One-Third of All Malware was Created in the First 10 Months of 2010

November 26, 2010 · Filed Under Security Software, Software News · Comment 

PandaLabs reported today that one-third of all malware in existence was created in the first 10 months of 2010.

The average number of malware threats created every day, including new malware and variants of existing families, has risen from 55,000 in 2009 to 63,000 in 2010 – a rate increase of 14.5 percent.

The research lab also revealed that the average lifespan of 54 percent of malware has been reduced to just 24 hours, compared to a lifespan of several months that was more common in previous years.

Panda’s Collective Intelligence database, which automatically detects, analyzes and classifies 99.4 percent of the threats received, now has identified 134 million separate files, 60 million of which are malware (viruses, worms, Trojans and other threats). According to PandaLabs, 34 percent of all active malware threats were created in the first ten months of 2010. Approximately 20 million new strains of malware have been created already this year; the same total for the year of 2009 in its entirety.

This shortened lifespan of malware and increased number of variants is proof of a significant shift in the cybercrime landscape: many malware variants are created to infect just a few systems before they disappear. As antivirus solutions become able to detect new malware more quickly, hackers modify them or create new ones so as to evade detection. The quickly changing malware strains make it incredibly important to have protection technologies such as Collective Intelligence, which can rapidly neutralize new malware and reduce the risk window to which users are exposed during these first 24 hours. Read more

Tags: , ,

More Than 200 Websites Use ‘Justin Bieber’ as Bait to Distribute Malware, According to PandaLabs

August 19, 2010 · Filed Under Software News · Comment 

Blackhat SEO techniques are being used by cyber-criminals to position malicious links among the top results in search engines

Other popular topics recently used include the last episode of ‘Lost’ and the release of ‘Iron Man 2′

PandaLabs, Panda Security’s antimalware laboratory, has detected more than 200 spoof Web addresses using the name ‘Justin Bieber’ as bait to lure users. When including the name of this pop singer and teen sensation in malicious links, cyber-criminals are distributing the fake antivirus MySecurityEngine. This technique has been used many times in the past, taking advantage of popular topics such as the series finale of ‘Lost’ or the release of the movie, ‘Iron Man 2′.

References to Justin Bieber in malicious links include examples such as: Read more

Tags: , , , , ,

Consumers don’t relate bot infections to risky behavior as millions continue to click on spam

March 25, 2010 · Filed Under Internet Software, Security Software, Software News · Comment 

MAAWG 2010 Email Security Consumer Survey Expands to North America and Western Europe

A significant percentage of consumers continue to interact with spam despite their awareness of how bots and viruses spread through risky email behavior, according to the Messaging Anti-Abuse Working Group (MAAWG) based on a new survey it released today covering North America and Western Europe. Even though over eighty percent of email users are aware of the existence of bots, tens of millions respond to spam in ways that could leave them vulnerable to a malware infection, according to the 2010 MAAWG Email Security Awareness and Usage Survey.

In the new survey, half of users said they had opened spam, clicked on a link in spam, opened a spam attachment, replied or forwarded it – activities that leave consumers susceptible to fraud, phishing, identity theft and infection. While most consumers said they were aware of the existence of bots, only one-third believed they were vulnerable to an infection.

“Consumers need to understand they are not powerless bystanders. They can play a key role in standing up to spammers by not engaging and just marking their emails as junk,” said Michael O’Reirdan, MAAWG chairman.

“When consumers respond to spam or click on links in junk mail, they often set themselves up for fraud or to have their computers compromised by criminals who use them to deliver more spam, spread viruses and launch cyber attacks,” O’Reirdan said.

The research findings on awareness of bots, email security practices, and attitudes toward controlling spam were generally consistent with the first MAAWG consumer survey in 2009 covering North America. The new 2010 survey was expanded to cover Western Europe and looks at consumers’ attitudes in Canada, France, Germany, Spain, the United Kingdom and the United States.

It Won’t Happen to Me Syndrome

Less than half of the consumers surveyed saw themselves as the entity who should be most responsible for stopping the spread of viruses. Yet, only 36% of consumers believe they might get a virus and 46% of those who opened spam did so intentionally.

This is a problem because spam is one of the most common vehicles for spreading bots and viruses. The malware is often unknowingly installed on users’ computers when they open an attachment in a junk email or click on a link that takes them to a poisoned Web site, according to O’Reirdan.

