• Categories

  • Browsers
  • Business Software
  • Communications
  • Desktop Enhancements
  • Developer Tools
  • Digital Photo Software
  • Downloads
  • Drivers
  • Educational Software
  • Games
  • Graphic Design Software
  • Home Software
  • Internet Software
  • iTunes and iPod Software
  • Linux
  • MP3 Audio Software
  • Networking Software
  • Productivity Software
  • Screensavers and Wallpaper
  • Security Software
  • Software News
  • Utilities and Operating Systems
  • Video Software

• Archives

  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • July 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009

• Links

  • Gadget Mania
  • Gadget Reviews
  • USB World
  

• Meta

  • Log in
  • WordPress
  • XHTML

Panda Security and Defence Intelligence coordinate massive botnet shutdown with international law enforcement

Collaborative cybercrime investigation results in three arrests, more pending

Personal and financial data compromised from massive cyber attack impacting nearly 13 million unique IP addresses, 50 percent of Fortune 1000 companies

Preliminary damages estimated to be in the millions of dollars

According to IT security firms Panda Security and Defence Intelligence, the Mariposa botnet, a massive network of infected computers designed to steal sensitive information, has been shutdown and three suspected criminals accused of operating the botnet have been arrested by Spanish law enforcement. Mariposa stole account information for social media sites and other online email services, usernames and passwords, banking credentials, and credit card data through infiltrating an estimated 12.7 million compromised personal, corporate, government and university IP addresses in more than 190 countries. The botnet was shutdown and rendered inactive on December 23rd, 2009 thanks to the collaborative effort of different security experts and law enforcement, including Panda Security, Defence Intelligence, the FBI and Spanish Guardia Civil.

With almost 13 million compromised computers, Mariposa is one of the largest botnets ever reported on record. Christopher Davis, CEO for Defence Intelligence, who first discovered the Mariposa botnet, explains: “It would be easier for me to provide a list of the Fortune 1000 companies that weren’t compromised, rather than the long list of those who were.”

Following the discovery of Mariposa’s existence in May 2009, Defence Intelligence, Panda Security and the Georgia Tech Information Security Center spearheaded the Mariposa Working Group as a collaborative effort with other international security experts and law enforcement agencies to eradicate the botnet and bring the perpetrators to justice. The main botmaster, nicknamed “Netkairo” and “hamlet1917″, as well as his immediate botnet operator partners, “Ostiator” and “Johnyloleante”, were arrested earlier this month.

Pedro Bustamante, senior research advisor at Panda Security, said: “Our preliminary analysis indicates that the botmasters did not have advanced hacking skills. This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber criminals to inflict major damage and financial loss. We’re extremely proud of the coordinated effort made by all of the Mariposa Working Group members and the speed at which we were able to bring down this massive botnet and the criminals behind it.”

Late last year, the Mariposa Working Group infiltrated the command-and-control structure of Mariposa to observe the communication channels used by the suspected botmasters. These channels relay information from the compromised computers to the perpetrators and are commonplace, similar to those used by the Zeus, Conficker and Koobface botnets or as shown recently in the Google/Aurora operation. After analyzing the main command-and-control servers the Working Group was able to facilitate the coordinated worldwide shutdown of the Mariposa Botnet on December 23rd. Panda Security is currently leading a comprehensive analysis of the malware, as well as coordinating international communication among other antivirus companies to ensure that their signatures are updated.

Highlights from Panda Security’s preliminary analysis include:

– Once infected by the Mariposa bot client, the botmaster installed different malware (advanced keyloggers, banking trojans like Zeus, remote access trojans, etc.) in order to gain additional functionality into the zombie PCs.
– The botmaster made money by selling parts of the botnet, installing pay-per-install toolbars, selling stolen credentials for online services and using the stolen banking credentials and credit cards to make transactions to overseas mules.
– The Mariposa botnet spread extremely effectively via P2P networks, USB drives, and MSN links.

A more comprehensive report from Panda Security’s forensic analysis will be available at http://pandalabs.pandasecurity.com/ shortly. In the meantime a short description of the Mariposa botnet software can be found at http://www.pandasecurity.com/homeusers/security-info/217587/ButterflyBot.A.

“Once again, the coordinated efforts of various international law enforcement agencies and Spain’s Guardia Civil, together with the Internet security industry, have been able to tackle the global threat of cyber-crime,” said Juan Salom, commander of the Cybercrime Unit of the Guardia Civil.

According to Dave Dagon at the Georgia Tech Information Security Center: “Instead of making pie charts, we should treat a botnet as a crime scene and not just a research project.”

