February 24, 2010 | Posted by admin
2/24/2010.
- Fotolog is a photo-blogging site with almost 30 million users worldwide
- The worm tricks users with a video that conceals the dangerous worm
PandaLabs has reported the appearance of a new worm, FTLog.A, which spreads through the popular Fotolog social networking site. This foto-blogging portal is used by almost 30 million users around the world.
The worm spreads by inserting comments in the targeted user’s page prompting them to click a link, supposedly pointing to a video.
This comment reads as follows:
“hey xxxxxxxxx, encontré este video tuyo acá (hey xxxxxxxxx (user name), I found a video of you here (Malicious link), Eres tu no es verdad? (It’s you, isn’t it?)
(see image in Flickr: http://www.flickr.com/photos/panda_security/4384612808/)
If the user clicks the link, the system will ask for permission to download a divx video codec, which is actually the worm.
(see image in Flickr http://www.flickr.com/photos/panda_security/4384612850/)
Once installed, FTLog.A redirects the browser to a site with explicit content and a Web page that asks users for their data in order to claim a (false) prize.
(see image in Flickr http://www.flickr.com/photos/panda_security/4384612782/)
If the user clicks Get Free Access a setup.exe file is downloaded which, once run, installs the MediaPass Plugin.
It also changes the Internet home page and injects code into the browser to display pop-up ads, disrupting the user’s browsing experience.
“Cyber-crooks are increasingly exploiting social networking sites to spread their creations as they offer a huge number of potential victims”, explains Luis Corrons, Technical Director of PandaLabs. “We have already seen malicious code that exploits Facebook or Twitter. This time it is Fotolog’s turn unfortunately”.
To prevent this type of infection it is important to remind users not to click suspicious links from unknown senders and keep an up-to-date antivirus solution installed on their computers.
Categories: Viruses, Spyware, and Other Malicious Software | 
Tags: computerclarity, cyber-crooks, foto-blogging portal, Fotolog, FTLog.A worm, injects code, malicious link, mycomputercondom, pop-up ads, remote online, setup.exe file, social networking, suspicious links, up-to-date antivirus solution, video codex | 
No Comments »
February 18, 2010 | Posted by admin
2/18/2010.
PandaLabs, the anti-malware laboratory of Panda Security -The Cloud Security Company- has detected a new worm, Spybot.AKB. It spreads using P2P programs (copying itself to the usual shared folders with different names) and also via email. What’s new about this worm is the way it tricks users, spreading under the guise of an invitation to join social networks like Twitter and Hi5, or in an email supposedly from Google replying to a job application. Another new feature is the way it installs on computers, passing itself off as a Firefox security extension.
Email subjects include:
• Jessica would like to be your friend on hi5!
• You have received A Hallmark E-Card!
• Shipping update for your Amazon.com order 254-71546325-658732
• Thank you from Google!
• Your friend invited you to twitter!
Once installed, the worm redirects browsers to different websites if the user launches a search with any of the following words:
A: Airlines, Amazon, Antivir, Antivirus.
B: Baseball, Books.
C: Casino, Chrome, Cialis, Cigarettes, Comcast, Craigslist, Credit.
D: Dating, Design, Doctor.
E: Explorer
F: Fashion, Finance, Firefox, Flifhts, Flower, Football
G: Gambling, Gifts, Graphic.
H: Health, Hotel.
I: Insurance, Iphone.
L: Loans.
M: Medical, Military, Mobile, Money, Mortgage, Movie, Music, Myspace.
O: Opera.
P: Pharma, Pocker.
S: School, Software, Sport, Spybot, Spyware.
T: Trading, Tramadol, Travel, Twitter.
V: Verizon, Video, Virus, Vocations.
W: Wallpaper, Weather.
It also takes a series of actions to compromise the security level of infected computers, adding itself to the Windows firewall list of authorized applications, and disabling the Windows Error Reporting service and the User Access Control (UAC).
