Ghost Antivirus, TwittWorm.A, Sinowal.WTF – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a worm, a Trojan and a new fake antivirus.

Further on in this article, you’ll find instructions for removing Ghost Antivirus.

TwittWorm.A:

TwittWorm.A is a worm that uses Twitter and Messenger in order to spread, sending a malicious message to all contacts of the infected user.

These messages appeal to the curiosity of users, with subjects such as “I just got a piercing and you’ll never guess where! Take a look at the photo. 😉  ” or “You’re going to be mad at me for sending you this photo, but you NEED to see it :3”.

The worm edits the registry so the system cannot be restored or started in safe mode. It also makes a series of changes to the host file to prevent users from accessing certain Web pages, particularly those related to antivirus companies.

Another feature is; it prevents the running of certain programs for viewing active processes, or monitoring network traffic. Twittworm.A also spreads through USB devices, creating an autorun.inf to automatically infect computers on connection. To protect these types of devices, Panda Security has launched Panda USB Vaccine, which can be downloaded free.

Sinowal.WTF:

Sinowal.WTF is a keylogger Trojan, designed to capture keystrokes with an aim to stealing passwords and other information from infected systems. This Trojan reaches computers through an email claiming to have been sent from MySpace.

The message warns victims about a change to the user’s password and contains a .zip file attachment which supposedly contains the new password. The attached file, once extracted, has an Excel icon, but is really malware. When run, the system is infected and the icon disappears.

Ghost Antivirus:

Ghost Antivirus is a new strain of fake antivirus. As with other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist.

If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction.

This way, as well as obtaining money for a service that will never be provided,
cyber-crooks steal users’ credit card details.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources, can provide tools and the advice you will need to attempt removal of Ghost Antivirus .

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Live Pc Care, Desktop Defender 2010, APcDefender Fake Antiviruses – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at three fake antiviruses: Live PC Care, Desktop Defender 2010 and APcDefender.

Live PC Care:

As usual with these malicious codes, first it carries out a fake scan of the infected user’s computer, and then claims the system is infected. It asks the user to purchase a license (of a fake antivirus), at a very attractive price to resolve this issue.

If users purchase it, they will have paid for fraudulent software. This fake antivirus stands out because of the way it spreads, as it uses Black Hat SEO techniques, exploiting the launch of Google’s Nexus One phone, and the Haiti earthquake. Thanks to these techniques, it manages to include malicious malware-downloading links in search engines’ top results.

Desktop Defender 2010:

Desktop Defender 2010 also makes users believe their computers are
infected, and prompts users to purchase the product.

APcDefender:

Finally, APcDefender uses the same techniques. It is a fake antivirus program that falsely informs users they have dangerous software on their computer.

It tries to fool users by offering them its own anti-malware solution to solve the
problems it claims to have detected, and invites them to purchase the software using their credit cards.  This way, in addition to stealing users’ money, it also obtains their credit card details.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

The computer security software industry has formed an organization called the Common Computing Security Standards Forum, to combat the rise of Rogue Anti-Virus. Among other things, it publishes a list of legitimate Computer Security Software Companies.

The following free resources can provide tools and the advice you will need to attempt removal of these parasites.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PC Live Guard and GreatDefender – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two fake antiviruses: PC Live Guard, and GreatDefender.

This type of malware passes itself off as legitimate software applications in order to steal users’ money, by tricking them into believing that they will eliminate threats on their computers.

PC Live Guard’s icon resembles a legitimate antivirus icon. When run, a typical screen is displayed, asking users if they want to scan their PCs.

Regardless of whether users accept or not, it will indicate their computer is infected. Here is the image that will be displayed if users scan their PC

If users do not scan their PC with the fake antivirus, infection warnings are still displayed to scare them into purchasing the product.

GreatDefender is a fake antivirus which informs about potentially dangerous software on the computer, due to it not being correctly protected. It tries to get users to pay with their credit cards in order to install the solution.

The objective of the antivirus is to collect personal and bank details provided by users on purchasing it. As this type of malware cannot reproduce itself, it requires user interaction to infect the PC. To do so, it uses its own websites on which it is advertised as one of the best anti-spyware solutions in the market.

When users access the website, they are given the option to download the antivirus, but when they try, the trial version is unavailable and they are redirected to the pay version.

The installation process is similar to that of any antivirus, allowing users to select the language and location of the files. Once the installation ends, the fake antivirus carries out a full system scan.

