• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • September 2010
  • August 2010
  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML

More Than 200 Websites Use ‘Justin Bieber’ as Bait to Distribute Malware, According to PandaLabs

Blackhat SEO techniques are being used by cyber-criminals to position malicious links among the top results in search engines

Other popular topics recently used include the last episode of ‘Lost’ and the release of ‘Iron Man 2′

PandaLabs, Panda Security’s antimalware laboratory, has detected more than 200 spoof Web addresses using the name ‘Justin Bieber’ as bait to lure users. When including the name of this pop singer and teen sensation in malicious links, cyber-criminals are distributing the fake antivirus MySecurityEngine. This technique has been used many times in the past, taking advantage of popular topics such as the series finale of ‘Lost’ or the release of the movie, ‘Iron Man 2′.

References to Justin Bieber in malicious links include examples such as: Read more

Consumers don’t relate bot infections to risky behavior as millions continue to click on spam

MAAWG 2010 Email Security Consumer Survey Expands to North America and Western Europe

A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to the Messaging Anti-Abuse Working Group (MAAWG) based on a new survey it released today covering North America and Western Europe. Even though over eighty percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to the 2010 MAAWG Email Security Awareness and Usage Survey.

In the new survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it – activities that leave consumers susceptible to fraud, phishing, identity theft and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection.

“Consumers need to understand they are not powerless bystanders. They can play a key role in standing up to spammers by not engaging and just marking their emails as junk,” said Michael O’Reirdan, MAAWG chairman.

“When consumers respond to spam or click on links in junk mail, they often set themselves up for fraud or to have their computers compromised by criminals who use them to deliver more spam, spread viruses and launch cyber attacks,” O’Reirdan said.

The research findings on awareness of bots, email security practices, and attitudes toward controlling spam were generally consistent with the first MAAWG consumer survey in 2009 covering North America. The new 2010 survey was expanded to cover Western Europe and looks at consumers’ attitudes in Canada, France, Germany, Spain, the United Kingdom and the United States.

It Won’t Happen to Me Syndrome

Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36% of consumers believe they might get a virus and 46% of those who opened spam did so intentionally.

This is a problem because spam is one of the most common vehicles for spreading bots and viruses. The malware is often unknowingly installed on users’ computers when they open an attachment in a junk email or click on a link that takes them to a poisoned Web site, according to O’Reirdan.

Younger consumers tend to consider themselves more security savvy, possibly from having grown up with the Internet, yet they also take more risks. Among the survey’s key findings:

• Almost half of those who opened spam did so intentionally. Many wanted to unsubscribe or complain to the sender (25%), to see what would happen (18%) or were interested in the product (15%).
• Overall, 11% of consumers have clicked on a link in spam, 8% have opened attachments, 4% have forwarded it and 4% have replied to spam.
• On average, 44% of users consider themselves “somewhat experienced” with email security. In Germany, 33% of users see themselves as “expert” or “very experienced,” followed by around 20% in Spain, the U.K. and the U.S.A., 16% in Canada and just 8% in France.
• Men and email users under 35 years, the same demographic groups who tend to consider themselves more experienced with email security, are more likely to open or click on links or forward spam. Among email users under 35 years, 50% report having opened spam compared to 38% of those over 35. Younger users also were more likely to have clicked on a link in spam (13%) compared to less than 10% of older consumers.
• Consumers are most likely to hold their Internet or email service provider most responsible for stopping viruses and malware. Only 48% see themselves as most responsible, though in France this falls to 30% and 37% in Spain.
• Yet in terms of anti-virus effectiveness, consumers ranked themselves ahead of all others, except for anti-virus vendors: 56% of consumers rated their own ability to stop malware and 67% rated that of anti-virus vendors’ as very or fairly good. Government agencies, consumer advocacy agencies and social networking sites were among those rated most poorly.

The survey was conducted online between January 8 and 21, 2010 among over a thousand email users in the United States and over 500 email users in each of the other five countries. Participants were general consumers responsible for managing the security for their personal email address.

Both the survey’s key findings and the full report are available at the MAAWG Web site, www.MAAWG.org. The 2010 research was conducted by Ipsos Public Affairs, and the full report includes country comparisons for many of the questions along with detailed charts.

