Tag Archives: Panda Security

PandaLabs Second Quarter Security Landscape Report

imageIn a rather surprising statement, PandaLabs, in its 2011 Second Quarter Security Report, makes the point that there’s a challenging grey area between “Hacktivism” (LulzSec and Anonymous), and Criminality. Frankly, I don’t subscribe to this “blurry lines” view.

I see the issue in rather simpler terms – if security holes exist in critical systems which enterprise, or government, are either unwilling, or unable to address – ultimately creating a host of innocent victims – then I encourage LulzSec and Anonymous to continue their campaigns of outing non-responsive, and non-responsible organizations. I’m more than a little tired of being placed at risk due to organizational ineptness, or failure to adhere to common sense security practices.

Some key findings from Panda’s report (determined from data collected through Panda ActiveScan) include:

Every minute, 42 new malware strains were created.

image

Trojans constitute 70 percent of new malware followed by viruses (10 percent) and worms (8.53 percent). Surprisingly, Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all infections.

image

China, Thailand and Taiwan continue to lead infection rankings.

image

Top 10 least infected countries.

image

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overallInternet security landscape, and where you fit into the following user groups.

  • Those who know.
  • Those who think they know.
  • Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

Broken record time:

I’ll risk sounding like a broken record, once again, and repeat what I’ve said here numerous times –

“Controlling malware intrusion, while surfing the Net, through the use of a  “virtual” environment rather than operating in a “real” environment, makes sense given the escalating level of cyber criminal activity on the Internet.”

BufferZone, is a particular effective and easy to use freeware virtualization application (perfect for casual users), which creates an isolated environment called the Virtual Zone, while you surf the Internet. You can read more about BufferZone, here.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 73,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

The full report (PDF), is available here.

Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Adware, Cyber Crime, Cyber Criminals, Don't Get Hacked, Internet Security Alerts, Malware Reports, Panda Security, PandaLabs, trojans, Windows Tips and Tools, worms

PandLabs 2011 Security Trends Predictions

imageEvery year, I hold on to the belief that we’ve seen the worst that cyber-criminals can throw at us – so I’m always hopeful, that the outlook for the coming year might offer some improvement. As the years go by, inevitably it seems, my hopes have been dashed.

The Internet, despite its promises (many of which have come to pass, admittedly), has become a cesspool of cyber criminals (who continue to belittle us), scam and fraud artists, and worse. A cesspool that reeks of tainted search engine results, malware infected legitimate websites, drive-by downloads and bogus security software. And now it seems, we’re approaching the point where anarchy might well begin to rule the Internet.

The recent WikiLeaks kafuffle, with its counter play DDoS attacks pitting supporters against non-supporters, is a singular indication of how quickly the Internet can devolve into anarchy. No matter the views one may hold politically, with respect to the WikiLeaks disclosures, the use of hacktivism as a political tool is a worrisome trend.

PandaLabs, in its just released predictions covering the top security trends for 2011, is predicting an increase in the type of hacktivism the WikiLeaks conflict has pushed into the spotlight. Moreover, PandaLabs report paints a dismal picture of how the Internet threat landscape is likely to shift and change, in the coming year

According to PandaLabs, in addition to a new focus on hacktivism and cyber-war; more profit-oriented malware; social media; social engineering and malicious codes with the ability to adapt to avoid detection will be the main threats in the coming year.

Report highlights:

Continued growth of new strains of malware creation

2010 marked a turning point in the cyber war, and PandaLabs expects more of the same in 2011

Cyber-protests, or hacktivism (e.g. Anonymous), are all the rage and will continue to grow in frequency

Social engineering will increase as cyber criminals increasingly use social platforms to launch distributed attacks

Windows 7 users will become a significant target for malware in 2011

Mobile security will be a top concern for Android users

As tablets gain market share, so will their appeal to be targeted by cyber criminals

As the market share of Mac users continues to grow, so will the number of threats

HTML5 will be the perfect target since a security hole can be exploited regardless of the browser

Highly dynamic and encrypted threats are expected to increase, given the financial incentive for information on the black market

Being aware of the shape of the Internet landscape, and the changes that are occurring, or may occur in that landscape, now, more than ever, is a necessity – a prerequisite to protecting yourself and your computer from cybercriminal attack. Forewarned is forearmed, needs to be your guiding light – appropriate knowledge will act as your shield.