Categories: Viruses, Spyware, and Other Malicious Software | Tags: anti-malware, cialis, cloud security, computer clarity, computer remote maintenance, computer screen, firefox security extension, infected computer, military, mycomputercondom, P2P networks, redirects browsers, spybot.AKB, tramadol, windows error, windows firewall | No Comments »
February 12, 2010 | Posted by admin
Malware that uses Valentine’s Day as a lure to trick users and infect computers is now a well-established feature of the IT security calendar. Once again, this year it will be no surprise to see numerous emails in circulation with links for downloading romantic greetings cards, or with subjects related to Valentine’s Day. Cyber-crooks, however, are also exploiting other channels, such as Facebook or Twitter, and given the access to millions of users that these social networks provide, they have become just as popular among the criminal fraternity for spreading malware as email.Social engineering is cyber-crooks’ preferred technique for deceiving users. In these cases it basically involves obtaining confidential information from users by convincing them to take a series of actions. Crimeware and social engineering go hand-in-hand: a carefully selected social engineering ploy convinces users to hand over their data or install a malicious program which captures information and sends it on to the fraudsters.“The continued use of social engineering by cyber-crooks is a good indication of the infection ratios that this technique for tricking users returns. Otherwise, they would simply have stopped using it”, explains Luis Corrons, Technical Director of PandaLabs.
PandaLabs offers users a series of tips to avoid falling victim to computer threats:
- Don’t open emails or messages received on social networks from unknown senders.
- Do not click any links included in email messages, even though they may come from reliable sources. It is better to type the URL directly in the browser. This rule applies to messages received through any mail client, as well as those in Facebook, Twitter, or other social networks or messaging applications, etc.
- If you do click on any such links, take a close look at the page you arrive at. If you don’t recognize it, close your browser.
- Do not run attached files that come from unknown sources. Especially these days, stay on the alert for files that claim to be Saint Valentine’s greeting cards, romantic videos, etc.
- Even if the page seems legitimate, but asks you to download something, you should be suspicious and don’t accept the download.
- If, in any event, you download and install any type of executable file and you begin to see unusual messages on your computer, you have probably been infected with malware.
- If you are making any purchases online related to Valentine’s Day, type the address of the store in the browser, rather than going through any links that have been sent to you.
- Only buy online from sites that have a solid reputation and offer secure transactions, encrypting all information that is entered in the page. To check that the page is secure, look for the security certificate in the form of a small yellow padlock next to the toolbar or in the bottom right-hand corner of the screen.
- Don’t use shared or public computers for making transactions or operations that require you to enter passwords or other personal details.
- Have an effective security solution installed, capable of detecting both known and new malware strains.
Categories: Viruses, Spyware, and Other Malicious Software | Tags: and Other Malicious Software, attached files, browser, capture information, computerclarity, crimeware, effective security, infected computer, malware strains, messaging applications, mycomputercondom, secure transactions, security certificate, social networks, spyware, suspicious downloads, toolbar, Valentine's day, viruses | No Comments »
February 3, 2010 | Posted by admin
The “Catch” of the Day
It is the beginning of the “Phishing” season with taxes just months ahead of us. Catching and releasing financial information may garner some very big trophy money in the end. The Phish market stands to make hundreds of millions of dollars. We have seen world events such as Haiti’s Earthquake spawn many malware sites top ranking on Google that were designed to capture donations and personal information. These fake websites are almost identical to the legitimate ones and are becoming increasingly more difficult to detect.
The most common phishing bait can be found embedded in email messages or instant messages. General salutations, such as Dear Valued Customer or Dear Client should be immediately flagged. All banking institutions have your exact name as shown on your account in their database. When misspelled words appear in the email they should be another indicator that the email is a scam. Once a recipient takes the bait by clicking on the link embedded in the email or IM to the fake website the phishing expedition begins.
Phishers’ use several “catch and release” techniques by disguising fake URLs. It has become increasingly difficult to detect the bait because the security certificate on a trusted website can be hidden in a multimedia object on a flash-based website. Other techniques to disguise malicious URLs include URL redirectors on the websites of trusted organizations. Fake URL redirectors can be “miss-spelled” domains or by merging a (.com) and a (.net) website to a convincingly reproduced website. Capturing log in and personal details bring in big prize money.
Some phishing expeditions include hooks, lines and sinkers. “Sinking” and embedding a corrupted (.reg) entry or file into the Windows Registry File will replace the legitimate (.reg) file. “Hooking” the corrupted file with a malicious application will ultimately reroute the “lines” of personal information and consumers’ credentials to the Phishers’ website.
To combat phishing attempts is to pay attention and to simply modify browsing habits. If an account needs to be “verified”, contact the company from which the email originates to see if it is legitimate and rather than trusting the links in the email, type the company’s genuine website into the browser’s address bar. Finally, your computer should always have up to date anti-virus software that includes spam filters.
The damage caused by world-wide phishing can be estimated in the billions per year. This lucrative phishing industry will evolve with more attractive lures and mouthwatering baits disguised as information from your financial institutions, your planned events and unforeseen cataclysms. Remember to be diligent no matter how enticing an email, IM, or website can be. Don’t take the bait.
