Category Archives: PandaLabs

PandaLabs Second Quarter Security Landscape Report

imageIn a rather surprising statement, PandaLabs, in its 2011 Second Quarter Security Report, makes the point that there’s a challenging grey area between “Hacktivism” (LulzSec and Anonymous), and Criminality. Frankly, I don’t subscribe to this “blurry lines” view.

I see the issue in rather simpler terms – if security holes exist in critical systems which enterprise, or government, are either unwilling, or unable to address – ultimately creating a host of innocent victims – then I encourage LulzSec and Anonymous to continue their campaigns of outing non-responsive, and non-responsible organizations. I’m more than a little tired of being placed at risk due to organizational ineptness, or failure to adhere to common sense security practices.

Some key findings from Panda’s report (determined from data collected through Panda ActiveScan) include:

Every minute, 42 new malware strains were created.

image

Trojans constitute 70 percent of new malware followed by viruses (10 percent) and worms (8.53 percent). Surprisingly, Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all infections.

image

China, Thailand and Taiwan continue to lead infection rankings.

image

Top 10 least infected countries.

image

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overallInternet security landscape, and where you fit into the following user groups.

  • Those who know.
  • Those who think they know.
  • Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

Broken record time:

I’ll risk sounding like a broken record, once again, and repeat what I’ve said here numerous times –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

The full report (PDF), is available here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Adware, Cyber Crime, Cyber Criminals, Don't Get Hacked, Internet Security Alerts, Malware Reports, Panda Security, PandaLabs, trojans, Windows Tips and Tools, worms

PandaLabs Reports – 73,000 New Malware Threats EVERY DAY!

When I start my day, it never enters my mind to consider whether or not I’ll be mugged that day; if my home will be burglarized; or if I’ll be the victim of any type of crime. Except in one circumstance.

Each time I start an Internet session, I consciously consider the odds that I will be a victim of cyber criminals. I know I’ll have to deal with attempts to scam me; attempts to compromise my machine through driveby downloads; infected downloads and applications; infected web sites and redirections – the list goes on… and on …and on.

Little wonder then, that I was not in the least surprised to see PandaLabs reveal in their malware report on the most notable malware trends for the first 3 months of 2011,  that surfers are now exposed to 73,000 new malware threats every day –  an increase of 10,000 over the same time frame last year.

Report highlights:

Incidence of new malware has increased 26 percent over the same period last year.

PandaLabs now observes on average of 73,000 malware samples every day, an increase of 10,000.

Trojans remain the most popular type of threat, accounting for 70 percent of all malware.

Downloaders, a subtype of Trojan, have seen an astounding increase over the last 3 months.

New malware growth from Q1 2010 through Q1 2011.

image

Malware by type.

image

In the following graphic you’ll note that Downloaders, a lightweight Trojan since it contains only a few lines of code (making it harder to detect), have increased dramatically. Downloaders are particularly dangerous, since they are designed to connect to the Net to facilitate the downloading of additional malware.

image

I’ll risk sounding like a broken record, and repeat what I’ve said numerous times here –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

Get more information about PandaLabs and subscribe to its blog news feed here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under Cyber Crime, cybercrime, Don't Get Scammed, Don't Get Hacked, Freeware, Internet Security Alerts, Malware Reports, Online Safety, PandaLabs, Safe Surfing, Software, trojans, Windows Tips and Tools

PandLabs 2011 Security Trends Predictions

imageEvery year, I hold on to the belief that we’ve seen the worst that cyber-criminals can throw at us – so I’m always hopeful, that the outlook for the coming year might offer some improvement. As the years go by, inevitably it seems, my hopes have been dashed.

The Internet, despite its promises (many of which have come to pass, admittedly), has become a cesspool of cyber criminals (who continue to belittle us), scam and fraud artists, and worse. A cesspool that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software. And now it seems, we’re approaching the point where anarchy might well begin to rule the Internet.

The recent WikiLeaks kafuffle, with its counter play DDoS attacks pitting supporters against non-supporters, is a singular indication of how quickly the Internet can devolve into anarchy. No matter the views one may hold politically, with respect to the WikiLeaks disclosures, the use of hacktivism as a political tool is a worrisome trend.