About PandaLabs:

Since 1990, PandaLabs, Panda Security’s malware research laboratory, has been working to detect and classify malware in order to protect consumers and companies against new Internet threats.

To do so, PandaLabs uses Collective Intelligence, a cloud-based proprietary system that leverages the knowledge gathered from Panda’s user community to automatically detect, analyze and classify the more than 63,000 new malware strains that appear every day.

This automated malware classification is complemented through the work of an international team with researchers specialized each in a specific type of malware (viruses, worms, Trojans, spyware and other attacks) to provide global coverage.

Get more information about PandaLabs and subscribe to its blog news feed here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

5 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Safety, Internet Security Alerts, Malware Reports, Online Safety, Panda Security, PandaLabs, Reports, Windows Tips and Tools

Panda Security’s Collective Intelligence Says 20 Million New Strains Of Malware In 2010

imageIt may well be, that malware creators have discovered the same principal that countries involved in the the nuclear arms race have come to know – once you have enough weapons; you have enough.

According to Luis Corrons, technical director of PandaLabs – “so far in 2010, purely new malware has increased by only 50 percent, significantly less than the historical norm. It seems hackers are applying economies of scale, reusing old malicious code, or prioritizing the distribution of existing threats over the creation of new ones.”

Complacency though, is not in the cards , at least not yet, since Corrons went on to say –  “This doesn’t mean that there are fewer threats or that the cyber-crime market is shrinking. On the contrary, it continues to expand, and by the end of 2010 we will have logged more new threats in Collective Intelligence than in 2009.”

The evolution of malware – 2010:

The average number of new threats created daily has risen from 55,000 in 2009 to 63,000 in 2010 to date.

The average lifespan of 54% malware has been reduced to just 24 hours, compared to a lifespan of several months that was more common in previous years.

34% of all active malware threats were created this year.

20 million strains of malware have been created already this year; the same total for the year of 2009.

Many malware variants are created to infect just a few systems before they disappear. As antivirus solutions become able to detect new malware more quickly, hackers modify them or create new ones so as to evade detection.

image

Graphic courtesy of PandaLabs.

So, should these statistics hold any relevancy for you? Should you be preoccupied, or overly concerned, with these numbers? The answer, it seems to me, depends on how aware you are of the overall Internet security landscape, and where you fit into the following user groups.

  • Those who know.
  • Those who think they know.
  • Those who don’t know, that they don’t know.

Hopefully, you are in that small group who can confidently say – “I know”.

About PandaLabs:

Since 1990, PandaLabs, the malware research division of Panda Security, has led the industry in detecting, classifying and protecting consumers and businesses against new cyber threats.

At the core of the operation is Collective Intelligence, a proprietary system that provides real-time protection by harnessing Panda’s community of users to automatically detect, analyze, classify and disinfect more than 63,000 new malware samples daily.

The automated classification is complemented by a highly specialized global team of threat analysts, each focused on a specific type of malware, such as viruses, Trojans, worms, spyware and other exploits, to ensure around-the-clock protection.

Learn more about PandaLabs and subscribe to the PandaLabs blog here. Follow Panda on Twitter and Facebook.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, Internet Security Alerts, Malware Reports, Online Safety, Panda Security, PandaLabs, Windows Tips and Tools

NEW – Panda Cloud Antivirus 1.3 Blocks Malicious And Suspicious Websites

imagePanda Cloud Antivirus 1.3, Panda Security’s newest release (October 27, 2010), of it’s popular cloud-based antimalware application, should be even more effective at keeping the bad guys at bay with it’s newest enhanced feature – blocking suspicious and malicious websites before they can exploit vulnerabilities (available in both the Free and Pro versions).

Equally as important, a drawback to using previous editions of the free version of Cloud Antivirus has been eliminated – the free edition will now automatically update to new releases as they become available.

How good is Panda Cloud Antivirus at shutting down the bad guys? How about 100% of the time. Well, not quite – but having established a detection rate of 99.87% in recent comparative tests carried out by AV-Test.org – places Panda Cloud Antivirus at the head of the class.

image

Testing anti-malware applications takes considerable time in order to get to the heart of the matter – does an application work in the “real world?”

