TechJournal South Header

Posts Tagged ‘Panda Labs’

Virus yearbook names most unique viruses of 2012

Wednesday, January 2nd, 2013

Panda SecurityPandaLabs, the antimalware laboratory of Panda Security, the Cloud Security Company, has published its Virus Yearbook for 2012, outlining its picks for the most unique viruses of the past year.

Rather than a ranking of the most widespread viruses, or those that have caused most infections, these viruses are ones that deserve mention for standing out from the more than 24 million new strains of malware that emerged.

  • Police virus: This strain of malware caused most headaches for users and IT departments alike. It purports to show a message from the police telling users that their computer has been blocked – which it has – because they have supposedly downloaded illegal material. To recover their systems, users are asked to pay a fine. The most recent versions even show images taken with the user’s webcam, making the scam all the more realistic.
  • FlameA close relative of Stuxnet, Flame is one of the most powerful cyber-war tools created so far, and infections have been focused primarily in the Middle East.
  • Flashback: A bot that breaks away from the norm of infecting Windows and targets Apple systems and attacks thousands of Mac computers around the world. Since it appeared, Mac users are no longer quite as relaxed about security as they once were.
  • Zeus: A Trojan that steals information from users of online banking services. This family of malware has been known for some time, yet it continues to spread. However this year new variants were detected, which in addition to infecting computers, compromise security on smartphones (Android, BlackBerry, Symbian), targeting those banks that send information via cellphone to customers as an additional security measure.
  • Koobface: The most mendacious malware of the year, spent the whole of 2012 spreading endless lies on social networks in order to infect users. In one attack it related a spurious story about President Obama having punched someone who racially insulted him. So beware of sensational stories on social media, this is a favorite trick of cyber-crooks.
  • BlackHole Exploit kit: One of the most popular kits for creating malware over the last year. It exploits numerous security holes to install and uses all types of exploits, particularly Java and Adobe.
  • DarkAngle: A fake antivirus that poses as Panda CloudAntivirus. It takes advantage of the renown of Panda Security’s free cloud antivirus to infect as many computers as possible.
  • Ainslot.L: When it infects, the Ainslot.L bot scans computers and removes any other bots it finds.
  • Kuluoz: A worm that refers to things supposedly bought only and then infects computers. The worm arrives in an email that looks as though it has been sent from FedEx, and tells users they have a parcel to collect.

More information is available in the PandaLabs Blog.

Java, Adobe vulnerabilities top targets for cyber crooks in 2013

Thursday, December 20th, 2012

AdobeSoftware vulnerabilities will be the main target of cyber-criminals next year, according to a list of security trends that will dominate in 2013, by PandaLabsPanda Security’s malware laboratory.

“It is undoubtedly the preferred method of infection for compromising systems transparently, used by both cyber-criminals and intelligence agencies in countries around the world,” said Luis Corrons , technical director of PandaLabs.

In 2012, Java, which is installed on hundreds of millions of devices, was repeatedly compromised and used to actively infect millions of users. Adobe, given the popularity of its applications (Acrobat Reader, Flash, etc.) and its multiple security flaws, was also one of the favorite tools for massively infecting users as well as for targeted attacks.

“Although it is assumed that home users are exposed to the highest risk, updating applications, which is essential for protecting against these types of attacks, is a very complex process for corporations who must coordinate the update among all workstations,” explained Luis Corrons . “At the same time, all the applications used in a company must work correctly. This makes the update processes slow, which opens a window that is exploited to steal information in general and launch targeted attacks in search of confidential data.”

PandaLabs predicts that other areas that will emerge in 2013 as dominant security issues are:

  • Social networks: The second most widely used technique is social engineering. Tricking users into collaborating to infect their computers and steal their data is an easy task, as there are no security applications to protect users from themselves. In this context, use of social networks (Facebook, Twitter, etc.), places where hundreds of millions of users exchange personal information, makes them the preferred hunting ground for tricking users.

Particular attention should be paid to Skype, which after replacing Messenger, could become a target for cyber-criminals.