PandaLabs, in its just released predictions covering the top security trends for 2011, is predicting an increase in the type of hacktivism the WikiLeaks conflict has pushed into the spotlight. Moreover, PandaLabs report paints a dismal picture of how the Internet threat landscape is likely to shift and change, in the coming year

According to PandaLabs, in addition to a new focus on hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year.

Report highlights:

Continued growth of new strains of malware creation

2010 marked a turning point in the cyber war, and PandaLabs expects more of the same in 2011

Cyber-protests, or hacktivism (e.g. Anonymous), are all the rage and will continue to grow in frequency

Social engineering will increase as cyber criminals increasingly use social platforms to launch distributed attacks

Windows 7 users will become a significant target for malware in 2011

Mobile security will be a top concern for Android users

As tablets gain market share, so will their appeal to be targeted by cyber criminals

As the market share of Mac users continues to grow, so will the number of threats

HTML5 will be the perfect target since a security hole can be exploited regardless of the browser

Highly dynamic and encrypted threats are expected to increase, given the financial incentive for information on the black market

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 63,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

Get more information about PandaLabs and subscribe to its blog news feed here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, Internet Security Alerts, Malware Reports, Online Safety, Panda Security, PandaLabs, Reports, Windows Tips and Tools

Panda Security’s Collective Intelligence Says 20 Million New Strains Of Malware In 2010

imageIt may well be, that malware creators have discovered the same principal that countries involved in the the nuclear arms race have come to know – once you have enough weapons; you have enough.

According to Luis Corrons, technical director of PandaLabs – “so far in 2010, purely new malware has increased by only 50 percent, significantly less than the historical norm. It seems hackers are applying economies of scale, reusing old malicious code, or prioritizing the distribution of existing threats over the creation of new ones.”

Complacency though, is not in the cards , at least not yet, since Corrons went on to say –  “This doesn’t mean that there are fewer threats or that the cyber-crime market is shrinking. On the contrary, it continues to expand, and by the end of 2010 we will have logged more new threats in Collective Intelligence than in 2009.”

The evolution of malware – 2010:

The average number of new threats created daily has risen from 55,000 in 2009 to 63,000 in 2010 to date.

The average lifespan of 54% malware has been reduced to just 24 hours, compared to a lifespan of several months that was more common in previous years.

34% of all active malware threats were created this year.

20 million strains of malware have been created already this year; the same total for the year of 2009.

Many malware variants are created to infect just a few systems before they disappear. As antivirus solutions become able to detect new malware more quickly, hackers modify them or create new ones so as to evade detection.

image

Graphic courtesy of PandaLabs.

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overall Internet security landscape, and where you fit into the following user groups.

  • Those who know.
  • Those who think they know.
  • Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

About PandaLabs:

Since 1990, PandaLabs, the malware research division of Panda Security, has led the industry in detecting, classifying and protecting consumers and businesses against new cyber threats.

At the core of the operation is Collective Intelligence, a proprietary system that provides real-time protection by harnessing Panda’s community of users to automatically detect, analyze, classify and disinfect more than 63,000 new malware samples daily.

The automated classification is complemented by a highly specialized global team of threat analysts, each focused on a specific type of malware, such as viruses, Trojans, worms, spyware and other exploits, to ensure around-the-clock protection.

Learn more about PandaLabs and subscribe to the PandaLabs blog here. Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Malware Reports, Online Safety, Panda Security, PandaLabs, Windows Tips and Tools

Cyber Shopping on Black Friday? Six Tips From PandaLabs To Keep You Safe

imageCyber shopping on Black Friday can be very appealing – no lining up at midnight, no line ups at all, no risk of being trampled by unruly crowds, shop in your PJs if you like, “shopping around” and comparing prices is a snap, and the list of benefits goes on.

So, if you cyber shop, you may not face the risk of being trampled to death by an unruly crowd, or being shot to death by an angry shopper – both tragedies actually did happen on Black Friday, November 28, 2008. But, you will face substantial cyber security risks.