Categories: General | Tags: browser, clicking on the link, computer condom, computerclarity, corrupted file, don't take the bait, fake webite, financial information, malicious application, phishing, phishing techniques, security certificate, url, url redirector, windows registry file | No Comments »
January 22, 2010 | Posted by admin
Cumulative Security Update for Internet Explorer (978207)
Executive Summary
This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003). For Internet Explorer 6 for supported editions of Windows Server 2003 as listed, this update is rated Moderate. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles objects in memory, validates input parameters, and filters HTML attributes. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection under the next section, Vulnerability Information.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 979352.
Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.
Affected Software
**Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option. For more information on this installation option, see the MSDN articles, Server Core and Server Core for Windows Server 2008 R2. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.
Original Source found here: http://www.microsoft.com/technet/security/bulletin/MS10-002.mspx
Categories: General | Tags: affected software, computer clarity, computer protection, internet explorer, Microsoft, my computer condom, operating software, security update, security updates, server, windows server, windows xp | No Comments »
January 22, 2010 | Posted by admin
This week’s PandaLabs report looks at a worm, a Trojan and a new fake antivirus.
TwittWorm.A is a worm that uses Twitter and Messenger in order to spread, sending a malicious message to all contacts of the infected user. These messages appeal to the curiosity of users, with subjects such as “I just got a piercing and you’ll never guess where! Take a look at the photo. ” or “You’re going to be mad at me for sending you this photo, but you NEED to see it :3″. The worm edits the registry so the system cannot be restored or started in safe mode. It also makes a series of changes to the host file to prevent users from accessing certain Web pages, particularly those related with antivirus companies.
Another feature is that it prevents the running of certain programs for viewing active processes or monitoring network traffic. Twittworm.A also spreads through USB devices, creating an autorun.inf to automatically infect computers on connection. To protect these types of devices, Panda Security has launched Panda USB Vaccine, which can be downloaded free from: http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
Sinowal.WTF is a keylogger Trojan, designed to capture keystrokes with an aim to stealing passwords and other information from infected systems. This Trojan reaches computers through an email claiming to have been sent from MySpace
(see image in Flickr:http://www.flickr.com/photos/panda_security/4293518692/).
The message warns victims about a change to the user’s password and contains a .zip file attachment which supposedly contains the new password. The attached file, once extracted, has an Excel icon, but is really malware. When run, the system is infected and the icon disappears.
Finally, GhostAntivirus is a new strain of fake antivirus. As with other malware of this kind, it tries to fool users by displaying false infections, remote connections and vulnerabilities that do not exist.
(see image in Flickr:http://www.flickr.com/photos/panda_security/4292776611/).
If users fall for the trap, they are directed to a screen where their credit card details are requested to carry out the transaction.
(see image in Flickr:http://www.flickr.com/photos/panda_security/4293518638/).
This way, as well as obtaining money for a service that will never be provided, cyber-crooks steal users’ credit card details.
Categories: Viruses, Spyware, and Other Malicious Software | Tags: and Other Malicious Software, computer registry, Computer Security, computerclarity, cyber-crooks, fake antivirus, Ghostantivirus, infected computers, infected systems, keylogger trojan, mycomputercondom, Sinowal.WTF, spyware, Twittworm.A, viruses, worm | No Comments »
January 17, 2010 | Posted by admin
As has become tradition, PandaLabs, the anti-malware laboratory of Panda Security -The Cloud Security Company- has published its 2009 Virus Yearbook, reviewing the malicious codes that have appeared over the last 12 months and examining those that have stood out for one reason or another.
Rather than a ranking of the most widespread viruses, or those that have caused most infections, PandaLabs has selected those which, either for their use of social engineering or their visible effects on computers, stood out most last year. For this reason, some of the more well-known malicious codes (such as the Koobface virus) are absent from the list.
So here are the viruses we believe deserve a mention:
- The biggest headache. There can be no doubt that Conficker.C has been the most obnoxious virus over the last 12 months. It first appeared on December 31, 2008, and has spent the last year causing serious infections to companies and home users alike. The insidious and tenacious nature of this malicious code has earned it first place in our ranking.
- The Harry Potter of viruses. Although there is no reference to the world’s most popular fictional wizard, the on-screen messages Samal.A displays are all about magic. When it infects a computer, users will see the message “Ah ah you didn’t say the magic word” (see photo on Flickr), and the cursor then flickers waiting for users to enter a word. The truth is, it doesn’t matter what is entered, because after three attempts, the phrase “Samael has come. This the end” (see photo here), will be displayed and the computer is restarted.