The Mariposa Working Group has officially seized control of the communication channels used by Mariposa, effectively severing the botnet from its criminal creators. In an apparent act of retaliation, a Distributed Denial of Service (DDoS) attack was initiated against Defence Intelligence shortly after the botnet was shut down in December. The attack was powerful enough to impact one large Internet Service Provider, many of whose customers were knocked offline for several hours.

According to a representative from CDmon, the ISP that collaborated in the investigation and where the criminal domains were hosted: “We are pleased to have been able to support this international operation, along with the Spanish Guardia Civil, Panda Security, Defence Intelligence and other law enforcement agencies, and to help bring down the botnet. CDmon is strongly committed to the concept of quality Internet, guaranteeing standards of quality and security across all our services. This collaborative effort is a big win in the fight against cybercrime.”

“We will continue to fight the threat of botnets and the criminals behind them,” says Davis. “We’ll start by dismantling their infrastructure and won’t stop until they’re standing in front of a judge.”

Defence Intelligence and Panda Security are attempting to contact affected organizations. To find out if your organization has been compromised, contact compromise@defintel.com or info@pandasecurity.com.

Panda Cloud Antivirus now compatible with Windows 7

Panda Security’s industry acclaimed free antivirus service, Panda Cloud Antivirus, has received Microsoft’s ‘Compatible with Windows 7′ certification after passing the company’s quality checks for both 32-bit and 64-bit systems.

Since the launch of Panda Cloud Antivirus on November 10, 2009, millions of users have enjoyed the simplest, most effective and easy-to-use protection on the market.

Panda Cloud Antivirus is the world’s first free antivirus service that provides real-time protection against the newest and most dangerous viruses. This level of protection is made possible because Panda gathers malware information from its global community of users in the cloud to automatically process malware strains in minutes, versus hours or even days compared to other products. Panda’s approach combines local detection technologies with real-time cloud scanning to maximize protection while significantly minimizing the impact on PC performance.

Panda Cloud Antivirus has recently won the PCMag.com Editor’s Choice Award for Best Free Antivirus, as well as top honors in PCWorld’s comparative review of free antivirus software. Panda Cloud Antivirus is available for download free of charge at www.cloudantivirus.com.

Source: Panda Security

Greatest cyber risk driven by remote network access and embedded malicious code: Deloitte Poll

More than 40 percent of executives polled by Deloitte believe remote internet access to corporate systems, embedded malware in computers, applications and devices, and little visibility into the security protocols of suppliers and business units are the greatest cyber risks today. The executives were polled recently during the Deloitte webcast, “Combating Cyber-Threats from the Underground Economy: A View from the Front Lines.”

“Cyber attacks today are not only about identity theft, but about stealing information behind companies’ firewalls,” said Mark White, principal, Deloitte Consulting LLP and the webcast moderator. “An entire underground economy has been built for the purpose of stealing, packaging, and reselling electronic information. Never before in history has the threat landscape been as deeply penetrated or more rapidly evolving. Never before have nations, corporations or individuals been more electronically exploited.”

Richard Baich, a principal in Deloitte & Touche LLP’s Security & Privacy practice and a webcast presenter, noted that security programs need to be strengthened as it has become increasingly evident that criminals with advanced cyber skills continuously invent new and insidious ways to perpetrate criminal acts. “The cyber crime landscape has evolved into a set of highly specialized criminal products and services that are able to target specific organizations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymization systems, which routinely evade present-day security controls,” said Baich.

Baich also stated that cyber criminals are now able to target specific individuals within an organization, such as a payroll clerk, and misuse that role to steal information for direct monetary gain. Nation-states are also able to recruit and leverage cyber criminal resources to target organizations or other nations for the purposes of espionage, monetary gain, or to gain military advantage.

“This leaves executives asking what they can do to quickly identify and contain malware and then protect their data. This is after they already spent a good deal of money on traditional protection programs,” said Baich. “Companies should consider establishing cyber threat intelligence programs as well as leveraging existing technology and architecture investments to help detect and prevent these problems.”

“Data is more valuable than money. Once money is spent it is gone. Data can be reused and can give you the ability to access online banking applications, use credit cards and penetrate firewalls over and over. A famous bank robber from the 1900s was asked why he robbed banks. He said ‘because that is where the money is.’ Cyber criminals today go to where the data is, because it allows them to access money. Executives need to develop cyber programs to stay ahead of criminals and stop old cat and mouse games,” added Baich.

Other polling results included:
– Only 2.8 percent of the participants indicated they did not need a type of cyber threat intelligence or detection program.
– 62.2 percent of respondents did not know how their organization understands what data is leaving the company’s network, though 14.1 percent did confirm that their organizations were using a data loss prevention solution.
– 41.4 percent reported that they did not know how their organizations found compromised devices inside of their network.
– More than a quarter (27.4 percent) indicated their organizations rely on some type of antivirus and intrusion detection system.