  • Malware for mobile devices: Android has become the dominant mobile operating system. In September 2012, Google announced that it had reached 700 million Android activations. Although it is mainly used on smartphones and tablets, its flexibility and the fact that you do not have to buy a license to use it are going to result in new devices opting to use Google’s operating system. Its use is going to become increasingly widespread, from televisions to all types of home appliances, which opens up a world of possible attacks as yet unknown.
  • Cyber-warfare / Cyber-espionage: Throughout 2012, different types of attacks have been launched against nations. The Middle East is worth mentioning, where the conflict is also present in cyber-space. In fact, many of these attacks are not even carried out by national governments but by citizens, who feel that they should defend their nation by attacking their neighbors using any means available.

Furthermore, the governments of the world’s leading nations are creating cyber commandos to prepare both defense and attack and therefore, the cyber-arms race will escalate.

  • Growth of malware: For two decades, the amount of malware has been growing dramatically. The figures are stratospheric, with tens of thousands of new malware strains appearing every day. This sustained growth seems very far from coming to an end.

Despite security forces being better prepared to combat this type of crime, they are still handicapped by the absence of borders on the Internet. A police force can only act within its jurisdiction, whereas a cyber-crook can launch an attack from country A, steal data from citizens of country B, send the stolen data to a server situated in country C and could be living in country D. This can be done in just a few clicks, whereas coordinated action of security forces across various countries could take months. For this reason, cyber-criminals are still living their own golden era.

  • Malware for Mac: Cases like Flashback, which occurred in 2012, have demonstrated that not only is Mac susceptible to malware attacks but that there are also massive infections affecting hundreds of thousands of users. Although the number of malware strains for Mac is still relatively low compared to malware for PCs, we expect it to continue rising. A growing number of users added to security flaws and lack of user awareness (due to over-confidence), mean that the attraction of this platform for cyber-crooks will continue to increase next year.
  • Windows 8: Microsoft’s latest operating system, along with all of its predecessors, will also suffer attacks. Cyber-criminals are not going to focus on this operating system only but they will also make sure that their creations work equally well on Windows XP to Windows 8, through Windows 7.

One of the attractions of Microsoft’s new operating system is that it runs on PCs, as well as on tablets and smartphones. For this reason, if functional malware strains that allow information to be stolen regardless of the type of device used are developed, we could see a specific development of malware for Windows 8 that could take attacks to a new level.

More information at PandaLabs blog.

 

Three of four new malware infections in Q2 caused by Trojans

Tuesday, August 7th, 2012

Panda SecurityIn the second quarter of 2012 alone, more than six million new malware samples were created, a similar figure to the first quarter, according to PandaLabsPanda Security‘s anti-malware laboratory, in its Q2 quarterly report.

The Quarter at-a-Glance
In the report, PandaLabs highlights several top security incidents that occurred during Q2, including the proliferation and evolution of the ‘Police Virus’ from scareware to ransomware, and Flame, a cyber-espionage virus that has become one of the highlights of the year.

The report also covers the latest cases of cyber-crime, such as a hacker attack on Wikipedia users, the exploitation of a major security hole in Iran’s banking system, and the new ways found by law enforcement agencies to fight data theft.

It includes information about the latest attacks on mobile phones and social networking sites, the cyber-espionage operations between nations such as the United States and Yemen, and the traditional cyber-conflict between North and South Korea.

In addition to security trends, PandaLabs provides analysis of all malware samples it received throughout the quarter and details its findings in the Q2 report.

Approximately One Third of Computers Worldwide are Infected
The average number of infected PCs across the globe stands at 31.63 percent, falling almost four percentage points compared to Q1, according to Panda Security’s Collective Intelligence data.  Countries in Asia take the top three spots of most infections per country, with South Korea leading (57.30 percent of infected PCs) for the first time ever, up by almost three percentage points compared to Q1. China takes the second spot (51.94 percent), followed by Taiwan and Bolivia.

Nine of the ten least infected countries are in Europe with the only exception being Uruguay. The country with the fewest infections is Switzerland(18.40 of infected PCs), followed by Sweden (19.07 percent), comprising the only nations with fewer than 20 percent of computers infected. Norway, the United Kingdom, Uruguay, Germany, Ireland, Finland, Hungary and Holland are the other eight countries with the fewest malware infections.

“The list of least infected countries is dominated by some of the world’s most technologically advanced nations, with the sole exception of South Korea,” said Luis Corrons, technical director of PandaLabs. “Even though there may be other factors that influence these results, there seems to be a clear connection between technological development and malware infection rates.”