Will the application do what an average user expects – does it block malware effectively and efficiently? Particularly new, or emerging, malware threats.

Is the interface crafted in such a way that an average user doesn’t need to digest an instruction manual in order to navigate the application?

Is the application capable of providing adequate protection without stressing system resources?

I’ve been running Panda Cloud Antivirus, on a secondary system, since April 2009, and in this extensive testing, Panda Cloud Antivirus has met, or exceeded, all of these requirements.

Happily, Panda Cloud Antivirus  is not a resource hog – on my secondary system it  consumes only 15 MB of RAM, or so, when idle, and only 60MB, or so, while  scanning.

Backed by a year and a half’s experience running Panda Cloud Antivirus in various editions, I have no hesitation in recommending Panda Cloud Antivirus as a front line antivirus application.

image

Panda Cloud Antivirus 1.3 Quick Highlights:

Malicious Web & URL Filtering. This feature blocks websites that push malware, exploits and drive-by downloads. It is available both in Free and in Pro Editions and is installed by the toolbar. Unlike similar solutions, this web filtering works at a low level so it works under all browsers: Internet Explorer, Firefox, Chrome, Safari, etc. For those of you that didn’t install the toolbar but would like to install the Web & URL Filtering, you can download it from here and install it manually.

Unified Recycle Bin and Quarantine. Previously the Recycle Bin handled suspicious detections and the Quarantine handled deleted malware detections. This has been unified into a new Recycle Bin for ease of management. This is included in both Free and Pro Editions.

Automatic and transparent upgrades to new product versions, previously only available in the Pro Edition, this is now available in the Free Edition as well. All users of Free Editions versions 1.1.0, 1.1.1 and 1.1.2 will automatically and transparently upgrade to the new 1.3. See notes below for the upgrade schedule.

No more nagging advertising. After listening to many of you we have decided to turn off the nagging advertising popups prompting to upgrade to Pro Edition. If you want to support Panda Cloud Antivirus and wish to get the Pro Edition, you can do so from here, but we won’t bug you anymore from the popups.

Hot updating of behavioural blocking rules. In order to increase protection on the fly against new vulnerabilities and attacks and to fix false positives, hot updating of behavioural blocking rules allows faster response time in both the Free and Pro Editions.

Immediate notifications of virus detections. Previously if Panda Cloud Antivirus encountered multiple viruses, it would delay its traybar notification and show them grouped. This behaviour has been changed so that the notifications are shown immediately.

Suspicious detection counter. Under the statistics window there’s some new counters for the different types of heuristics and behavioural detections.

System requirements: Windows 7 32-bit, Windows 7 64-bit, Windows Vista 32-bit, Windows Vista 64-bit, Windows XP 32-bit,  Windows XP 64-bit.

Panda Cloud Antivirus is available in 20 languages.

Download at: Cloud Antivirus

About Panda Security

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions with products available in more than 23 languages and millions of users located in 195 countries around the world.

Panda Security has 56 offices throughout the globe with US headquarters in Florida and European headquarters in Spain. For more information, visit the Panda site.

Update: A reader has just advised that Panda Security is giving away Pro licenses for free for 48 Hours at CNET! (See below).

CNET Exclusive Discount: FREE Panda Cloud Antivirus Pro Edition

Here’s some great news for anyone in need of antivirus software. TrialPay has teamed up with CNET and Panda Security to give away unlimited free copies of Panda Cloud Antivirus Pro Edition. That’s right, free. And unlimited. It’s complete Panda-monium!

For the next 48 hours only, Panda Cloud Antivirus Pro Edition (reg. $29.95) will be available for FREE exclusively on CNET download.com. Simply follow this link, click on the “SPECIAL OFFER: Get It Free” promotion, then enter your name and e-mail, and you’ll get a one-year license for Panda Pro absolutely free.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

8 Comments

Filed under 64 Bit Software, Anti-Malware Tools, Cloud Computing Applications, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Panda Security, Software, Spyware - Adware Protection, System Security, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

An Interview With An Anarchist Hacker

imageWe’ve reported on the issue of software piracy, and the theft of intellectual property, a number of times. So, it’s easy for me to sum up my position on this contentious matter – there is no justifiable reason to steal software, or the work of others. It is piracy, and it is a CRIME.