Peter Makohon, senior manager, Deloitte & Touche LLP and a webcast presenter, told participants that “cyber crime may already be in their neighborhoods” and cited the following issues facing executives:

– Current signature-based information security controls are not effective against sophisticated, cyber threats and exploits, which are evolving at a phenomenal rate.
– Companies lack the automated systems and skilled analysts to rapidly analyze, identify, contain, analyze, and remediate compromised devices.
– Information provided by various cyber intelligence sources is often outdated and high level; therefore, companies cannot take effective counter-actions based on that information alone.
– Organizations lack expertise, resources, technology, and process capabilities for taking timely action on these near real-time cyber threats.

To hear the webcast please visit: www.deloitte.com/us/dbriefs/futurete.

The polling responses came from more than 270 technology executives ranging from upper management to consultant across multiple industries responded to the polling questions during Deloitte’s webcast on December 3. The information obtained during the survey was taken “as is” and was not validated or confirmed by Deloitte.

Source: Deloitte

2010 Computer Threat Trends, PandaLabs forecast

Fake antivirus, bots and banker Trojans will continue to increase

Cyber-criminals will keep fine-tuning their social engineering skills to trick victims

More malware will be created for Windows 7 and Mac operating systems

The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009. As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination. Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus strains (rogueware), bots and banker Trojans.

Social Engineering Continues to Rise

Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc. It is always a good idea to be suspicious of any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

Watch Out Windows 7

Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Mobile Phone Attacks – Not Yet!

Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone — the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android; and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

Mac Becoming Increasingly Attractive to Cyber-Criminals

Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive. Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware. These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009, we have already seen some attacks, and predict there are more to come in 2010.

Cyber war

Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion — as yet unapproved — pointing at North Korea. In 2010, we can expect to see similar politically-motivated attacks.

Securing the Cloud

Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

Cloud Antivirus Technology on the Rise

2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware. In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

Source: Panda Security

CA report: Fake security software, search engines and social networks 2009’s Top Internet Threats

CA “State of the Internet 2009″ Report Analyzes Top Internet Threats; Researchers Predict Online Threats for 2010

The latest State of the Internet 2009 report issued today by CA, Inc. states that the most notable 2009 online threats were rogue/fake security software, major search engines, social networks and Web 2.0 threats. The report, based on data compiled by CA’s Global Security Advisor researchers, compiles trends from the first half of 2009. CA security researchers also offer predictions for the top Internet threats for 2010, including an increase in “malvertising” and the potential for another big computer worm outbreak like Conficker.

“Cybercriminals have made a business out of conducting attacks on the most popular online destinations because they promise the highest payoff,” said Don DeBolt, director of threat research for CA’s Internet Security Business Unit. “Cybercriminals keep up with trends, major events, holidays, and the like, and focus on where they’ll get the biggest returns. Search engines, like Google and Yahoo, or social networking sites, like Twitter or Facebook, have the mass appeal to attract these criminals. In addition to Internet security software, the best weapon against today’s threats is education, so that consumers know what to look for when they are conducting activities online.”

CA researchers tracked the following trends in 2009:
– Rogue or Fake Security Software: Software that poses as legitimate Internet security software but is actually malware has experienced a significant surge in popularity. In the first half of 2009, CA added detection for 1,186 new variants of Rogue security software, which is a 40% increase compared to the last half of 2008.
– Search Index Poisoning: Google is a frequent target of online threats. Attackers employ sophisticated search engine optimizations to manipulate search engine rankings and poison users’ search results, which direct them to compromised Web sites that can cause malware infections.
– Social Networks/Web 2.0: Popular online communities, blogs and social media sites, such as YouTube, MySpace, Facebook and Twitter, are highly targeted. Financially motivated organized groups are among the aggressive attackers, creating hundreds of bogus profiles to perform various tasks, including distributing malware, spamming and stealing users’ online identities to perpetrate further cybercrime. Win32/Koobface is an example of a worm propagating through social networking sites. It uses the affected user’s login credentials to send messages to the user’s list of connected friends and family. In 2009, CA ISBU discovered more than 100 components and mutated strains belonging to the Win32/Koobface family.
– Identity Theft: Attacks targeting online credentials allowed attackers to distribute further cybercriminal activities, such as email address harvesting for Spam bots, sweeping FTP accounts for web infection and attributing to social network worm propagation, like Win32/Koobface. Stealing Trojans accounted for 23% of the most prevalent malware infections in 2009.
– Cybersquatting and typosquatting: Malicious Web sites that masquerade as legitimate, reputable sites deceive users into undertaking transactions or activities in which they divulge sensitive data.
– Mac OS X Threats: Security threats have come to the Mac. In 2009, CA ISBU has added 15 intelligent signatures detecting Mac OS X threats. The most prevalent being OSX/Jahlav.