Malware Statistics
malware graphTrojans continued to account for most of the new threats created this quarter (78.92 percent); worms took second place, comprising 10.78 percent of samples; followed by viruses at 7.44 percent. The last place was occupied by adware/spyware at 2.69 percent.

Interestingly, viruses continued their decline, moving from second place in the 2011 Annual Report (14.24 percent) to third place (7.44 percent) this quarter. Worms maintained their second position, rising from 9.30 percent last quarter to almost 11 percent this quarter.

When it comes to the number of infections caused by each malware category, Trojans once again topped the ranking, accounting for more infections than in the first quarter (76.18 percent compared to 66.30 percent).

Viruses came second (7.82 percent), followed by worms (6.69 percent). “It is interesting to note that worms have only caused six percent of infections despite accounting for almost 11 percent of all new malware,” said Corrons.

“The figures corroborate what is well known – massive worm epidemics have become a thing of the past and have been replaced by an increasing avalanche of banking Trojans and specimens such as the Police Virus.”

 
\

Number of brands targeted by cyber crime at an all time high

Thursday, July 19th, 2012

APWGThe number of brands targeting by phishing attacks sustained an all-time high of 382 in February and March of this year, while cybercrime gangs deployed a record number of phishing websites during the same quarter.

APWG Secretary General Peter Cassidy said, “The reach and ambition of cybercrime gangs advances apace today, a decade on from when the first phishing attacks were reported.

In the first quarter of the year, reports received by the APWG indicate new record highs in the numbers of attacks on identifiable brands, the numbers of phishing websites to lure Web users – and in the proportion of malware executables comprised of advanced Trojans for cybercrime.”

hijacked brands chart

The APWG reports that February and March 2012 sustained an all-time high of 392 brands targeted by phishers. This was an 8 percent increase from the previous all-time high of 362, recorded in December 2011. The previous high before December was 356, reached in October 2009.

Meanwhile, the number of unique phishing sites detected in a single month by the APWG reached 56,859 in February, which was an all-time high. The February figure eclipsed the previous record high of 56,362, which was recorded in August 2009, by almost 1 percent.

In the first three months of 2012, PandaLabs identified more than six million unique malware samples. Most of the infections were caused by Trojans (80 percent of all new malware samples), setting a new record high.

According to Luis Corrons, PandaLabs Technical Director and APWG Trends Report contributing analyst, “This demonstrates that massive worm epidemics have become a thing of the past, and have been replaced by a silent Trojan invasion.”

Payment services category 2nd most popular

“Phishing measurements are up across the board, with one of the biggest increases we have ever seen in a single quarter, said Ihab Shraim, CISO and VP, AntiFraud Operations and Engineering, MarkMonitor.

“We also observed the payment services category returning to its position as the second-most-popular phishing sector and large increases in activity in the social networking, ISP, and government sectors, too.”

Carl Leonard of Websense Security Labs said, “This quarter, we saw an interesting scam using a pdf attachment as a lure to capture personally identifiable information. The information in that pdf file was a faked signed document from a popular global banking institution.”

The full text of the report is available here: http://apwg.org/reports/apwg_trends_report_q1_2012.pdf

Highlights of the Q1, 2012 report include:

● During the quarter, USA remained the top nation for hosting phishing-based Trojans, and Azerbaijan cracked the top 10 for the first time ever, in March 2012

● The average number of infected PCs across the globe stands at 35.51 percent, which is more than three percentage points lower than in 2011

● China continues to be the most affected country (with 54.10 percent of infected PCs), and remains the only country with an infection ratio over 50 percent

● Brand-Domain Pairs Measurement is up across the board with one of the biggest increases ever seen in a single quarter

● In the first three months of 2012, more than six million unique malware samples were identified

● Financial Services continued to be the most-targeted industry sector in the first quarter of 2012

● Sweden set a new hygienic record with the lowest percentage of PCs infected by malware, with less than 18 percent of its computers so affected

 

Second quarter one of the worst on record for cybersecurity

Wednesday, July 6th, 2011

Panda SecurityThis quarter has been one of the worst on record for cybersecurity breaches, with hacking groups Anonymous and LulzSec causing widespread mayhem and organizations such as RSA Security, the U.S. Defense Department, the International Monetary Fund, the European Space Agency, Sony, Citigroup and SEGA all falling victims to attacks.  So says Panda Labs, Panda Security’s anti-malware laboratory, in its Quarterly Report for Q2, analyzing the IT security events and incidents from April through June 2011.