- V for Vendetta. We still don’t know who is the real target of this vendetta, but DirDel.A wreaks vengeance on infected users, progressively replacing folders in different directories with copies of itself. The worm is carried in a file called Vendetta.exe with a typical Windows folder icon (see photo on Flickr).
- Plane nuisance. The Sinowal.VZR Trojan has infected thousands of computers under the guise of plane tickets supposedly purchased by the user (see photo on Flickr).
- The all-action virus. We are talking about Whizz.A. Once infected, computers will start emitting a series of beeps, the mouse pointer moves uncontrollably around the screen, the CD/DVD tray opens and closes, while the screen is ‘decorated’ with a row of bars like those in the image.
- The snooper. Waledac.AX ensnares its victims by claiming to offer a free application for reading SMS messages on anyone’s cell phone. Ideal for those that want to check up on their partners. Perhaps that’s why so many users fell victim to this intelligent virus.
- The most affectionate. BckPatcher.C tops this category, as it changes the desktop wallpaper to an image reading “virus kiss 2009” (see photo on Flickr. What a charmer!
- A touch of the sniffles. We couldn’t fail to mention here a couple of the viruses,WinVNC.A and Sinowal.WRN that used the widespread alarm surrounding swine flu to trick users and infect their systems.
- And the award for incompetent newcomer goes to… Ransom.K. This Trojan encrypts documents on infected computers, and then asks for a $100 ransom to release them. However its reator, probably lacking in experience, included a programming error which allows users to release the files with a simple key combination.
- The most deceitful. This year, the winner in this category is FakeWindows.A, which infects users by passing itself off as a license activation process for Windows XP.
- The party animal. Banbra.GMH arrives in an email promising photos of Brazilian parties (with dancing girls included)… Who could resist?
Categories: General | Tags: Banbra.GMH, BCKPatcher.C, cloud security, computer clarity, Conficker.C, DirDel.A, Fakewindows.A, infected computer, infections, malicious code, mycomputercondom, PandaLabs, Ransom.K, Samal.A, Sinowal.VZR, Sinowal.WRN, trojan, virus, Waledac.AX, Whizz.A, windows folder, WinVNC.A, worm | No Comments »
January 15, 2010 | Posted by admin
This week’s PandaLabs report looks at three new fake antiviruses.
LivePcCare is the first of these malicious programs. As usual with these malicious codes, first it carries out a fake scan of the infected user’s computer, and then claims the system is infected. It asks the user to purchase a license (of a fake antivirus) at a very attractive price to resolve this issue. If users purchase it, they will have paid for fraudulent software. This fake antivirus stands out because of the way it spreads, as it uses Black Hat SEO techniques, exploiting the launch of Google’s Nexus One phone and the Haiti earthquake. Thanks to these techniques, it manages to include malicious malware-downloading links in search engines’ top results
(see images in Flickr:http://www.flickr.com/photos/panda_security/4274685650/ and http://www.flickr.com/photos/panda_security/4274685718/).
You can get more info at: www.pandalabs.com.
DesktopDefender2010 also makes users believe their computers are infected and prompts users to purchase the product.
(see image in Flickr:http://www.flickr.com/photos/panda_security/4274685852/)
(see image in Flickr:http://www.flickr.com/photos/panda_security/4273941293/).
Finally, APcDefender uses the same techniques. It is a fake antivirus program that falsely informs users they have dangerous software on their computer.
(see image in Flickr:http://www.flickr.com/photos/panda_security/4273941147/).
It tries to fool users by offering them its own anti-malware solution to solve the problems it claims to have detected, and invites them to purchase the software using their credit cards. This way, in addition to stealing users’ money, it also obtains their credit card details.
(see image in Flickr:http://www.flickr.com/photos/panda_security/4273941179/).
More information about these and other malicious codes is available in the Panda Security Encyclopedia
Categories: Viruses, Spyware, and Other Malicious Software | Tags: anti-malware solution, Black Hat SEO, computer clarity, computer condom, dangerous software, desktop defender 2010, fake antiviruses, Haiti, infected computer, LivePcCare, malicious codes, maliciousmalware, mycomputercondom, panda labs, stealing money, top results | No Comments »
January 9, 2010 | Posted by admin
PandaLabs, the anti-malware laboratory of Panda Security –The Cloud Security Company- has published its Annual Malware Report.
The report reviews the major incidents and events concerning IT security in 2009. The outstanding trend of the last 12 months has been the prolific production of new malware: 25 million new strains were created in just one year, compared to a combined total of 15 million throughout the rest of the company’s 20-year history.