“Malware doubled in 2009 and the ability to purchase bots and other malicious programs online is becoming more prevalent,” DeBolt continued. “It is a cat and mouse game. Cybercriminals are evolving along with the malware community and are constantly looking for new vulnerabilities to exploit, from online banking to search index poisoning.”

While spam and phishing scams are still on the rise, the breakdown for how malware was distributed in 2009 was dominated by the Internet at 78 percent, followed by email (via attachments or phishing) at 17 percent, and finally removable media (such as USB drives, digital photo frames, etc.) with 5 percent.

CA forward looking online security predictions for 2010:

1. Search engine optimization exploits and malicious advertising (Malvertising) will increase as a means to distribute Malware.
2. Another big computer worm like Conficker is likely. The increasing popularity of web-based applications and discovery of critical zero-day vulnerabilities, especially for new operating systems such as Windows 7 and Google Chrome, present good opportunities for a new worm outbreak.
3. Threats to Web 2.0 technologies such as social networks will continue to grow.
4. Denial-of-Service attacks will increase in popularity as a means to make a political statement. Popular websites like Twitter and Facebook are likely to fall victim once again.
5. Banking Trojans: These Trojans manifest as banking-related threats orchestrated to steal users’ identities for financial gain.
6. Malware actors will focus on the 64 bit and Apple platform.

The CA 2009 State of Internet Security report is intended to inform consumers and businesses of the newest and most dangerous Internet threats, forecast trends and provide practical advice for protection. The analysis provided is based on incident information from the CA Global Security Advisor team, submitted by CA customers and consumers from January to June 2009, as well as publicly available information. For the full CA 2009 State of Internet Security report, please visit www.ca.com/securityadvisor.

The CA Global Security Advisor Team delivers the around-the-clock, dependable security expertise, offering trusted security advice to the world for more than 16 years. Providing a complete threat management resource, CA’s Security Advisor Team is staffed by industry-leading researchers and skilled support professionals. CA Global Security Advisor is available at www.ca.com/securityadvisor. It offers free security alerts, RSS feeds, PC scans and a regular blog updated by the worldwide team of researchers. CA’s entire portfolio of threat-related products for home, small and medium businesses, and enterprises are updated and protected by the CA Global Security Advisor team.

Source: CA

AXIGEN releases Version 7.3 with increased security and manageability

AXIGEN, the professional messaging solution vendor, announced today the commercial release of AXIGEN Mail Server 7.3, designed to be a perfect fit for the Service Provider segment and one more step towards hosted messaging. Only two months after the launch of the desktop-like Ajax Webmail interface, this new version comes to further emphasize the user-centric trend of the product, by focusing on effortless manageability and a higher level of security, through the introduction of a brand new Identity Confirmation system.

Placing strong focus on anti-spam protection, AXIGEN Mail Server 7.3 delivers, among other user-oriented functionalities, an extra layer of security, via a Challenge/Response – based Identity Confirmation method, to offer a highly reliable and customizable email platform.

By directing strong innovative efforts towards adapting to the extremely demanding segment of Service Providers (SPs), AXIGEN reaffirms itself as a “trail blazer”, as considered by The Radicati Group in the Market Quadrant 2009 on Messaging Platforms for Hosted Email Providers, being among those companies that “often shape the future of technology with innovations and new product designs”. Moreover, Radicati’s latest study on Email Platforms for Service Providers Market states “the company has shown huge potential in the past few years and we believe it will continue to innovate and reach new markets”, further acknowledging the product’s innovative qualities and its potential for in the cloud messaging.

“This new release proves yet again our commitment of meeting the ever increasing messaging requirements of today’s business environments. It is also a direct result of our long-term dedication and extensive efforts to present SPs with innovative solutions that they can use to build a higher-end range of Software as a Service (SaaS) offerings for corporate clients,” said Oana Bornaz, AXIGEN CEO.

One of the top nine messaging solutions for hosted email providers according to Radicati’s market studies, AXIGEN is internationally recognized as a top-grade messaging solution and has won the ServerWatch 2007 Product Excellence Award for Best Communications Server.

