, cybercriminals obtain confidential information from users by convincing them to take a series of actions: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program, which captures information and sends it to fraudsters.

“The continued use of social engineering by cyber-crooks is a good indication of the high infection rate that this technique achieves. The technique works well, so criminals will continue to use it until people stop falling for it,” explains Luis Corrons, technical director of PandaLabs.

PandaLabs recommends Internet users follow these guidelines to avoid falling victim to computer threats this Valentine’s Day:

– Don’t open e-mails or messages received on social networks from unknown senders.

– Do not click any links included in e-mail messages, even if they come from reliable sources. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications.

– If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.

– Do not run attached files that come from unknown sources. Stay on the alert for files that claim to be Valentine’s Day greeting cards, romantic videos or another related ploy.

– If a page seems legitimate but asks you to download something, you should be suspicious and choose not to accept the download.

– If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.

– If you are making any purchases online related to Valentine’s Day, type the address of the store in the browser, rather than going through any links that have been sent to you.

– Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page. To check if a page is secure, look for the security certificate in the form of a small yellow padlock next to the toolbar or in the bottom right-hand corner of the screen.

– Don’t use shared or public computers for making transactions or operations that require you to enter passwords or other personal details.

– Have an effective security solution installed that is capable of detecting both known and new malware strains.

2010 Computer Threat Trends, PandaLabs forecast

Fake antivirus, bots and banker Trojans will continue to increase

Cyber-criminals will keep fine-tuning their social engineering skills to trick victims

More malware will be created for Windows 7 and Mac operating systems

The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009. As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination. Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus strains (rogueware), bots and banker Trojans.

Social Engineering Continues to Rise

Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc. It is always a good idea to be suspicious of any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

Watch Out Windows 7

Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Mobile Phone Attacks – Not Yet!

Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone — the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android; and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

Mac Becoming Increasingly Attractive to Cyber-Criminals

Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive. Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware. These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009, we have already seen some attacks, and predict there are more to come in 2010.

Cyber war

Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion — as yet unapproved — pointing at North Korea. In 2010, we can expect to see similar politically-motivated attacks.

Securing the Cloud

Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

Cloud Antivirus Technology on the Rise

2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware. In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

Source: Panda Security

Trend Micro 2010 Future Threat Report

Virtualization, Cloud-Computing and a Shifting Internet Infrastructure Will Widen the Scope of Cybercrime

Using news headlines and the latest technological trends, cybercriminals are brilliantly agile at exploiting whatever is trendy for cash and profit. Now, the growing popularity of cloud computing and virtualization among companies is likely to catch the attention of criminals scheming for the next hot cyber-swindle.

According to the Trend Micro 2010 Future Threat Report, cloud computing and virtualization — while offering significant benefits and cost-savings — move servers outside the traditional security perimeter and expand the playing field for cybercriminals. The industry already witnessed Danger/Sidekick’s cloud-based server failure that caused major data outages in November 2009, highlighting cloud-computing risks that cybercriminals will likely abuse. Trend Micro believes cybercriminals will either be manipulating the connection to the cloud, or attacking the data center and cloud itself.

The Internet infrastructure is changing, opening more opportunities for cybercrime

The “next-generation” protocol designed by the Internet Engineering Task Force, Internet Protocol v. 6, is still in the experimentation stages of replacing the current IPv4, now 20 years old. As users start to explore IPv6, so will cybercriminals, and we can expect to see proof-of-concept elements in IPv6 start to materialize in the upcoming new year. Possible avenues for abuse include new covert channels or C&C. But don’t expect active targeting of IPv6 address space–at least not in the very immediate future.

Domain names are becoming more internationalized and the introduction of regional top-level domains (Russian, Chinese, and Arabic characters) will create new opportunities to launch age-old attacks through look-alike domains for phishing – using Cyrillic characters in place of similar looking Latin characters. Trend Micro predicts this will lead to reputation problems and abuse that will challenge security companies.

Social media and social networks will be used by cybercriminals to enter the users’ “circle of trust”

Social engineering will continue to play a big role in the propagation of threats. But given the increasing saturation of social media with content intended to be shared via online social interactions, cybercriminals will definitely try to penetrate and compromise popular communities more than ever in 2010.

Social networks are also ripe venues for stealing personally identifiable information (PII). The quality and quantity of data posted openly by most trusting users on their profile pages, combined with interaction clues, are more than enough for cybercriminals to stage identity thefts and targeted social engineering attacks. The situation will worsen in 2010, with high-profile personalities suffering from online impersonators or stolen bank accounts.

The extinction of global outbreaks, and the growth of localized, targeted attacks

The threat landscape has shifted and we are no longer seeing global outbreaks like Slammer or CodeRed. Even the much covered Conficker incident of 2008 and early 2009 was not a global outbreak by its true definition; rather it was a carefully orchestrated and architected attack. Moving forward, localized and targeted attacks are expected to grow in their number and sophistication.

More key forecasts for 2010 and beyond:
– It’s all about money, so cybercrime will not go away.
– Windows 7 will have an impact since it is less secure than Vista in the default configuration.
– Risk mitigation is not as viable an option anymore-even with alternative Browsers /alternative operating systems.
– Malware is changing its shape – every few hours.
– Drive-by infections are the norm – one Web visit is enough to get infected.
– New attack vectors will arise for virtualized/cloud environments.
– Bots can’t be stopped anymore, and will be around forever.
– Company/Social networks will continue to be shaken by data breaches.

Source: Trend Micro Incorporated

Next Page »

• Recent Posts

  • McAfee TechMaster Services: Expert Technical Support Services for North American Consumers
  • Bitdefender Special Discount: 29% OFF for the Leap Year
  • Vintage Camera for iPhone and iPod Touch
  • How Online Communication Connects Generations
  • 2012 Best DVD Ripper for Mac and Video Converter for Mac
  • Crackle Voice-controlled Experience on Xbox 360
  • ESET has been named a 2011 Top Rated Product by AV-Comparatives
  • Microsoft Provides Tips to Help Protect Your Online Image
  • Register Now for the 2012 TopCoder Open!
  • Apple All-New iTunes U App for iPad, iPhone and iPod touch
  • Free Adobe Photoshop Lightroom 4 Beta Delivers Unparalleled Image Processing
  • Macworld | iWorld: More Than 100 Brand New Products Debuting for the Apple Platform
  • IBM Brings the Power of Analytics to Social Business
  • TomTom Provides Customers with More Details about How It Uses Their Location Data
  • CES 2012: Mobile Security V6.0 for Android

• Tags

  2009 Adobe America antivirus Apple application app store browser business cybercriminals data protection download encryption FileMaker free IBM internet iPad iPhone iPod touch Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software SIIA social media software Software News tech technology threats Trend Micro US USA Windows Windows 7