This latest surge of activity included countless new examples of banker Trojans (some 66%) as well as a host of fake antivirus programs (rogueware). The report also draws attention to the resurgence of traditional viruses, previously on the verge of extinction, such as Conficker, Sality or the veteran Virutas. See the graph here.
During 2009, spam was also highly active: some 92% of all email traffic was identified as spam. The tricks used to dupe potential victims into opening these emails have focused heavily on exploiting current affairs and dramatic news stories -a tendency which also applied to SEO attacks-. As such, we saw waves of junk mail related to celebrity scandals or deaths (real or fictitious), swine flu, compromising videos of politicians, etc. This year PandaLabs also tracked how spam impacted different industrial sectors, revealing how the automobile and electrical industries were the worst affected, followed by government institutions.
As regards malware distribution channels, social networks (mainly Facebook, Twitter, YouTube or Digg), and SEO attacks (directing users to malware-laden websites) have been favored by cyber-criminals, who have been consolidating underground business models to increase revenues.
The Annual Malware Report also examines how individual countries and regions have been affected throughout the year, based on the data gathered from computers scanned and disinfected free of charge with Panda ActiveScan. Taiwan tops the rankings, followed by Russia, Poland, Turkey, Colombia, Argentina and Spain. Countries suffering fewest infections include Portugal and Sweden.
You can see this graph here.
Last year also saw a rise in the number of news stories related to cyber-attacks with political motives or targets, suggesting that this is no longer the preserve of sci-fi movies and conspiracy theorists and is now becoming a reality.
Finally, and as we announced some days ago, PandaLabs has predicted that the amount of malware in circulation will continue to grow during 2010. Windows 7 will surely attract the interest of hackers when it comes to designing new malware, and attacks on Mac will increase. While we are likely to witness more politically motivated attacks the report concludes that, once again, this will not be the year of the cell phone virus.
Categories: Viruses, Spyware, and Other Malicious Software | Tags: and Other Malicious Software, anti-malware, antivirus, attacks, banker Trojans, cell phone virus, cloud security, conflicker, IT security, PandaLabs, Rogueware, sality, SEO, social networks, spam, spyware, viruses, virutas | No Comments »
January 8, 2010 | Posted by admin
This week’s PandaLabs report looks at two fake antiviruses: PcLiveGuard and GreatDefender.
This type of malware passes itself off as legitimate software applications in order to steal users’ money by tricking them into believing that they will eliminate threats on their computers. Panda Security has published a report on fake antiviruses, available at:
http://www.pandasecurity.com/img/enc/The%20Business%20of%20Rogueware.pdf
Similarly, the PandaLabs Annual Report also provides information about the situation of this malware at:http://www.pandasecurity.com/img/enc/Annual_Report_PandaLabs_2009.pdf
PcLiveGuard’s icon resembles a legitimate antivirus icon. When run, a typical screen is displayed, asking users if they want to scan their PCs. See pic at: http://www.flickr.com/photos/panda_security/4255539533/
Regardless of whether users accept or not, it will indicate their computer is infected. Here is the image that will be displayed if users scan their PC (http://www.flickr.com/photos/panda_security/4256301498/).
If users do not scan their PC with the fake antivirus, infection warnings are displayed to scare them into purchasing the product.
GreatDefender is a fake antivirus which informs about potentially dangerous software on the computer, due to it not being correctly protected. It tries to get users to pay with their credit cards in order to install the solution. The objective of the antivirus is to collect personal and bank details provided by users on purchasing it. As this type of malware cannot reproduce itself, it requires user interaction to infect the PC. To do so, it uses its own websites on which it is advertised as one of the best anti-spyware solutions in the market.
Picture available at: http://www.flickr.com/photos/panda_security/4256301526/
When users access the website, they are given the option to download the antivirus, but when they try, the trial version is unavailable and they are redirected to the pay version. The installation process is similar to that of any antivirus, allowing users to select the language and location of the files. Once the installation ends, the fake antivirus carries out a full system scan. It then falsely ensures users that their computers are free from any infections. To make users believe they are protected, an icon is displayed in the Windows desktop, the quick taskbar and the Windows start menu, to make it look as authentic as possible.
Categories: Viruses, Spyware, and Other Malicious Software | Tags: and Other Malicious Software, computer screen, computer screens, computer threats, dangerous software, fake antivirus, GreatDefender, infection warnings, infections, Panda Security, PandaLabs, pc, PcLiveGuard, spyware, viruses, Windows desktop | No Comments »