It then falsely ensures users that their computers are free from any infections. To make users believe they are protected, an icon is displayed in the Windows desktop, the quick taskbar and the Windows start menu, to make it look as authentic as possible.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

GreatDefender and PC Live Guard removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PandaLabs – 2009 Sets New Record for Malware

When I report on Identity Theft, Banker Trojans, Fake Antivirus Applications, Social Network malware attacks, Spam, and other forms of malware designed to compromise Internet users’ computers, I sometimes feel like the boy who ‘”cried wolf”, in that old familiar children’s story.

The truth is though, I’m now more convinced than ever, that I’m much more like the Dutch boy, in another old familiar children’s story, who stuck his finger in the dike.

An exaggeration? Hardly – according to PandaLabs Annual Malware Report released today, the company identified 25 million new malware strains in 2009, with Banker Trojans and fake antivirus programs topping the list – more malware than it detected in the previous 19 years combined. With apologies to Winston Churchill – “Some finger – some dike!”

The following report provided by PandaLabs, the anti-malware laboratory of Panda Security, reviews the major incidents, and events, concerning IT security in 2009, and includes what we should expect to face in 2010.

PandaLabs 2009 Annual Report:

The outstanding trend of the last 12 months has been the prolific production of new malware: 25 million new strains were created in just one year, compared to a combined total of 15 million throughout the rest of Panda Security’s 20-year history.

This latest surge of activity included countless new examples of banker Trojans, which represented approximately 66 percent of all new samples, as well as a host of fake antivirus programs, also known as rogueware. The report also draws attention to the resurgence of traditional viruses previously on the verge of extinction, such as Conficker, Sality and the veteran Virutas.

During 2009, spam was also highly active: approximately 92 percent of all e-mail traffic was identified as spam. The tricks used to dupe potential victims into opening these e-mails have focused heavily on exploiting current affairs and dramatic news stories – a tactic which also applied to search engine optimization (SEO) attacks. As such, PandaLabs saw waves of junk mail related to celebrity scandals or deaths (real or fictitious), swine flu, compromising videos of politicians, etc.

This year PandaLabs also tracked how spam impacted different industrial sectors, revealing that the automotive and consumer electronics industries were the worst affected, followed by government agencies.

In terms of malware distribution channels, social networks, mainly including Facebook, Twitter, YouTube and Digg, as well as SEO attacks that directed users to malware-laden Web sites, were favored by cybercriminals last year. Cybercriminals continued to consolidate underground business models that exploited social engineering techniques to generate revenues.

The Annual Malware Report also examines how individual countries and regions have been affected throughout the year, based on the data gathered from computers scanned and disinfected free of charge with Panda ActiveScan.

Taiwan tops the rankings, followed by Russia, Poland, Turkey, Colombia, Argentina and Spain. Countries suffering fewest infections include Portugal and Sweden. A graphic representation of malware infection rates by country can be found here.

Last year also saw a rise in the number of cyber attacks with political motives or targets, suggesting that what people have been watching in espionage and sci-fi movies for years is now becoming a reality.

In conclusion, PandaLabs predicts that the amount of malware in circulation will continue to grow during 2010. Windows 7 will attract the interest of hackers when it comes to designing new malware, and attacks on Apple computers will increase. While the industry will also witness more politically motivated attacks, PandaLabs believes that 2010 will not be the year of the cell phone virus.

To read the full PandaLabs Annual Report report in PDF format, click here.

More information about malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Faketube.A Worm and Zapchast.EX Backdoor Trojan – PandaLabs Reports

Courtesy of Panda Security: This week’s PandaLabs report looks at a worm, and a backdoor Trojan.

The Faketube.A worm spreads via email. The message includes a link to access an erotic video. Some of the message subjects are: “Giga Video
Movie Britney Spirs and 8 Beverage Andorran” and “Stimulating Image
Britney Spirs and One Manifest South Korean”.

If users click the link, the browser opens and a fraudulent website is displayed, which resembles YouTube.

Additionally, users are asked to update their flash player version to see the video. If they accept, the worm is downloaded.

Zapchast.EX is a backdoor Trojan that spreads using a fake Christmas card. In order to view the card, users are asked to install a special version of flash player which is really the Trojan.

Once Zapchast.EX is installed on the system, it establishes connections with
several IP addresses, awaiting orders and gathering user information.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Safety Antispyware and Internet Security 2010 – Panda Security Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at two new fake antiviruses and a Trojan.

Safety Antispyware and Internet Security 2010 are malicious programs that try to pass themselves off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats that actually do not exist.

Safety Antispyware: Safety Antispyware tricks users by warning them their computers are infected by (non-existent) threats, prompting them to buy a program to remove them.