While Media Obsesses over Illegal Stunts, Malware Creation Shows No Signs of Slowing

In the last quarter, malware of all kinds has spread substantially, with PandaLabs observing 42 new malware strains created every minute. Once again, Trojans accounted for most of the new threats, comprising nearly 70 percent of all new malware created, followed by viruses (16 percent) and worms (12 percent).

As recorded by Panda Security’s online scanner, Panda ActiveScan, Trojans were responsible for 69 percent of infections, followed once again by viruses (10 percent) and worms (8.53 percent). Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all the infections, indicating the substantial effort malware writers are taking to promote this type of malicious code. Fake anti-virus programs, which are included in the adware category, have also continued to grow.

A graph of malware infections by type is available at prensa.pandasecurity.com/wp-content/uploads/2011/06/DISTRIBUTION.jpg.

Asian Countries Lead Infection Rankings

In the ranking of the top 20 countries with the most infections, China, Thailand and Taiwan once again continue to occupy the top three spots. PandaLabs observed Sweden, Switzerland and Norway as being the least infected countries.

Top Security Incidents:

  • LulzSec and Anonymous: A new hacker group LulzSec emerged this quarter, specializing in stealing and posting Personally Identifiable Information (PII) from companies with poor security as well as carrying out denial of service attacks (against the CIA website, for example). They also released a full list of PII data they had previously stolen such as email addresses and passwords, which has led to account hijacking and other forms of identity theft. At the end of June, LulzSec teamed up with Anonymous for “Operation: Anti-Security,” encouraging supporters to hack into, steal and publish classified government information from any source. On June 26, LulzSec released a statement on Twitter announcing the end of their activities. Nevertheless, they urged hackers to carry on with operation Anti-Security (#Antisec) and join the Anonymous IRC channel.
  • Corporate Breaches: RSA, the security division of EMC Corporation, announced in mid-March it had suffered a breach on its network systems that exposed proprietary information about its two-factor hardware-based authentication system, SecurID. In May, Lockheed Martin, the largest provider of IT services to the U.S. government and military, suffered a network intrusion stemming from data stolen pertaining to RSA. It seems that the cyber-thieves managed to compromise the algorithm used by RSA to generate security keys. RSA will have to replace the SecurID tokens of more than 40 million customers around the world, including some of the world’s biggest companies.
  • Sonygate: The most infamous attack that occurred this quarter was the one Sony suffered. Everything started with the theft of data from their PlayStation Network (PSN), affecting 77 million users worldwide. Not only was this the biggest data theft on record, but the situation was also poorly communicated to customers by the company, which hid the problem for days. When Sony finally made it public they simply said there was evidence that some user data could have been compromised, even though they knew the situation was far more serious.

Two new exploits aimed at Facebook and Twitter users

Monday, January 31st, 2011

Panda LabsORLANDO, FL – Our vigilant friends at Panda Security have discovered two new security exploits taking advantage of popular social media sites Facebook and Twitter. In the last several days, two new malware strains have been wreaking havoc on Facebook users.

The first, Asprox.N, is a Trojan delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed. The email includes a fake Word document attachment, supposedly containing the new password, with an unusual icon and the filename Facebook_details.exe.

Deceiving victims by opening a .doc file upon opening the attachment, this file is really a Trojan that downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.

The second new malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users’ access while informing that the account has been suspended.

To “reactivate” their account, users are asked to complete a questionnaire, promising prizes such as laptops and iPads. After several questions, users are asked to subscribe and enter their cell phone number, which is in turn charged a fee of $11.60 per week. Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.

“Once again cybercriminals are using social engineering to trick victims and infect them with malware,” said Luis Corrons, technical director of PandaLabs. “Given the increasing popularity of social media, it is no surprise that it is being exploited to lure victims.”

To avoid security threats such as these, PandaLabs recommends users be wary of any unexpected messages with unusually eye-catching subjects and avoid clicking on external links, running executable files or entering personal data into unknown applications or web forms.