Source: Gecad Technologies SA

Security Trends to Watch in 2010 – Symantec

Symantec  2010 Security Predictions

Antivirus is Not Enough – With the rise of polymorphic threats and the explosion of unique malware variants in 2009, the industry is quickly realizing that traditional approaches to antivirus, both file signatures and heuristic/behavioural capabilities, are not enough to protect against today’s threats. We have reached an inflection point where new malicious programs are actually being created at a higher rate than good programs. As such, we have also reached a point where it no longer makes sense to focus solely on analyzing malware. Instead, approaches to security that look to ways to include all software files, such as reputation-based security, will become key in 2010.

Social Engineering as the Primary Attack Vector – More and more, attackers are going directly after the end user and attempting to trick them into downloading malware or divulging sensitive information under the auspice that they are doing something perfectly innocent. Social engineering’s popularity is at least in part spurred by the fact that what operating system and Web browser rests on a user’s computer is largely irrelevant, as it is the actual user being targeted, not necessarily vulnerabilities on the machine. Social engineering is already one of the primary attack vectors being used today, and Symantec estimates that the number of attempted attacks using social engineering techniques is sure to increase in 2010.

Rogue Security Software Vendors Escalate Their Efforts – In 2010, expect to see the propagators of rogue security software scams take their efforts to the next level, even by hijacking users’ computers, rendering them useless and holding them for ransom. A less drastic next step, however, would be software that is not explicitly malicious, but dubious at best. For example, Symantec has already observed some rogue antivirus vendors selling rebranded copies of free third-party antivirus software as their own offerings. In these cases, users are technically getting the antivirus software that they pay for, but the reality is that this same software can actually be downloaded for free elsewhere.

Social Networking Third-Party Applications Will be the Target of Fraud – With the popularity of social networking sites poised for another year of unprecedented growth, expect to see fraud being leveraged against site users to grow. In the same vein, expect owners of these sites to create more proactive measures to address these threats. As this occurs, and as these sites more readily provide third-party developer access to their APIs, attackers will likely turn to vulnerabilities in third-party applications for users’ social networking accounts, just as we have seen attackers leverage browser plug-ins more as Web browsers themselves become more secure.

Windows 7 Will Come into the Cross-Hairs of Attackers - Microsoft has already released the first security patches for the new operating system. As long as humans are programming computer code, flaws will be introduced, no matter how thorough pre-release testing is, and the more complex the code, the more likely that undiscovered vulnerabilities exist. Microsoft’s new operating system is no exception, and as Windows 7 hits the pavement and gains traction in 2010, attackers will undoubtedly find ways to exploit its users.

Fast Flux Botnets Increase – Fast flux is a technique used by some botnets, such as the Storm botnet, to hide phishing and malicious Web sites behind an ever-changing network of compromised hosts acting as proxies. Using a combination of peer-to-peer networking, distributed command and control, web-based load balancing and proxy redirection, it makes it difficult to trace the botnets’ original geo-location. As industry counter measures continue to reduce the effectiveness of traditional botnets, expect to see more using this technique being used to carry out attacks.

URL Shortening Services Become the Phisher’s Best Friend - Because users often have no idea where a shortened URL is actually sending them, phishers are able to disguise links that the average security conscious user might think twice about clicking on. Symantec is already seeing a trend toward using this tactic to distribute misleading applications and we expect much more to come. Also, in an attempt to evade antispam filters through obfuscation, expect spammers to leverage shortened URLs shorteners to carry out their own evil deeds.

Mac and Mobile Malware Will Increase – The number of attacks designed to exploit a certain operating system or platform is directly related to that platform’s market share, as malware authors are out to make money and always want the biggest bang for their buck. In 2009, we saw Macs and smartphones targeted more by malware authors, for example the Sexy Space botnet aimed at the Symbian mobile device operating system and the OSX. Iservice Trojan targeting Mac users. As Mac and smartphones continue to increase in popularity in 2010, more attackers will devote time to creating malware to exploit these devices.

Spammers Breaking the Rules – As the economy continues to suffer and more people seek to take advantage of the loose restrictions of the CAN SPAM Act, we’ll see more organizations selling unauthorized e-mail address lists and more less-than-legitimate marketers spamming those lists.

As Spammers Adapt, Spam Volumes Will Continue to Fluctuate – Since 2007, spam has increased on average by 15 percent. While this significant growth in spam e-mail may not be sustainable in the long term, it is clear that spammers are not yet willing to give up as long an economic motive is present. Spam volumes will continue to fluctuate in 2010 as spammers continue to adapt to the sophistication of security software, the intervention of responsible ISPs and government agencies across the globe.

Specialized Malware – Highly specialized malware was uncovered in 2009 that was aimed at exploiting certain ATMs, indicating a degree of insider knowledge about their operation and how they could be exploited. Expect this trend to continue in 2010, including the possibility of malware targeting electronic voting systems, both those used in political elections and public telephone voting, such as that connected with reality television shows and competitions.