The Messaging Anti-Abuse Working Group (MAAWG) is where the messaging industry comes together to work against spam, viruses, denial-of-service attacks and other online exploitation. MAAWG (www.MAAWG.org) represents almost one billion mailboxes from some of the largest network operators worldwide. It is the only organization addressing messaging abuse holistically by systematically engaging all aspects of the problem, including technology, industry collaboration and public policy. MAAWG leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services. Headquartered in San Francisco, Calif., MAAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

Top 10 Malware Threats for January

Leading anti-malware developer finds continued prevalence of Trojan horse programs

Sunbelt Software announced the top 10 most prevalent malware threats for the month of January 2010. The report, compiled from monthly scans performed by Sunbelt’s award-winning anti-malware solution, VIPRE® Antivirus + Antispyware, and its antispyware tool, CounterSpy®, is a service of SunbeltLabs(TM).

In January, the malware landscape remained remarkably similar to December, according to Sunbelt Software ThreatNet statistics. The top seven detections were the same as December, but in a slightly different order. In December and January, six of the top 10 detections were Trojan horse programs.

Trojan.Win32.Generic!BT – a generic detection for Trojans that comprised nearly one quarter (23.15 percent) of all the malware found. It remained in the top position for the third month in a row, growing by nearly 20 percent from 18.69 percent of all detections in December. It is a detection that includes many downloaders associated with scareware or rogue security products.

After holding the top spot on the list for most of 2009, the password-stealing Trojan-Spy.Win32.Zbot.gen held the second position on the list for the third consecutive month, decreasing from 6.23 to 4.91 percent of all detections.

“I think we can expect to see Trojan horse programs continue to be the top detections for the foreseeable future,” said Michael St. Neitzel, Sunbelt Software vice president of Threat Research. “Trojans used to download and install a wide variety of other malware and those are the real moneymakers for the bad guys.”

Other Trojans in the top 10 were:
– Trojan.Win32.Generic!SB.0
– Trojan.Win32.Malware
– Trojan.ASF.Wimad (v)
– Trojan.HTML.FakeAlert.a (v)

Meanwhile, three new detections moved onto this month’s top 10 list. Virtumonde — a generalized description of an adware program with many versions of pop up advertising — constituted 1.23 percent of overall detections. Packed.Win32.TDSS.aa.3 (v) — a sophisticated rootkit and Trojan that is used primarily to redirect search engine results — made up 1.21 percent. Finally, Trojan.HTML.FakeAlert.a (v) — a detection for an HTML file which replaces a desktop background and works with other rogue malware — made up just under one percent of all detections.

The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, Sunbelt’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by SunbeltLabs. The majority of these threats propagate through stealth installations or social engineering.

The top 10 most prevalent malware threats for the month of January are:
1. Trojan.Win32.Generic!BT 23.15%
2. Trojan-Spy.Win32.Zbot.gen 4.91%
3. Exploit.PDF-JS.Gen (v) 4.55%
4. Trojan.Win32.Generic!SB.0 2.40%
5. Trojan.Win32.Malware 1.93%
6. Trojan.ASF.Wimad (v) 1.92%
7. INF.Autorun (v) 1.46%
8. Virtumonde 1.23%
9. Packed.Win32.TDSS.aa.3 (v) 1.21%
10. Trojan.HTML.FakeAlert.a (v) 0.98%

Source: Sunbelt Software

Perimeter E-Security ranks the Top 10 Information Security Threats for 2010

Malware and Malicious Insiders Top the List as Rising Threats; Vulnerability Exploits will be the Heart of Hacking and Data Breaches

Perimeter E-Security, the trusted market leader of information security services that delivers enterprise-class protection and compliance to companies of all sizes, unveiled its Top 10 Information Security Threats for 2010.

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information.”

Perimeter’s ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)

Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security’s list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)

Malicious insiders were listed as the top threat for 2009, but have fallen to the #2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)

Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)

Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization’s risk to careless insiders.

5. Mobile Devices (Rising Threat)

Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)

Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker’s dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)

Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it’s legitimate or not.

8. Zero-Day Exploits (Rising Threat)

Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)

Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access “in the cloud” services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)

Cyberespionage is a threat that’s being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

“Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010,” added Prince.

Trend Micro 2010 Future Threat Report

Virtualization, Cloud-Computing and a Shifting Internet Infrastructure Will Widen the Scope of Cybercrime

Using news headlines and the latest technological trends, cybercriminals are brilliantly agile at exploiting whatever is trendy for cash and profit. Now, the growing popularity of cloud computing and virtualization among companies is likely to catch the attention of criminals scheming for the next hot cyber-swindle.