This program can be downloaded from the vendor’s site. The link can also reach users through spam messages, fraudulent Web pages, etc. The fake antivirus shows an icon similar to that of real antivirus programs. Once installed, the program interface opens and runs a full system scan looking for malware.

Then, it shows a series of messages prompting the targeted user to buy the product. If the user decides to follow the program instructions to get rid of the
‘threats’, they will be asked to enter an activation code and be redirected to a website to buy the product.

Internet Security 2010: Once run, Internet Security 2010 scans the computer for malware. However, this is a fake scan that always reports that the computer is infected. Then, it offers users the possibility of disinfecting the computer.

As the fake antivirus version is supposedly a trial version, users are first requested to buy the antivirus license. To this end, the malware opens the user’s Internet browser on the fake antivirus purchase page.

To reassure users that the purchase is safe and the antivirus is legitimate, it shows certificates of authenticity and claims to have been tested by McAfee. It even offers the antivirus license for a long time, apparently at a good price.

If the user decides not to purchase the antivirus, it will keep running and displaying warnings about the threats the user is exposed to if they remain infected and do not update the antivirus. These warnings are displayed in two ways: through warnings on the toolbar or on-screen pop-up messages.

For more information about this type of malware read “The Business of Rogueware“, a report on fake antivirus programs written by Luis Corrons and Sean-Paul Correll, PandaLabs researchers.

Banker.MAI: Banker.MAI is banker malware aimed at stealing banking data, credentials and/or credit card details when users try to log in to their online banking services.

This malware goes memory resident and does not show any symptoms that warn of its presence on the affected computer. The malware works in the background, waiting to be run, and send or receive data.

Banker.MAI arrives as a self-extracting RAR file attached to an email message, usually with the subject “Comprovante Deposito-29092009”. This email message appears to come from a legitimate banking institution, and asks the user to open the attached file to enter some necessary data. If the user opens the file they will become infected. The malware creator is notified via email whenever a computer is successfully infected.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

Safety Antispyware and Internet Security 2010 removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable, or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Panda Cloud Antivirus Out of Beta – Still Free

Testing anti-malware applications takes considerable time in order to get to the heart of the matter – does an application work in the “real world?”

Will the application do what an average user expects – does it block malware effectively and efficiently? Particularly new, or emerging, malware threats.

Is the interface crafted in such a way that an average user doesn’t need to digest an instruction manual in order to navigate the application?

Are database updates provided in a timely manner?

Is the application capable of providing adequate protection without stressing system resources?

This last point can be critically important. After all, who needs a resource hog interfering with one’s computer experience?

I’ve been testing the Beta version of Panda Cloud Antivirus since the end of April 2009, off and on, and I’ve been pleasantly surprised with it’s performance, particularly the light use of system resources. This application is definitely not a resource hog, and I found it outstanding at recognizing and blocking malware threats. In fact, this application meets all of the above requirements.

PC Magazine recently stamped Panda Cloud Antivirus with it’s Editor’s Choice Award for Best Free AV, and I take that as an additional indication of the reliability of Panda’s Cloud Antivirus as a front line anti-malware application.

Should you consider installing and running Panda’s Cloud Antivirus? Well, let me offer you this, from previous correspondence with Panda’s CEO Juan Santana “The threat climate demands a new protection model”.

Given the unstable security state of the Internet, I can certainly agree, and it comes not a moment too soon, in my view.

Quick highlights:

FREE, antivirus thin-client service for consumers which is able to process and block malware more efficiently than locally installed signature-based products.

The immediate benefits to users thanks to Panda’s new protection model are: 100x faster protection against new malware and 50 percent less impact on PC performance, compared to the industry average.

Utilizing its proprietary in-the-cloud scanning technology called Collective Intelligence, to automatically identify and classify new malware strains in near real-time (less than six minutes.

This same process takes up to 48 days with traditional AV products, according to a recent study from the University of Michigan.

The final release includes a number of new features and upgrades including:

New and improved interface makes Cloud Antivirus even easier to use.

Improved performance with cache optimization and memory management lowers CPU utilization and memory consumption.

Collective Intelligence Monitor give users access to a list of malware from the community that is updated in real-time.

Supports Windows Vista and Windows 7 64bits.

Ability to restore any neutralized file.

Improved detection & protection against rootkits.

Free Technical Support forums.

System requirements: Windows XP (32 bit), Windows Vista (32bit and 64bit), Windows 7 (32bit and 64bit) – My x64 friends will be happy to see this.

Download at: Cloud Antivirus

Installation instructions (from Panda).

If you have any of the previous versions installed (Beta1, Beta2 or Beta3) do the following:

1- Uninstall your current version.

2- Reboot your computer.