CAPTCHA Technology Will Improve – As this happens and spammers have a more difficult time breaking CAPTCHA codes through automated processes, spammers in emerging economies will devise a means to use real people to manually generate new accounts for spamming, thereby attempting to bypass the improved technology. Symantec estimates that the individuals employed to manually create these accounts will be paid less than 10 percent of the cost to the spammers, with the account-farmers charging $30-40 per 1,000 accounts.

Instant Messaging Spam - As cybercriminals exploit new ways to bypass CAPTCHA technologies, instant messenger (IM) attacks will grow in popularity. IM threats will largely be comprised of unsolicited spam messages containing malicious links, especially attacks aimed at compromising legitimate IM accounts. By the end of 2010, Symantec predicts that one in 300 IM messages will contain a URL. Also, in 2010, Symantec predicts that overall, one in 12 hyperlinks will be linked to a domain known to be used for hosting malware. Thus, one in 12 hyperlinks appearing in IM messages will contain a domain that has been considered suspicious or malicious. In mid 2009, that level was 1 in 78 hyperlinks.

Non-English Spam Will Increase – As broadband connection penetration continues to grow across the globe, particularly in developing economies, spam in non-English speaking countries will increase. In some parts of Europe, Symantec estimates the levels of localized spam will exceed 50 percent of all spam.

Source: Symantec Corp

Panda Cloud Antivirus emerges from Beta, bringing free, proven PC Protection to the masses

Panda Security goes beyond the basics with world’s most lightweight and complete free anti-virus service for home users

Panda Cloud Antivirus, the industry’s first and most comprehensive free cloud anti-virus service that protects consumers PCs against the latest malware, spyware, rootkits and viruses, emerged from beta after six months of user testing. To experience the expanded performance and support capabilities of Cloud Antivirus, as well as benefit from both online and offline security protection, consumers can download the free service from Panda Security at http://www.cloudantivirus.com/.

“Since the beta release of Panda Cloud Antivirus in April, we have been judiciously testing our cloud-based protection model, making upgrades in security and performance, and listening to our user community,” said Juan Santana, CEO of Panda Security. “With Panda Cloud Antivirus 1.0, we’ve really changed the game, providing our users the most powerful and lightweight free protection available on the market today.”

Recognized for being “the first anti-virus without an update button”, Panda Cloud Antivirus delivers the fastest protection against the newest and most dangerous viruses. This is made possible thanks to Collective Intelligence, Panda’s advanced system that gathers malware information from its global community of users in the cloud to automatically identify and classify new malware strains in minutes. Collective Intelligence combines local detection technologies with real-time cloud-scanning to maximize protection while minimizing resource consumption. Available in 11 languages, Panda Cloud Antivirus works under Windows XP (32 bits), Windows Vista (32bits and 64bits) and Windows 7 (32bits and 64bits) operating systems and only consumes 20 MB of RAM.

According to a recent PC World review of free anti-virus offerings:

“Among all of the free anti-virus software we tested for our latest roundup, Panda Cloud Antivirus was the best app at blocking known malware. The approach is intended to take advantage of the latest signatures without the need for signature-database updates-and if its excellent showing at detecting malware in AV-Test.org’s zoo of half a million samples is any indication, the approach works. Panda’s app produced an impressive 99.4 percent overall detection rate.”

Notable new features and upgrades to Cloud Antivirus from the initial beta include:

– New and improved interface makes Cloud Antivirus even easier to use
– Improved performance with cache optimization and memory management lowers CPU utilization and memory consumption
– New website and Collective Intelligence Monitor give users access to a list of malware from the community that is updated in real-time
– Online support forums now available at http://www.cloudantivirus.com/forum/index.jspa

Source: Panda Security

VASCO Data Security launches DIGIPASS Authentication for Windows Logon

VASCO Data Security Inc. announced the launch of ‘DIGIPASS Authentication for Windows Logon’. DIGIPASS Authentication for Windows Logon offers companies of all size a cost effective way of protecting their Windows PCs which are connected to the corporate network, against unauthorised access.

With the availability of ‘DIGIPASS Authentication for Windows Logon’ VASCO also announces the availability of IDENTIKEY Server Enterprise Edition. IDENTIKEY is VASCO’s comprehensive authentication server for network and application security offering OTP and e-signature capability.