Investigators infiltrate cyber-crime networks, shed light on online black market

Thursday, January 20th, 2011

Panda SecurityORLANDO, FL – PandaLabs, Panda Security‘s anti-malware laboratory, infiltrated the cyber-crime black market and has released a fascinating report on what it found in the darker back alleys of the Internet.

It discovered a vast network selling stolen bank details along with other types of products in forums and more than 50 dedicated online stores. This is a rapidly growing industry and cyber-criminals are aiding and abetting each other’s efforts to steal personal information for financial profit. After posing as a cyber-criminal to infiltrate the network, PandaLabs made some alarming discoveries which are available in the full report .

The cyber-crime black market, which has traditionally centered on distributing bank and credit card details stolen from users around the world, diversified its business model in 2010, and now sells a much broader range of hacked confidential information including bank credentials, log-ins, passwords, fake credit cards and more. But as openly available as this information is, PandaLabs discovered that it can only be accessed by personally contacting the hackers who are promoting their information for sale on forums and in chat rooms.

Making the Sale

By having access to bank credentials, criminals can easily defraud any bank or credit card account long before the hack is discovered. Alarmingly, this data can be purchased for as little as $2 per card, but this level does not provide additional information or verification of the account balance available. If the buyer wants a guarantee for the available credit line or bank balance, the price increases to $80 for smaller bank balances and upwards of $700 to access accounts with a guaranteed balance of $82,000.

Prices are higher if the accounts have a history of online shopping or use payment platforms such as PayPal. For a simple account without a guaranteed balance, PandaLabs found prices starting at $10 and increasing to $1,500 depending on the platform and the guarantee of available funds. Similarly, these cyber-criminals also offer cloned credit/debit cards (from $180), card cloning machines ($200-1,000), and even fake ATM machines (from $3,500 depending on the model).

Money laundering, other services available

Additional products such as money laundering services (bank transfers or cashing checks) are available for a commission ranging from 10 to 40 percent of the operation. If buyers want to use stolen bank details to buy products online, but are wary of being traced through the delivery address, the cyber-criminals will make the purchase and forward the goods for a fee of between $30 and $300 (depending on the chosen product).

For more sophisticated cyber-criminals who want to set up their own fake online stores and use rogueware techniques to obtain both user details and also reap the money these unsuspecting victims pay for fake antivirus products, there are also teams available to deliver turnkey projects, design, develop and publish the complete store, even positioning it in search engines. In this case, the price depends on the project.

Prices for botnet rental for sending spam (using bot-infected zombie computers, for example) vary depending on the number of computers used and the frequency of the spam, or the rental period. Prices start at $15 and rise to $20 for the rental of a SMTP server or VPN to guarantee anonymity.

2010 accounted for a third of all cyber viruses, but new threat growth slows

Wednesday, January 5th, 2011

Panda SecurityORLANDO, FL – In 2010, cyber-criminals created and distributed one-third of all existing viruses, creating 34 percent of all malware that has ever existed and been classified by the company. So says Panda Labs, the antimalware laboratory of Panda Security, in its annual report for 2010.

Panda Security’s proprietary Collective Intelligence system, which automatically detects, analyzes and classifies 99.4 percent of all malware received, currently stores 134 million unique files, out of which 60 million are malware (viruses, worms, Trojans and other computer threats).

Despite these dramatic numbers, the report highlights some good news. PandaLabs discovered that the speed at which the number of new threats is growing has actually decreased when compared to 2009. Every year since 2003, new threats grew by at least 100 percent every year, but in 2010, the increase was approximately 50 percent.

Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. In addition, a fairly recent newcomer to the malware landscape, rogueware (fake antivirus software) already comprised 11.6  of all the malware gathered in the Collective Intelligence database, and has become a category, that despite appearing only four years ago, has created great havoc among users.

For a visual representation of the breakdown of malware categories, please visit: www.flickr.com/photos/panda_security/5299741783/ .

The countries leading the list of most infections are Thailand, China and Taiwan, with 60 to 70 percent of infected computers (data gathered from the free scanning tool Panda ActiveScan in 2010). To see a graph of how other countries ranked, see: www.flickr.com/photos/panda_security/5299741647/ .

