Paranormal Activity 2 and Friday the 13th Used in Blackhat SEO Malware Attacks
Cloud Security Company uncovers top tricks used by cybercriminals this Halloween
PandaLabs advises computer users to be careful this Halloween as they may be in for a trick thanks to malicious applications, fake websites, spam and Trojans disguised as Halloween treats by cybercriminals. Hackers are taking advantage of popular Hollywood scary movies, such as “Paranormal Activity 2″ and “Friday the 13th,” to implement Blackhat SEO attacks that target unsuspecting online users through search results. As the Halloween season ramps up, Blackhat SEO, scareware and spam incidents, using both old ‘rising from the dead’ and new seasonal tactics, have intensified.
In a Blackhat SEO attack, cybercriminals place links to malicious sites in the search results for popular terms, in this case the latest scary movies to arrive in theaters or party invitations for the Halloween season. Once users click on the link and access the site, they become vulnerable to infection by Trojans and other malware, which often come in the form of a fake antivirus program or rogueware, such as “Desktop Security 2010.” Read more
Top Web Scams of the Decade
Exploits involving Russian women, Nigerian scams and fake job offers top list of creative ploys used by cybercriminals
With 2010 drawing to a close, PandaLabs, Panda Security’s anti-malware laboratory, has released a ranking of the most widespread scams on the Web from the past 10 years. These include the infamous Nigerian scam, ploys involving beautiful foreign women and money mule schemes based on too-good-to-be-true job offers.
According to Luis Corrons, technical director of PandaLabs, “As with all the classic scams that predate the Internet, many of the numerous users that fall for these tricks and lose their money are reticent to report the crime. If recovering the stolen money was difficult in the old days, it is even harder now because criminals’ tracks are often lost across the Web. The best defense is to learn how to identify these scams and avoid taking the bait.”
Typically, these scams follow a similar pattern: Cybercriminals make initial contact with their victim through e-mail or on a social network. The intended victim is then asked to respond by e-mail, telephone, fax or some other channel. Once the user takes the bait, the criminals will attempt to gain their victim’s trust, finding an excuse to ask for money.
The most frequent scams identified by PandaLabs over the last 10 years, based on their distribution and the frequency, are as follows: Read more
25 Percent of New Worms in 2010 Are Designed to Spread Through USB Devices
48 percent of SMBs worldwide are infected every year; one third of these infections are caused by worms that spread on USB devices
PandaLabs has discovered that in 2010, 25 percent of new worms have been specifically designed to spread through USB storage devices connected to computers. These types of threats can copy themselves to any device capable of storing information such as cell phones, external hard drives, DVDs, flash memories and MP3/4 players.
The data from Panda Security’s Second International SMB Security Barometer suggests that this distribution technique is highly effective. With survey responses from more than 10,470 companies across 20 countries, it was revealed that approximately 48 percent of SMBs (with up to 1,000 computers) admit to having been infected by some type of malware over the last year. As further proof, 27 percent confirmed that the source of the infection was a USB device connected to a computer.
According to Luis Corrons, Technical Director of PandaLabs, “At present, much of the malware in circulation has been designed to distribute through these devices. Not only does it copy itself to these gadgets, but it also runs automatically when a USB device is connected to a computer, infecting the system practically transparently to the user. This has been the case with many infections we have seen this year, such as the distribution of the Mariposa and Vodafone botnets.”
So far, these types of infections are still outnumbered by those that spread via email, but it is a growing trend. “There are now so many devices on the market that can be connected via USB to a computer: digital cameras, cell phones, MP3 or MP4 players,” adds Corrons. “This is clearly very convenient for users, but since all these devices have memory cards or internal memory, it is feasible that your cell phone could be carrying a virus without your knowledge.” Read more
More Than 200 Websites Use ‘Justin Bieber’ as Bait to Distribute Malware, According to PandaLabs
Blackhat SEO techniques are being used by cyber-criminals to position malicious links among the top results in search engines
Other popular topics recently used include the last episode of ‘Lost’ and the release of ‘Iron Man 2′
PandaLabs, Panda Security’s antimalware laboratory, has detected more than 200 spoof Web addresses using the name ‘Justin Bieber’ as bait to lure users. When including the name of this pop singer and teen sensation in malicious links, cyber-criminals are distributing the fake antivirus MySecurityEngine. This technique has been used many times in the past, taking advantage of popular topics such as the series finale of ‘Lost’ or the release of the movie, ‘Iron Man 2′.
References to Justin Bieber in malicious links include examples such as: Read more
Viruses Designed for iPhones Can Also Infect iPads, Finds PandaLabs
iPad proves susceptible to the iPhone/Eeki.A worm that infected jailbroken iPhones last year, other malware targeting the iPhone
PandaLabs, Panda Security’s antimalware laboratory, has revealed that malware designed to infect iPhones can also compromise the popular iPad, as demonstrated in a video on the PandaLabs blog at http://www.pandalabs.com.
“This doesn’t mean we’re about to face an avalanche of infections. We have always stated that as Apple increases its market share, cyber-crooks will begin to show more interest in targeting the platform,” said Luis Corrons, technical director of PandaLabs. “However, we are certainly beginning to see more proofs of concept, and so advise all Mac users to follow the manufacturer’s recommendations to maximize security on their operating systems.”
Despite the fact that Apple has made it impossible to install peripherals and software outside of those found in its own App Store, cyber-criminals have found a way to infect jailbroken iPad devices with malware. Read more