Staying safe while you cyber shop requires that you be much more wary, and that you understand that cyber crooks salivate at the opportunities Black Friday cyber shopping creates for exploiting the unwary and careless consumer.

Cyber shopping safely requires that you follow well established best practices that have proven to substantially reduce the risk of being victimized.

PandaLabs suggests holiday shoppers adhere to the following best practices this Friday and Monday, and throughout the holiday shopping season:

Avoid using search engines for locating special holiday deals. Criminals commonly turn to Blackhat SEO, which involves maliciously using search engine optimization around hot keywords to poison search engine results. Instead of using a search engine, go directly to reputable sites that you are familiar with. Screenshots of a recent malicious Black Friday search result is available at here.

Don’t click on embedded links in advertisement e-mails. E-mails that appear to be advertisements from legitimate vendors could be a well-disguised scam or malware attack. Chances are you’ll be able to find the same deal by going directly to the website in your favorite web browser.

Install all available operating system updates and patches. Cyber criminals are particularly skilled at exploiting critical vulnerabilities in operating systems and commonly used applications. Computer users are often silently redirected to a website with a carefully crafted malicious payload that leaves the computer infected with data-stealing malware or extortion-based threats. In addition to updating your system, PandaLabs strongly advises people to update Adobe Flash, Adobe Reader, and Java software, which are all commonly targeted by cyber criminals.

Don’t underestimate criminals. Cyber criminals have no limits, and will create fake advertisements, shopping carts, poison various search terms and more in order infect your computer and steal your personal data. If you’re unsure if a site is legitimate, run a search online to see if you can determine whether it’s widely known. If you can’t find details on a retailer, PandaLabs advises holiday shoppers to take their business elsewhere.

Only purchase from sites that offer secure browsing (SSL/https). You can tell if a site uses SSL/https if there is a padlock icon on the bottom corner or in the address bar of your browser. Some browsers like Internet Explorer and Chrome turn the address bar green to indicate that the site is secure. Even if a site uses SSL/https, remember that SSL only works to create a secure Internet tunnel between you and the e-commerce server. You can still transmit sensitive data over to cyber criminals, so it’s best to run frequent anti-malware scans.

Always use updated anti-malware protection. Despite growing awareness of today’s Web-borne threats, many people still don’t use even a basic anti-virus solution and leave themselves vulnerable to infections, data loss and identity theft. You can download Panda Security’s award-winning Panda Cloud Antivirus software, which is completely free, here.

About PandaLabs:

Since 1990, PandaLabs, the malware research division of Panda Security, has led the industry in detecting, classifying and protecting consumers and businesses against new cyber threats.

At the core of the operation is Collective Intelligence, a proprietary system that provides real-time protection by harnessing Panda’s community of users to automatically detect, analyze, classify and disinfect more than 63,000 new malware samples daily.

The automated classification is complemented by a highly specialized global team of threat analysts, each focused on a specific type of malware, such as viruses, Trojans, worms, spyware and other exploits, to ensure around-the-clock protection.

Learn more about PandaLabs and subscribe to the PandaLabs blog here. Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Cyber Shopping Tips, cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Panda Security, PandaLabs, Safe Online Shopping Tips

An Interview With An Anarchist Hacker

imageWe’ve reported on the issue of software piracy, and the theft of intellectual property, a number of times. So, it’s easy for me to sum up my position on this contentious matter – there is no justifiable reason to steal software, or the work of others. It is piracy, and it is a CRIME.

The recently released Seventh Annual BSA and IDC Global Software Piracy Study, made the point that “for every $100 worth of legitimate software sold, an additional $75 worth of unlicensed software made its way onto the market.”

Selected findings from this study include:

Commercial value of software theft exceeds $50 billion: the commercial value of unlicensed software put into the market in 2009 totaled $51.4 billion.

Progress on piracy held through the recession: the rate of PC software piracy dropped in nearly half (49%) of the 111 economies studied, remained the same in 34% and rose in 17%.

Piracy continues to rise on a global basis: the worldwide piracy rate increased from 41% in 2008 to 43% in 2009; largely a result of exponential growth in the PC and software markets in higher piracy, fast growing markets such as Brazil, India and China.