IDENTIKEY Server Enterprise Edition

With IDENTIKEY Server Enterprise Edition, VASCO makes IDENTIKEY based strong authentication available to a vaster range of enterprises from large companies to smaller enterprises, starting at 5 users. VASCO’s IDENTIKEY offering consists of a number of standard packages:

Standard Edition: includes authentication through RADIUS on a single server
Gold Edition: comprises authentication through RADIUS and on IIS-based applications and can be installed on a Primary server with replication on a backup server
Enterprise Edition: includes authentication through RADIUS and on IIS-based applications, as well as internet hosted business applications and offers DIGIPASS Authentication for Windows Logon.  This edition includes licenses for 7 servers.

The solution is made extremely convenient and simple, which makes it suitable for VASCO’s channel partners to implement and straightforward for the SME to use. Furthermore the solution is highly scalable: applications and users can easily be added as the company grows.

Traditionally companies start to secure their remote access with DIGIPASS strong user authentication. The use of static password, the weakest link when it comes down to security, is replaced with a dynamic One-Time Password (OTP) generated by DIGIPASS®.

As their understanding of strong authentication grows, they look to secure other applications with the same DIGIPASS, like portals, e-commerce, online applications.

Large enterprises increasingly look at authentication to secure their business critical applications including CRM, ERP, payroll systems, SaaS-applications,… These enterprises often have offices all over the world and largely depend on network infrastructure to communicate between offices. IDENTIKEY Enterprise Edition is ideally suited for distributed environments: it can be installed on up to 7 servers offering a high availability solution for authentication and supporting the distributed working environments of large enterprises.

IDENTIKEY is based on VASCO’s core VACMAN® technology and customers can choose from a wide range of DIGIPASS authenticators, both hardware and software based, which best fit the need of the end-user.

DIGIPASS Authentication for Windows Logon

DIGIPASS Authentication for Windows Logon offers companies of all size a cost effective way of protecting their Windows PCs which are connected to the corporate network, against unauthorised access. Even when laptops are not connected to the LAN, they remain protected, increasing the security of data stored on them in case they go missing or get stolen.

‘DIGIPASS Authentication for Windows Logon’, a feature of IDENTIKEY Enterprise Edition, is installed as a small software module on the end user’s Windows environment. It can be installed on desktop PCs and laptops that are connected to the corporate network. As soon as ‘DIGIPASS Authentication for Windows Logon’ is setup, it replaces the original login window by a version that will send the login credentials to IDENTIKEY Server for verification.

When laptops are used outside the corporate network, for instance on the road or at home, the log-on module will work in unconnected mode, allowing the same strong authentication functionality as in connected mode. If the computer works in unconnected mode, the login credentials are validated against a local database of one-time passwords. These OTPs are generated when the PC is working in connected mode, and they are securely encrypted and stored. With thousands of OTPs generated upfront, the user can work for several weeks in unconnected mode.

“The need for authentication is only growing. With IDENTIKEY and a single DIGIPASS, enterprises can secure the access to corporate networks, applications and business critical data. With the extension of the IDENTIKEY product-line with standard packaged solutions and adding DIGIPASS Authentication for Windows Logon, we are able to reach out to more enterprises, ranging from the 5-employee enterprise to the multi-national with several offices worldwide,” says Jan Valcke, President and COO at VASCO Data Security.

In Rogues We Trust: Webroot survey reveals internet users of all skill levels fall for cybercriminals tricky tactics

Webroot Also Finds 2 Out of Every 10 Threats Detected in August Were Fake Security Alerts & Products

Computer-savvy consumers are more susceptible than novices to “fake alerts” and rogue security products – bogus malware infection warnings and malicious programs masquerading as legitimate security applications – according to a new survey from Webroot, a leading provider of Internet security for the consumer, enterprise and SMB markets.

Surveying nearly 1,200 individuals ranging in age and computer proficiency levels, Webroot explored the risks and consequences of infection by malware associated with fake alerts. Among the key findings:

– Advanced users clicked on suspicious messages at a greater rate than less experienced users
– 20 percent of respondents strongly trust the first page of search results – a common target for fraudulent links
– Nearly one fifth reported varying levels of financial or data loss following infection
– Over half experienced infections consistent with those of fake alert-related malware

“Cybercriminals prey on our curiosity,” said Mike Kronenberg, chief technology officer of Webroot’s Consumer Business Unit. “Links to seemingly real search results and videos — and now even ads on reputable news sites – trigger fake warnings claiming you’re infected or need ‘Home Antivirus 2010′ or another bogus product. And business must be booming for these thieves, judging from the rapid rate at which Webroot is seeing new programs and variants created in an attempt to bypass security technology. But with the right education, vigilance and technology, consumers can take steps to protect themselves.”

The Anatomy of a Fake Alert

Webroot has seen a rise in the incidence of fake alerts and rogue security products. According to the Webroot Threat Research team, two out of every 10 threats detected by Webroot’s products in the month of August were associated with fake alerts and rogue security products.