The recently released Seventh Annual BSA and IDC Global Software Piracy Study, made the point that “for every $100 worth of legitimate software sold, an additional $75 worth of unlicensed software made its way onto the market.”

Selected findings from this study include:

Commercial value of software theft exceeds $50 billion: the commercial value of unlicensed software put into the market in 2009 totaled $51.4 billion.

Progress on piracy held through the recession: the rate of PC software piracy dropped in nearly half (49%) of the 111 economies studied, remained the same in 34% and rose in 17%.

Piracy continues to rise on a global basis: the worldwide piracy rate increased from 41% in 2008 to 43% in 2009; largely a result of exponential growth in the PC and software markets in higher piracy, fast growing markets such as Brazil, India and China.

It’s obvious then, that intellectual property theft is “big business”, and is unlikely to disappear any time soon. Currently in fact, there is a huge pushback campaign being waged against those organizations who support anti-piracy.

According to PandaLabs, the malware research arm of Panda Security, there is an ongoing offensive, appropriately called “Operation Payback”, which is employing targeted DDoS attacks against various companies and agencies, including the Motion Picture Association of America, and the Recording Industry Association of America, who support the anti-piracy lobby.

The question is – is there support out in the hinterland for this sort of hacking effort? If the following comment, which I picked up on a comment forum, is any indication, the answer is a resounding – YES.

“Big Media is reaping what they sowed and so its hard to find any sympathy for them or any fault in those who have found a way to fight back for much of the highly questionable actions these conglomerates and their law firms have taking these past few years.

The fact that they are unwilling to see how realistic this threat is to them just shows how arrogant or incompetent they are. While they won’t be getting help from me, these grass roots strike back at big media campaigns will find far more support and help on their end then what Big media could ever hope to buy.”

So, how and why, do those who are responsible for “Operation Payback” justify a criminal cyber attack against organizations whose mission is to enforce existing intellectual property rights?

Sean-Paul Correll, a threat researcher with Panda Security, in speaking with some of the organizers of  “Operation Payback” in a Q&A session, has discovered some surprising answers.

Here’s a small taste of Sean-Paul’s Q&A session –

If you were able to resolve this situation, what would you want the respective media authorities of the world to do?

A: Personally, I would want them to basically go the fuck away altogether. Remove the barbaric laws they have lobbied for. Treat people like PEOPLE instead of criminals. Their long outdated traditional views on copyright infringement enforced solely by rich and powerful corporations need to be modified in light of the modern age on the Internet, the Information Age.

Sean-Paul’s full Q&A session makes interesting reading and is available here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under bots, cybercrime, Interconnectivity, Panda Security, PandaLabs, Personal Perspective, Windows Tips and Tools

The Teenage Hacker – Fact Or Myth?

Do teenage hackers exist in any significant number? More to the point – do they constitute a threat to your security on the Internet?

Hard statistics are understandably difficult to come by. But, in a study released last year by Panda Security, which looked at the Internet habits of adolescents between 15 and 18 years olds, we may have seen a least a partial answer.

Some of the general statistics brought out by the survey included the following:

More than 50% of those surveyed between 15 and 18 years old, use the Internet daily

Average weekly On-line connection time 18.5 hours

On-line studying activity accounted for 32% of this time

The remaining time involved leisure activities, such as playing games online, watching videos, listening to music, chatting, etc.

These statistics seem real and not unexpected, based on my own experience. But additional statistics generated by the same survey, may be cause for concern.

Two thirds of the survey participants stated they had, at least once, attempted to hack a friend’s instant messaging, or social network account.

As an Internet Security Blogger, the following statistic though, was particularly concerning – According to Panda “17% of adolescent users claim to have advanced technical knowledge, and are able to find hacking tools on the Internet. Of these, 30% claim to have used them on at least one occasion. When asked why, 86% said that curiosity had led them to investigate these public tools”.

See today’s article – BitDefender Says Facebook Hacker: A Do-It-Yourself Kiddie Script Is On The Loose!

image

I can tell you, based on reader responses to a number of articles I have written on so called “Kiddie Scripts”, and the background research for those articles, the tools referred to by these young people are readily available on the Internet.