It’s obvious then, that intellectual property theft is “big business”, and is unlikely to disappear any time soon. Currently in fact, there is a huge pushback campaign being waged against those organizations who support anti-piracy.

According to PandaLabs, the malware research arm of Panda Security, there is an ongoing offensive, appropriately called “Operation Payback”, which is employing targeted DDoS attacks against various companies and agencies, including the Motion Picture Association of America, and the Recording Industry Association of America, who support the anti-piracy lobby.

The question is – is there support out in the hinterland for this sort of hacking effort? If the following comment, which I picked up on a comment forum, is any indication, the answer is a resounding – YES.

“Big Media is reaping what they sowed and so its hard to find any sympathy for them or any fault in those who have found a way to fight back for much of the highly questionable actions these conglomerates and their law firms have taking these past few years.

The fact that they are unwilling to see how realistic this threat is to them just shows how arrogant or incompetent they are. While they won’t be getting help from me, these grass roots strike back at big media campaigns will find far more support and help on their end then what Big media could ever hope to buy.”

So, how and why, do those who are responsible for “Operation Payback” justify a criminal cyber attack against organizations whose mission is to enforce existing intellectual property rights?

Sean-Paul Correll, a threat researcher with Panda Security, in speaking with some of the organizers of  “Operation Payback” in a Q&A session, has discovered some surprising answers.

Here’s a small taste of Sean-Paul’s Q&A session –

If you were able to resolve this situation, what would you want the respective media authorities of the world to do?

A: Personally, I would want them to basically go the fuck away altogether. Remove the barbaric laws they have lobbied for. Treat people like PEOPLE instead of criminals. Their long outdated traditional views on copyright infringement enforced solely by rich and powerful corporations need to be modified in light of the modern age on the Internet, the Information Age.

Sean-Paul’s full Q&A session makes interesting reading and is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under bots, cybercrime, Interconnectivity, Panda Security, PandaLabs, Personal Perspective, Windows Tips and Tools

The Teenage Hacker – Fact Or Myth?

Do teenage hackers exist in any significant number? More to the point – do they constitute a threat to your security on the Internet?

Hard statistics are understandably difficult to come by. But, in a study released last year by Panda Security, which looked at the Internet habits of adolescents between 15 and 18 years olds, we may have seen a least a partial answer.

Some of the general statistics brought out by the survey included the following:

More than 50% of those surveyed between 15 and 18 years old, use the Internet daily

Average weekly On-line connection time 18.5 hours

On-line studying activity accounted for 32% of this time

The remaining time involved leisure activities, such as playing games online, watching videos, listening to music, chatting, etc.

These statistics seem real and not unexpected, based on my own experience. But additional statistics generated by the same survey, may be cause for concern.

Two thirds of the survey participants stated they had, at least once, attempted to hack a friend’s instant messaging, or social network account.

As an Internet Security Blogger, the following statistic though, was particularly concerning – According to Panda “17% of adolescent users claim to have advanced technical knowledge, and are able to find hacking tools on the Internet. Of these, 30% claim to have used them on at least one occasion. When asked why, 86% said that curiosity had led them to investigate these public tools”.

See today’s article – BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

image

I can tell you, based on reader responses to a number of articles I have written on so called “Kiddie Scripts”, and the background research for those articles, the tools referred to by these young people are readily available on the Internet.

I suspect that the typical Internet user would be outraged to see how readily available these free, and in many cases sophisticated hacking tools, really are.

The final statistic from Panda’s survey that interested me was the following, spoken to by Luis Corrons, Technical Director of PandaLabs.

“Even though the percentage is very low, we still come across too many cases of adolescent cyber criminals, such as the recent high-profile case of the 17-year-old creator of worms for Twitter.

We estimate that just 0.5% of these are detected by the corresponding authorities. Those who are drawn into hacking out of curiosity may well end up discovering the financial potential of this activity, and becoming criminals themselves.”

So, is this type of teenage behavior a real threat, or just fanciful teenage thinking? I’ll leave it for you to decide.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Kiddie Script, Online Safety, Panda Security, PandaLabs, Software, Teenage hackers, Windows Tips and Tools