3- Download version 1.0 and install.

4- If you already have an account from Beta3, you can use the same one. Otherwise the installer will prompt you to create a Cloud Antivirus account.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

AntiTroy Fake Antivirus – PandaLabs Takes a Look

Courtesy of Panda Security: This week’s PandaLabs report looks at a new fake antivirus and two Trojans.

Removal help for AntiTroy fake antivirus, follows later in this article.

AntiTroy is a new fake antivirus. This type of malware passes itself off as legitimate security applications in order to steal users’ money, by tricking them into believing that they will eliminate threats – that in reality do not exist.

As soon as AntiTroy is installed, a warning is displayed, indicating the
computer is in danger. It then simulates a system scan reporting a series of infections to scare users into buying the fake  antivirus solution.

When the scan ends, AntiTroy displays a window offering a solution which requires activating the fake antivirus. However, to activate the product, users must pay a fee to the supposed anti-malware vendor.

After this, users receive a code they must enter in the program. Once they do this, the malicious code stops displaying warnings about threats. This aims to
make users believe they have actually bought an antivirus product, whereas, in reality no infection has been removed and users are no more protected than they were before.

Apart from paying for a non-existing solution, the bank details entered could be stolen by cyber-crooks.

Banbra.GMH is a banker Trojan. It is usually inserted in an email that claims to contain photos of a party.

On downloading, the supposed photo, a file called “convite.zip” is downloaded, which contains an executable with the same name.

When run, it simulates an error claiming the program to view the photo must be closed, and it then stops running. Before doing so however, it releases another executable and a DLL.

This second executable will be started in each user session and will register the DLL as an Internet Explorer plug-in, creating two files from which it collects  bank details entered by the user in the browser, to be sent to cyber-crooks later on.

Finally, Kates.D is a Trojan that modifies the Windows settings. It blocks access to websites, redirecting users to another site and monitors network traffic. Additionally, it searches for and ends processes related to antiviruses and computer security programs.

Kates.D is difficult to recognize, as it does not display any messages, or warnings, that indicate it has infected the computer.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

AntiTroy Removal Instructions:

If you feel you have the necessary skills, and you want to try your hand at removal, then by all means do so.

The following free resources can provide tools and the advice you will need to attempt removal.

411 Spyware – a site that specializes in malware removal. I highly recommend this site.

Bleeping Computer – a web site where help is available for many computer related problems, including the removal of rogue software. This is another site I highly recommend.

Malwarebytes, a very reliable anti-malware company, offers a free version of Malwarebytes’ Anti-Malware, a highly rated anti-malware application which is capable of removing many newer rogue applications.

SmitFraudFix, available for download at Geekstogo is a free tool that is continuously updated to assist victims of rogue security applications.

What you can do to reduce the chances of infecting your system with rogue, or malicious, software.

Be careful in downloading freeware or shareware programs. Spyware is occasionally concealed in these programs. Download this type of program only through reputable web sites such as Download.com, or sites that you know to be safe.

Consider carefully the inherent risks attached to peer-to-peer (P2P), or file sharing applications.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

Do not click on unsolicited invitations to download software of any kind.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Straight From PandaLabs – Malware to Watch for in 2010

Button up your overcoat and get your rain gear ready; it’s going to get stormy! PandaLabs has released its 2010 forecast of computer threat trends for 2010.

Cybercriminals are increasingly more knowledgeable, quicker to respond to opportunities, and more relentless than ever in their attempts to separate surfers from their money.

Being aware of Internet threats is critical to your security on the Internet, so that you can protect yourself and stay ahead of the curve. Knowledge truly is a critical necessity to ensure your personal safety on the Internet.

The following PandaLabs forecast can help you get ready for the malware threats expected in 2010.

Courtesy of Panda – PandaLabs Forecast: 2010 Computer Threat Trends

• Fake antivirus, bots and banker Trojans will continue to increase
• Cyber-criminals will keep fine-tuning their social engineering skills to trick victims
• More malware will be created for Windows 7 and Mac operating systems
• The term ‘cyber war’ will become more familiar as politically-motivated attacks across the Internet increase

PandaLabs, Panda Security’s malware analysis and detection laboratory, has released its forecast of computer threat trends for 2010. PandaLabs predicts that in 2010, the amount of malware in circulation will continue to grow exponentially as it has in 2009.

As anti-malware technologies are able to respond closer to real-time through cloud-based innovations such as Panda’s Collective Intelligence, malware creators will respond by generating even more diverse threats to evade detection and elimination.

Once again malware will be designed almost exclusively for financial gain, and we can expect to see many new fake antivirus (rogueware), bots and banker Trojans.