Younger consumers tend to consider themselves more security savvy, possibly from having grown up with the Internet, yet they also take more risks. Among the survey’s key findings:

  • Almost half of those who opened spam did so intentionally. Many wanted to unsubscribe or complain to the sender (25%), to see what would happen (18%) or were interested in the product (15%).
  • Overall, 11% of consumers have clicked on a link in spam, 8% have opened attachments, 4% have forwarded it and 4% have replied to spam.
  • On average, 44% of users consider themselves “somewhat experienced” with email security. In Germany, 33% of users see themselves as “expert” or “very experienced,” followed by around 20% in Spain, the U.K. and the U.S.A., 16% in Canada and just 8% in France.
  • Men and email users under 35 years, the same demographic groups who tend to consider themselves more experienced with email security, are more likely to open or click on links or forward spam. Among email users under 35 years, 50% report having opened spam compared to 38% of those over 35. Younger users also were more likely to have clicked on a link in spam (13%) compared to less than 10% of older consumers.
  • Consumers are most likely to hold their Internet or email service provider most responsible for stopping viruses and malware. Only 48% see themselves as most responsible, though in France this falls to 30% and 37% in Spain.
  • Yet in terms of anti-virus effectiveness, consumers ranked themselves ahead of all others, except for anti-virus vendors: 56% of consumers rated their own ability to stop malware and 67% rated that of anti-virus vendors’ as very or fairly good. Government agencies, consumer advocacy agencies and social networking sites were among those rated most poorly.

The survey was conducted online between January 8 and 21, 2010 among over a thousand email users in the United States and over 500 email users in each of the other five countries. Participants were general consumers responsible for managing the security for their personal email address.

Both the survey’s key findings and the full report are available at the MAAWG Web site, www.MAAWG.org. The 2010 research was conducted by Ipsos Public Affairs, and the full report includes country comparisons for many of the questions along with detailed charts.

The Messaging Anti-Abuse Working Group (MAAWG) is where the messaging industry comes together to work against spam, viruses, denial-of-service attacks and other online exploitation. MAAWG (www.MAAWG.org) represents almost one billion mailboxes from some of the largest network operators worldwide. It is the only organization addressing messaging abuse holistically by systematically engaging all aspects of the problem, including technology, industry collaboration and public policy. MAAWG leverages the depth and experience of its global membership to tackle abuse on existing networks and new emerging services. Headquartered in San Francisco, Calif., MAAWG is an open forum driven by market needs and supported by major network operators and messaging providers.

Tags: , , ,

Top 10 Malware Threats for January

February 4, 2010 · Filed Under Security Software, Software News · Comment 

Leading anti-malware developer finds continued prevalence of Trojan horse programs

Sunbelt Software announced the top 10 most prevalent malware threats for the month of January 2010. The report, compiled from monthly scans performed by Sunbelt’s award-winning anti-malware solution, VIPRE® Antivirus + Antispyware, and its antispyware tool, CounterSpy®, is a service of SunbeltLabs(TM).

In January, the malware landscape remained remarkably similar to December, according to Sunbelt Software ThreatNet statistics. The top seven detections were the same as December, but in a slightly different order. In December and January, six of the top 10 detections were Trojan horse programs.

Trojan.Win32.Generic!BT – a generic detection for Trojans that comprised nearly one quarter (23.15 percent) of all the malware found. It remained in the top position for the third month in a row, growing by nearly 20 percent from 18.69 percent of all detections in December. It is a detection that includes many downloaders associated with scareware or rogue security products.

After holding the top spot on the list for most of 2009, the password-stealing Trojan-Spy.Win32.Zbot.gen held the second position on the list for the third consecutive month, decreasing from 6.23 to 4.91 percent of all detections.

“I think we can expect to see Trojan horse programs continue to be the top detections for the foreseeable future,” said Michael St. Neitzel, Sunbelt Software vice president of Threat Research. “Trojans used to download and install a wide variety of other malware and those are the real moneymakers for the bad guys.”

Other Trojans in the top 10 were:
– Trojan.Win32.Generic!SB.0
– Trojan.Win32.Malware
– Trojan.ASF.Wimad (v)
– Trojan.HTML.FakeAlert.a (v)

Meanwhile, three new detections moved onto this month’s top 10 list. Virtumonde — a generalized description of an adware program with many versions of pop up advertising — constituted 1.23 percent of overall detections. Packed.Win32.TDSS.aa.3 (v) — a sophisticated rootkit and Trojan that is used primarily to redirect search engine results — made up 1.21 percent. Finally, Trojan.HTML.FakeAlert.a (v) — a detection for an HTML file which replaces a desktop background and works with other rogue malware — made up just under one percent of all detections.

The top 10 results represent the number of times a particular malware infection was detected during VIPRE and CounterSpy scans that report back to ThreatNet, Sunbelt’s community of opt-in users. These threats are classified as moderate to severe based on method of installation among other criteria established by SunbeltLabs. The majority of these threats propagate through stealth installations or social engineering.

The top 10 most prevalent malware threats for the month of January are:
1. Trojan.Win32.Generic!BT 23.15%
2. Trojan-Spy.Win32.Zbot.gen 4.91%
3. Exploit.PDF-JS.Gen (v) 4.55%
4. Trojan.Win32.Generic!SB.0 2.40%
5. Trojan.Win32.Malware 1.93%
6. Trojan.ASF.Wimad (v) 1.92%
7. INF.Autorun (v) 1.46%
8. Virtumonde 1.23%
9. Packed.Win32.TDSS.aa.3 (v) 1.21%
10. Trojan.HTML.FakeAlert.a (v) 0.98%

Source: Sunbelt Software

Tags: , , , , ,

Perimeter E-Security ranks the Top 10 Information Security Threats for 2010

January 17, 2010 · Filed Under Security Software, Software News · Comment 

Malware and Malicious Insiders Top the List as Rising Threats; Vulnerability Exploits will be the Heart of Hacking and Data Breaches

Perimeter E-Security, the trusted market leader of information security services that delivers enterprise-class protection and compliance to companies of all sizes, unveiled its Top 10 Information Security Threats for 2010.