According to the Trend Micro 2010 Future Threat Report, cloud computing and virtualization — while offering significant benefits and cost-savings — move servers outside the traditional security perimeter and expand the playing field for cybercriminals. The industry already witnessed Danger/Sidekick’s cloud-based server failure that caused major data outages in November 2009, highlighting cloud-computing risks that cybercriminals will likely abuse. Trend Micro believes cybercriminals will either be manipulating the connection to the cloud, or attacking the data center and cloud itself.

The Internet infrastructure is changing, opening more opportunities for cybercrime

The “next-generation” protocol designed by the Internet Engineering Task Force, Internet Protocol v. 6, is still in the experimentation stages of replacing the current IPv4, now 20 years old. As users start to explore IPv6, so will cybercriminals, and we can expect to see proof-of-concept elements in IPv6 start to materialize in the upcoming new year. Possible avenues for abuse include new covert channels or C&C. But don’t expect active targeting of IPv6 address space–at least not in the very immediate future.

Domain names are becoming more internationalized and the introduction of regional top-level domains (Russian, Chinese, and Arabic characters) will create new opportunities to launch age-old attacks through look-alike domains for phishing – using Cyrillic characters in place of similar looking Latin characters. Trend Micro predicts this will lead to reputation problems and abuse that will challenge security companies.

Social media and social networks will be used by cybercriminals to enter the users’ “circle of trust”

Social engineering will continue to play a big role in the propagation of threats. But given the increasing saturation of social media with content intended to be shared via online social interactions, cybercriminals will definitely try to penetrate and compromise popular communities more than ever in 2010.

Social networks are also ripe venues for stealing personally identifiable information (PII). The quality and quantity of data posted openly by most trusting users on their profile pages, combined with interaction clues, are more than enough for cybercriminals to stage identity thefts and targeted social engineering attacks. The situation will worsen in 2010, with high-profile personalities suffering from online impersonators or stolen bank accounts.

The extinction of global outbreaks, and the growth of localized, targeted attacks

The threat landscape has shifted and we are no longer seeing global outbreaks like Slammer or CodeRed. Even the much covered Conficker incident of 2008 and early 2009 was not a global outbreak by its true definition; rather it was a carefully orchestrated and architected attack. Moving forward, localized and targeted attacks are expected to grow in their number and sophistication.

More key forecasts for 2010 and beyond:
– It’s all about money, so cybercrime will not go away.
– Windows 7 will have an impact since it is less secure than Vista in the default configuration.
– Risk mitigation is not as viable an option anymore-even with alternative Browsers /alternative operating systems.
– Malware is changing its shape – every few hours.
– Drive-by infections are the norm – one Web visit is enough to get infected.
– New attack vectors will arise for virtualized/cloud environments.
– Bots can’t be stopped anymore, and will be around forever.
– Company/Social networks will continue to be shaken by data breaches.

Source: Trend Micro Incorporated

Next Page »

• Recent Posts

  • Top Web Scams of the Decade
  • 25 Percent of New Worms in 2010 Are Designed to Spread Through USB Devices
  • IBM Delivers New Software to Help Clients Adopt Smarter Security and Compliance Management
  • DEF CON Survey Reveals Vast Scale of Cloud Hacking
  • More Than 200 Websites Use ‘Justin Bieber’ as Bait to Distribute Malware, According to PandaLabs
  • Panda Security’s Flagship Internet Security 2010 Takes Top Spot in AV-Test Report
  • National High School Cyber Defense Competition Registering Teams for Fall
  • National Survey: Online Safety is a Personal Priority for Americans
  • SonicWALL Releases Mid-Year Assessment of Top Cybercrime Threats for 2010
  • Casper 6.0 Tech Edition Disk Backup and Upgrade Software
  • Open Source Community Paves Way for Developers to Improve Internet Access for the Aging, Disabled
  • SAP Releases New Version of SAP Business ByDesign
  • Apple Updates Safari 5
  • Apple Mac OS X Updated
  • Forget the Format: New Aimersoft Video Converter Family is Available Now

• Tags

  2009 2010 America antivirus Apple application beta browser business Conficker cybercriminals data protection download educational encryption free Home Software IBM internet iPhone Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software SIIA software Software News tech technology threats Trend Micro United States US USA Windows Windows 7