Social Engineering Continues to Rise
Cyber-criminals will again be focusing on social engineering techniques to infect computers, particularly those targeting search engines (BlackHat SEO) and social networks, along with ‘drive-by-download’ infections from Web pages.

As the football World Cup takes place in South Africa, we can also expect to see significant amounts of malware related to this event: false ticket offers, junk mail, etc.  It is always a good idea to be suspicious any messages related with current affairs and large events such as this.

In the case of social networks, there have already been many examples of worms and Trojans targeting Twitter and Facebook. Malware creators will continue to be drawn to these types of platforms that are used by millions of people.

Watch Out Windows 7
Windows 7 will have a major impact on malware development: where Windows Vista hardly caused a ripple, Windows 7 will make waves. One of the main reasons is the widespread market acceptance of this new operating system, and since practically every new computer comes loaded with Windows 7 64-bit, criminals will be busy adapting malware to the new environment. It may take time, but we expect to see a major shift towards this platform over the next two years.

Mobile Phone Attacks – Not Yet!
Several security companies have been warning for some time that malware is soon to affect cell phones in much the same way as it affects PCs. Well, we hate to rain on their parade, but 2010 will not be the year of malware for cell phones.

The PC is a homogenous platform, with 90 percent of the world’s computers running Windows on Intel, meaning that any new Trojan, or worm has a potential victim pool of 90 percent of the world’s computers. The mobile phone environment is much more heterogeneous, with numerous vendors using different hardware and different operating systems.

Applications continue to be incompatible from one operating system to another. Therefore it is unlikely that 2010 will see widespread targeting of cell phones by malware. In any event, this year will witness many changes in the world of mobile telephony with more smartphones offering practically the same features as a PC; the emergence of Google Phone – the first phone sold directly by Google without tying users to specific operators; the increasing popularity of Android, and of course the iPhone. If in the next couple of years there are only two or three popular platforms, and if people make significantly more financial transactions from their phones, then the potential breeding ground for cyber-crime will be significant enough to be concerned.

Mac Becoming Increasingly Attractive to Cyber-Criminals
Mac’s market share has increased in recent years. Although the number of users has yet to reach the critical mass required to make it as profitable as PCs for cyber-criminals, it is nevertheless becoming more attractive.

Mac is used just as PCs are to access social networks, email, and the Internet: the main malware distribution systems used by cyber-criminals. Consequently, Mac is no longer a safe haven against malware.

These criminals can easily distinguish whether a system is Mac, and they are creating malware designed especially to target this OS. In 2009 we have already seen some attacks, and predict there are more to come in 2010.

Cyber war
Throughout 2009, governments around the world including the United States, the UK and Spain, have expressed concern about the potential for cyber-attacks to affect economies or critical infrastructure. We also saw this year how several Web pages in the United States and South Korea were the subject of attacks, with suspicion –as yet unapproved- pointing at North Korea. In 2010 we can expect to see similar politically-motivated attacks.

Securing the Cloud
Cloud-based services will continue to grow in popularity among consumers and business users alike. As this happens, the security industry must be acutely aware of cybercriminals’ moves to take advantage of this new platform.

Cloud Antivirus Technology on the Rise
2010 will be the year in which all anti-malware companies will innovate to remain competitive as cloud-based security becomes the most effective way to fight today’s malware.

In 2007, Panda Security launched its first product which took advantage of the cloud. Now in 2009, all the company’s products use it and we have launched the first 100 percent cloud-based free antivirus: Panda Cloud Antivirus (www.cloudantivirus.com), and Panda has noticed that the rest of the marketplace is beginning to follow suit.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

PandaLabs Trojan Warning – FakeWindows.A, and UrlDistract.A

Courtesy of Panda Security: This week’s PandaLabs report looks at two new Trojans (FakeWindows.A, and UrlDistract.A), that try to trick users in order to steal their data.

FakeWindows.A is a Trojan that resembles a Windows XP activation process.

This malware can reach computers through email, or can be downloaded from a malicious Web page.

It tries to get users to believe that the operating system is requesting their data to activate the account.

In addition to personal data, the Trojan also requests bank details. On entering them, the program displays an error screen indicating it was impossible to
connect to the server. Consequently, in addition to making data theft
easier, users’ computers are blocked.

The UrlDistract.A Trojan, reaches computers through emails with an icon that resembles a video. When run, the Trojan silently steals users’ information, while it distracts them by opening a YouTube video called “Little Superstar” where an actor dances to the music.

The Trojan then connects to an address in Atlanta, and sends all the data
stolen from the computer.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.