The appearance of fake alerts changes frequently. Ranging from phony Windows Security Center warnings to notifications for security scans and viewer or codec downloads, each is designed to appear legitimate and urgent. According to the Webroot Threat Research team, Internet users can encounter fake alerts through three main vectors:

– Fraudulent links appearing at or near the top of search results. For example, on Monday Webroot found that a search for news stories about the arrest of film director Roman Polanski yielded links that redirected to a fake security scan and to “Windows PC Defender,” a known rogue security product.
– Phony file links. Webroot recently reported on its Threat Blog that the Koobface worm is now sending phony video links, seemingly from a friend, to members of Facebook, MySpace, Twitter and other social networks. The links trigger viewer download messages that activate infection when clicked.
– Ads on legitimate Web sites. Webroot researchers recently investigated the origins of a bogus ad on NYTimes.com earlier this month which contained code leading to a fake alert and rogue product.

Key Findings

Results from the Webroot survey indicate a general lack of awareness of fake alerts and rogue security products, a higher rate of engagement among advanced and power users, and costly and inconvenient consequences of infection.

Lack of awareness leaves individuals vulnerable:
– 20 percent strongly agree the first page of search results includes trustworthy links
– 40 percent did not know the meaning of “fake alerts,” and 69 percent were unfamiliar with “rogue security products”
– 25 percent clicked on links to unfamiliar sites
– 13 percent clicked on pop-up messages requiring the download of a special viewer or codec

Experienced computer users are more susceptible:
– Over 50 percent of advanced users encountered a fake Windows Security enter alert, versus 33 percent of novice users
– 26 percent of advanced users encountered a fake security scan, compared to approximately 10 percent of less experienced users
– 23 percent of advanced users clicked on a fake alert and in some cases purchased rogue security products; conversely, 10 percent of novice users did the same

Clicking a fake alert can lead to consequences ranging from nuisance to costly:

– 43 percent of respondents experienced ongoing pop-up messages after clicking
– 26 percent had to have their computers repaired
– 11 percent lost files and documents following infection
– 8 percent had to purchase a new computer or experienced unauthorized credit card charges

Tips for Safer Surfing

Webroot recommends the following actions to protect against the risks and consequences of fake alerts:

Be vigilant – Do not click pop-up security alerts from unfamiliar companies, or poorly worded messages from known providers. Only purchase security products from reputable companies. Check for links to familiar sites among search engine results. On social networks, do not follow suspicious video links from “friends,” or emails, friend requests, site links and other items from unknown sources
Even with security programs in place, remain vigilant – Malware authors are continually writing new programs to avoid detection, so pay close attention to suspicious behavior
Always install updates – Equally if not more important, if you’re using antimalware software, be sure to install updates which include the latest malware definitions to protect you from new variants of known threats; do the same with updates to your operating system
If you’re not protected – Scan your machine for dormant viruses with a free scan; and protect your PC with an Internet security suite that includes antivirus, antispyware, and firewall technologies

Webroot offers several comprehensive Internet security solutions for consumers including Webroot® AntiVirus with Spy Sweeper®, and Webroot® Internet Security Essentials. For more information about these and other products, please visit http://www.webroot.com/En_US/consumer.html.

Next Page »

• Recent Posts

  • Wordfast Pro 2.3 for Windows
  • Panda Security reports over 13 Million users affected by Mariposa Botnet
  • Trend Micro Threat Research Report: 9 Million ZeuS attacks blocked by Trend Micro in the last 6 months
  • SonicWALL identifies growing threat of cybercriminals attacking new searches
  • Introducing the Fraud Prevention Suite to combat fraud in international eCommerce
  • Panda Security and Defence Intelligence coordinate massive botnet shutdown with international law enforcement
  • SAP Business One 8.8 beckons new era of software for small businesses
  • Microsoft announces global launch of Windows MultiPoint Server 2010
  • SIIA announces finalists for 2010 CODiE Awards in Education categories
  • New Emotional Technology in KODAK Picture Kiosks creates opportunity to tap into trillions of images
  • Cybercriminals continue to show their love for Valentine’s Day
  • Tableau launches free software to make data social
  • Apple releases Aperture 3
  • Solutionary identifies Top Security Risks and provides precautionary tips for Winter Olympic Games
  • Top 10 Malware Threats for January

• Tags

  2009 2010 America antivirus Apple application beta browser business Conficker cybercriminals data protection download educational encryption free Home Software IBM internet iPhone Mac Malware Microsoft news office online PandaLabs Panda Security productivity protection safety security Security Software service software Software News tech technology threats Trend Micro United States US USA Windows Windows 7