I suspect that the typical Internet user would be outraged to see how readily available these free, and in many cases sophisticated hacking tools, really are.

The final statistic from Panda’s survey that interested me was the following, spoken to by Luis Corrons, Technical Director of PandaLabs.

“Even though the percentage is very low, we still come across too many cases of adolescent cyber criminals, such as the recent high-profile case of the 17-year-old creator of worms for Twitter.

We estimate that just 0.5% of these are detected by the corresponding authorities. Those who are drawn into hacking out of curiosity may well end up discovering the financial potential of this activity, and becoming criminals themselves.”

So, is this type of teenage behavior a real threat, or just fanciful teenage thinking? I’ll leave it for you to decide.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under cybercrime, Don't Get Scammed, Don't Get Hacked, downloads, Kiddie Script, Online Safety, Panda Security, PandaLabs, Software, Teenage hackers, Windows Tips and Tools

Butterfly Botnet Kit Author Arrested Thanks To Panda Security and Defence Intelligence

If you’re a regular reader here, then you’re probably familiar with the outrage computer users express when commenting on cyber crime, and cyber criminals.

image Comments range from simple outrage, to implementing the death penalty (no, I’m not kidding), for those convicted of cyber crime. I must admit; in my darker moments, I sometimes feel the tools used by the Inquisition might be too good for this scum.

The more polite comments though, run along these lines:

Where are the cops when we need them?

Why doesn’t an International task force exist to deal with this issue?

Why are the “big name” technology companies sitting back and watching the Internet being destroyed by criminals.

The good news is; to some extent, this is type of policing is beginning to happen.

In March of this year, we explained how Panda Security had played a major role in taking down Mariposa, a Spanish botnet, which according to a report we obtained at that time, was considered to be, “one of the world’s biggest networks of virus-infected computers, responsible for compromising 13 Million unique IP addresses and 50 percent of Fortune 1000 companies around the world”.

Panda Security’s continuing efforts in fighting cyber crime, at this level, has paid off once again. As part of a joint effort which included Panda, Canada’s Defence Intelligence, and the FBI, the mastermind behind the Butterfly Botnet kit, has been arrested in Maribor, Slovenia.

The Butterfly Botnet kit, which was sold online for $650 – $2,000 USD, is responsible for almost 10,000 unique pieces of malicious software, and over 700 botnets. Hundreds of financial institutions and government departments, as well as millions of private corporations and individuals worldwide, have fallen victim to this scumbag’s software.

This cyber criminal takedown is good news for Internet consumers; most particular, the level of cooperation exhibited between the various factions involved in the take down.

I’m cautiously optimistic, that a joint effort like this, may be the beginning of a more concentrated effort to root out those who threaten the viability of the Internet.

Juan Santana, CEO, Panda Security seemed to indicate we may see more of these collaborative efforts when he stated recently “we strongly believe that the fight against Internet crime requires an international collaborative effort from the computer security industry, and public institutions.” We say, “Yes!”

A word of caution: What’s really needed here, is a redoubling of these efforts; the formation of additional strategic alliances; and a systematic strategy designed to finish off these parasites.

About Defence Intelligence:

Defence Intelligence is a privately held information security firm specializing in compromise protection. Based in Ottawa, Canada, the founders of Defence Intelligence are globally recognized industry experts. They have headed information security for Fortune 50 companies, consulted with hundreds of private enterprises and government agencies, and have assisted in the capture and prosecution of international computer criminals.

For more information, go here.

About Panda Security:

Founded in 1990, Panda Security is the world’s leading provider of cloud-based security solutions, with products available in more than 23 languages and millions of users located in 195 countries around the World.

This innovative security model can automatically analyze and classify thousands of new malware samples every day, guaranteeing corporate customers, and home users, the most effective protection against Internet threats with minimum impact on system performance.

Panda Security has 56 offices throughout the globe, with US headquarters in Florida, and European headquarters in Spain.

For more information, go here.

Note: You can read our article on the highly recommended free Panda Cloud Antivirus, here.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

7 Comments

Filed under Anti-Malware Tools, Cloud Computing Applications, cybercrime, Freeware, Interconnectivity, Internet Security Alerts, Panda Security, Software, Tech Net News, Windows Tips and Tools