2010 witnessed hackers exploit social media, the positioning of fake websites (BlackHat SEO techniques) and zero-day vulnerabilities as its primary methods of infection. Spam also kept its position as one of the main threats in 2010, despite the fact that the dismantling of certain botnets (like the famous Operation Mariposa or Bredolab) prevented many computers from being used as zombies to send spam. This created a positive effect in spam traffic worldwide. Last year, approximately 95 percent of all email traffic globally was spam, but this dropped to an average of 85 percent in 2010.

2010: Cyber-crime, Cyber-war and Cyber-activism

2010 was truly the year of cyber-crime, cyber-war and cyber-activism. Although cyber-crime has existed for many years, cyber-war became a much more active and aggressive part of the malware landscape. The most notorious was Stuxnet, a new worm that targeted nuclear power plants and managed to infect the Bushehr plant, as confirmed by the Iranian authorities.

Simultaneously, a new worm appeared called “Here you have,” that was created by a terrorist organization known as “Brigades of Tariq ibn Ziyad.” According to this group, their intention was to remind the United States of the 9/11 attacks and call for respect for the Islamic religion as a response to Pastor Terry Jones’ threat of burning the Quran.

And even though some aspects are still to be clarified, Operation Aurora was also in the spotlight. The attack, allegedly launched from China, targeted employees of large multinationals by installing a Trojan on their PCs that could access all their confidential information.

2010 also witnessed the emergence of new phenomenon called cyber-protests or hacktivism. This phenomenon, made famous by the Anonymous group, is not actually new, but grabbed the headlines in 2010 for the coordinated DDoS attacks launched on copyright societies and their defense of WikiLeaks’ founder Julian Assange.

Social Networks in the Spotlight

Besides offering information about the main security holes in Windows and Mac, the 2010 Annual Security Report also covers the most important security incidents affecting the most popular social networking sites.

Facebook and Twitter were the most affected, but there were also attacks on other sites including LinkedIn and Fotolog.

There were several techniques used for tricking users on these sites, such as hijacking Facebook’s “Like” button, stealing identities to send out messages from trusted sources, exploiting vulnerabilities in Twitter to run Javascript code and distributing fake apps that redirect users to infected sites.

The full report is available at press.pandasecurity.com/press-room/panda-white-paper/.

The ten biggest cyber security threats for 2011

Tuesday, December 14th, 2010

Panda LabsORLANDO, FL -PandaLabs, the antimalware laboratory of Panda Security, the cloud security company, has forecasted several radical innovations in cyber-crime for 2011. Hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year. There will also be an increase in the threats to Mac users, new efforts to attack 64-bit systems and zero-day exploits.

Following is a summary of what PandaLabs predicts as the ten major security trends of 2011:

1. Malware creation: In 2010, PandaLabs witnessed significant growth in the amount of malware and discovered at least 20 million new strains, more than in 2009. At present, Panda’s Collective Intelligence database stores a total of more than 60 million classified threats. The actual rate of growth year-on-year however, appears to have peaked. Several years ago it was over 100 percent and in 2010 it was 50 percent.
2. Cyber war: Stuxnet and the WikiLeaks cables suggesting the involvement of the Chinese government in the cyber-attacks on Google and other targets have marked a turning point in the history of these conflicts. Stuxnet was an attempt to interfere with processes in nuclear plants, specifically, with uranium centrifuge. Attacks such as these, albeit more or less sophisticated, are still ongoing, and will undoubtedly increase in 2011, even though many of them will go unnoticed by the general public.
3. Cyber-protests: Cyber-protests , or hacktivism, are all the rage and will continue to grow in frequency. This new movement was initiated by the Anonymous group and Operation Payback, targeting organizations trying to close the net on Internet piracy, and later in support of Julian Assange, editor-in-chief of WikiLeaks. Even users with limited technical know-how can join in the distributed denial of service attacks (DDoS) or spam campaigns.
Despite hasty attempts in many countries to pass legislation to counter this type of activity effectively by criminalizing it, PandaLabs believes that in 2011 there will be more cyber-protests, organized by this group or others that will begin to emerge.
4. Social engineering: Cyber-criminals have found social media sites to be their perfect working environment, as users are even more trusting with these than with other types of tools, such as email.
Throughout 2010, PandaLabs witnessed various attacks that used the two most popular social networks – Facebook and Twitter – as launching pads. In 2011, not only will hackers continue to use these networks, but it is predicted that they will also be used more for distributed attacks.
BlackHat SEO attacks (indexing and positioning of fake websites in search engines) will also be widely employed throughout 2011, as always, taking advantage of hot topics to reach as many users as possible. In addition, a significant amount of malware will be disguised as plug-ins, media players and other similar applications.
5. Windows 7 influencing malware development: It will take at least two years before there is a proliferation of threats designed specifically for Windows 7. In 2010, PandaLabs began seeing a shift in this direction, and predicts that in 2011, new cases of malware targeting users of this new operating system will continue to emerge.
6. Mobile phones: In 2011 there will be new attacks on mobile phones, but it will not be on a massive scale. Most of the existing threats target devices with Symbian, an operating system which is now on the wane. Of the emerging systems, PandaLabs predicts that the threats for Android will increase considerably throughout the year, becoming the number one mobile target for cyber-crooks.
7. Tablets: The dominance of the iPad will start to be challenged by new competitors entering the market. Therefore PandaLabs does not believe that tablet PCs will become a major consideration for the cyber-criminals in 2011.
8. Mac: Malware for Mac exists, and will continue to exist. And as the market share of Mac users continues to grow, the number of threats will grow. The greatest concern is the number of security holes in the Apple operating system. Developers will need to patch these holes as soon as possible, as hackers are well aware of the possibilities that these vulnerabilities offer for propagating malware.
9. HTML5: HTML5 is the perfect target for many types of criminals and could eventually replace Flash. It can be run by browsers without any plug-ins, making it even more attractive to find a security hole that can be exploited to attack users regardless of which browser they use. PandaLabs expects to see the first attacks on HTML5 in the coming months.
10. Highly dynamic and encrypted threats: PandaLabs expects dynamic and encrypted threats to increase in 2011. PandaLabs is receiving more and more encrypted, stealth threats designed to connect to a server and update themselves before security companies can detect them. There are also more threats that target specific users, particularly companies, as information stolen from businesses will fetch a higher price on the black market.

Hackers creating 57K fake sites a week to exploit brands

Thursday, September 9th, 2010

Panda LabsHackers are creating 57,000 new websites each week that exploit approximately 375 high-profile brand names worldwide at any time, according to Florida-based Internet security company Panda Labs.

These findings are based on a three-month long study conducted by PandaLabs of its global malware database. Notably, eBay and Western Union-related URLs comprise 44 percent of all malicious sites, with Visa, Amazon, Bank of America and PayPal also heavily targeted by cybercriminals.

The 10 most beleaguered brands, along with the percentage they are targeted among all fake websites tracked by PandaLabs, are as follows:

1. eBay – 23.21 percent

2. Western Union – 21.15 percent

3. Visa – 9.51 percent

4. United Services Automobile Association – 6.85 percent

5. HSBC – 5.98 percent

6. Amazon – 2.42 percent

7. Bank of America – 2.29 percent

8. PayPal – 1.77 percent

9. Internal Revenue Service – 1.69 percent

10. Bendigo Bank – 1.38 percent

In the investigation, PandaLabs found that banks by far comprise the majority of fake websites with 65 percent of the total. Online stores and auction sites are also popular at 27 percent, with eBay taking the spot as the No. 1 most targeted brand on the Web today. Other financial institutions, such as investment funds and stockbrokers, and government organizations encompass 2.3 percent and 1.9 percent, respectively. Payment platforms, led by PayPal, and ISPs are in fifth and sixth place.

To download a graphical representation of the types of most targeted companies, visit http://farm5.static.flickr.com/4093/4972040633_9cfd8f74cc_z_d.jpg.

How it Works

Cybercriminals create fake websites related to well-known brands and organizations so that the URLs appear in phishing campaigns and in search results. When unwary users click on them thinking they are the real company, their computers will either be infected or they will be directed to a landing page that appears legitimate. When they enter personal information on these malicious pages, that data will fall into the hands of criminals, who will then use it to commit financial fraud and other crimes.

According to Luis Corrons, technical director of PandaLabs, “The problem is that when you visit a website through e-mail or search engines, it can be difficult for users to know whether it is genuine or not. Given the proliferation of this technique, we advise consumers to visit banking sites or online stores by typing in the address in the browser directly rather than using search engines or links in an e-mail. Although search engines are making an effort to mitigate the situation by changing indexing algorithms, they have so far been unable to offset the avalanche of new websites being created by hackers every day.”