“The start of a new year is a great time for companies to evaluate their information security practices and begin thinking about what threats they’ll be facing in the coming year,” said Kevin Prince, CTO, Perimeter E-Security. “As these security threats are becoming more serious and difficult to detect, it is vital for companies to understand what they can do to best protect their systems and information.”

Perimeter’s ranking of the Top 10 information security threats for 2010:

1. Malware (Rising Threat)

Last year, Malware was listed as the second highest ranked threat to organizations on Perimeter E-Security’s list of top threats. There are many methods to install malware on systems, including the use of client-side software vulnerabilities. Browsers remain a top target for vulnerabilities. In 2009, the FBI reported that for the first time ever, revenue from cybercrime had exceeded drug trafficking, estimated at taking in more than one billion annually in profits.

2. Malicious Insiders (Rising Threat)

Malicious insiders were listed as the top threat for 2009, but have fallen to the #2 spot for 2010. With the downturn in the economy last year, it was no surprise that many desperate and disgruntled employees attempted to exploit the companies they currently or previously worked for. There is no way to eliminate the threat of malicious insiders completely, but through good security policies and followed procedures, the incidents could be a fraction of what they are today. With the economy still suffering and still high unemployment levels, Malicious Insiders will continue to be a threat.

3. Exploited Vulnerabilities (Steady Threat)

Vulnerability exploit is at the heart of hacking and data breaches. Worms, viruses, malware, and a host of other attack types often rely on vulnerability exploit to infect, spread and perform the actions cyber criminals want. And yet, organizations are still not doing what they need to for patch management. Hackers are more often exploiting client side vulnerabilities and other vulnerabilities associated with 3rd party applications.

4. Careless Employees (Steady Threat)

Careless and untrained insiders will continue to be a very serious threat to organizations in 2010. Insiders can be broken down into three categories: careless & untrained employees, employees that are duped or fall prey to social engineering type attacks, and malicious employees. Protecting a network and critical and sensitive data is done very differently for each type. Policies, procedures, training and a little technology can make a world of difference in reducing an organization’s risk to careless insiders.

5. Mobile Devices (Rising Threat)

Mobile devices have become a plague for information security professionals. There are worms and other malware that specifically target these devices such as the iPhone worm that would steal banking data and enlist these devices in a botnet. Theft is still a major cause of data breaches as mobile devices, especially laptops, are the main culprits. Tens of thousands of laptops are stolen each year and often these have sensitive data that require public disclosure as a data breach.

6. Social Networking (Rising Threat)

Social networking sites such as Facebook, MySpace, Twitter and others have changed the way people communicate with each other, but these sites can pose serious threats to organizations. One main problem is that there is a trust component to these sites which makes them fertile ground for identity thieves. There is also a personal safety issue. Social networking sites are a stalker’s dream come true. Social networking sites are breeding grounds for SPAM, scams, scareware and a host of other attacks and these threats will continue to rise.

7. Social Engineering (Steady Threat)

Social engineering is always a popular tool used by cyber criminals and phishing is still a popular method for doing just that. In fact, these new venues make social engineering even more effective. This year will have an added measure of complexity when it comes to social engineering attacks. Beginning sometime mid-2010, domain names will be expanded to include Japanese, Arabic, Hindi and even Greek characters, and with all of these characters being available for domain names, no longer will looking at a domain help one determine if it’s legitimate or not.

8. Zero-Day Exploits (Rising Threat)

Zero-day exploits are when an attacker can compromise a system based on a known vulnerability but no patch or fix exists, and they have become a very serious threat to information security. Zero-day vulnerabilities are being discovered in traditionally very secure protocols such as SSL and TLS. The zero-day vulnerability could also be in providers.

9. Cloud Computing Security Threats (Rising Threat)

Using cloud based (i.e. Internet based) applications may not be as secure as once thought with many stories in 2009 regarding cloud based security issues. Many are calling for forced encryption to access “in the cloud” services. As cloud computing grows in popularity over the next few years, cloud security will become a very big issue.

10. Cyberespionage (Rising Threat)

Cyberespionage is a threat that’s being heard more and more all the time and there have been a flood of stories in 2009 on this subject. Most of these incidents surround government bodies and agencies and therefore have not been a huge threat to most individual organizations. However, since cyberespionage has major implications for the government, it is a rising threat that must be closely monitored.

“Information security is an ever-evolving discipline that requires tremendous expertise, time, and money to effectively manage. Every organization should take stock of what they are doing today and how well their current solutions mitigate the risk of the top 10 threats. In most cases, adjustments will need to be made and new technology should be implemented to ensure that the organization is properly prepared for what cyber criminals, spammers, phishers and hackers are planning for 2010,” added Prince.

Tags: , , , , , , , ,

Next Page »