The Computer Clarity Blog

PandaLabs, the anti-malware laboratory of Panda Security –The Cloud Security Company- has published its Annual Malware Report.

The report reviews the major incidents and events concerning IT security in 2009. The outstanding trend of the last 12 months has been the prolific production of new malware: 25 million new strains were created in just one year, compared to a combined total of 15 million throughout the rest of the company’s 20-year history.

This latest surge of activity included countless new examples of banker Trojans (some 66%) as well as a host of fake antivirus programs (rogueware). The report also draws attention to the resurgence of traditional viruses, previously on the verge of extinction, such as Conficker, Sality or the veteran Virutas. See the graph here.

During 2009, spam was also highly active: some 92% of all email traffic was identified as spam. The tricks used to dupe potential victims into opening these emails have focused heavily on exploiting current affairs and dramatic news stories -a tendency which also applied to SEO attacks-. As such, we saw waves of junk mail related to celebrity scandals or deaths (real or fictitious), swine flu, compromising videos of politicians, etc. This year PandaLabs also tracked how spam impacted different industrial sectors, revealing how the automobile and electrical industries were the worst affected, followed by government institutions.

As regards malware distribution channels, social networks (mainly Facebook, Twitter, YouTube or Digg), and SEO attacks (directing users to malware-laden websites) have been favored by cyber-criminals, who have been consolidating underground business models to increase revenues.

The Annual Malware Report also examines how individual countries and regions have been affected throughout the year, based on the data gathered from computers scanned and disinfected free of charge with Panda ActiveScan. Taiwan tops the rankings, followed by Russia, Poland, Turkey, Colombia, Argentina and Spain. Countries suffering fewest infections include Portugal and Sweden.
You can see this graph here.

Last year also saw a rise in the number of news stories related to cyber-attacks with political motives or targets, suggesting that this is no longer the preserve of sci-fi movies and conspiracy theorists and is now becoming a reality.

Finally, and as we announced some days ago, PandaLabs has predicted that the amount of malware in circulation will continue to grow during 2010. Windows 7 will surely attract the interest of hackers when it comes to designing new malware, and attacks on Mac will increase. While we are likely to witness more politically motivated attacks the report concludes that, once again, this will not be the year of the cell phone virus.

Computer Clarity

Three Rules To Prevent Computer Virus Infections

First Rule: Read Your Computer Screens.

Read the window that pops up on your computer screen before you hit “Okay”, “Cancel”, “Run”, “Yes”, “No”, or even “Maybe”! People are like monkeys. Any monkey can be trained to hit a button to get what it wants. We have been trained with a Pavlovian response to hit a button, get something out of our face, then we get what we want. Every virus writer knows this! Most viruses don’t get you because of sophisticated programming code. They get you with social engineering. They get you because they know that most humans don’t think. Like monkeys, most humans will hit the button until we get what we want, regardless of what that button really does. So, many of the viruses I am hired at expensive rates to remove, are installed by the user because they were tricked into hitting a button without reading the screen. But the really insidious part of this scenario is that one screen is often a EULA (End User License agreement) This is a legally binding contract that, by hitting the “Okay” button, affirms your agreement to the terms and conditions of proceeding with the installation. In other words, even if you know the person who did this to you and you had them in court in front of a judge, you could not hold them liable for the damage to your computer system because you legally agreed to the installation that caused the damage. They screwed ya, and you legally asked for it. You must read your screens!

Second Rule: Google Everything.

Now, this doesn’t mean that you must use Google, any search engine will do. But, anything that you don’t understand…Google It! This can apply to anything of life’s issues in today’s world, but in this context, if you read your screens and you come across a company you don’t know, a program you don’t recognize, or a message that just don’t make any sense to you…GOOGLE IT!. If the company, its software, or its messages are legitimate, your Google search will reveal information supporting its legitimacy. If it is a fake trying to trick you into a disaster, you will see thousands of websites all saying how bad it is and all of the problems it causes. You don’t need to read any further; in a heartbeat, you know to close every window before this thing really gets you into trouble.  Read this article:  One of The Most Common Infection Tactics Today for instructions on closing dangerous windows.

Third Rule: Maintain, Trust, and use YOUR Antivirus Properly.

This involves a few things. First, just like the lock on your front door, if it isn’t installed properly, maintained properly, and used properly, it won’t keep bad guys out. Installed properly is fairly obvious. If there is an error during installation, it ain’t werkin. Remove the antivirus, reinstall it, or pick a different one. Second, maintaining the security system properly. If the subscription runs out or the software stops updating, it is not properly maintained. Just like the lock on your front door, if the screws are hanging out, it ain’t protecting you. Fix it or you will have an intrusion. Second, you have a security system. This is like your computers security guarding company. If your house is guarded by Brink’s Home Security, you wouldn’t trust a guy from ACME Security Systems to come and fix a security problem, but this is exactly what happens. Some fake antivirus warning pops in front of your face warning you of all of these infections, but if it is not YOUR antivirus, RUN!!! Third, Use Your Security System Properly. If you have a lock on your front door that you never lock and you invite anyone who knocks to “come on in”, no lock can protect you. Using your antivirus properly means that you do not invite everyone in and that you scan everything that you download before you run it. If you don’t use your antivirus properly, you will get infected and your computer will die. Just like the lock on your front door, its only a matter of time until a bad guy tries to open it.

These are the three rules to avoid getting a virus on your computer. These are the three rules that, if everybody followed, I would loose 80% of my computer repair business overnight. But these are the three rules that so few people follow, so, my job is secure. Keep breaking these rules and, as a computer repair technician, I’ll always have work. But, if you can follow these rules, I can finally stop that insanity and do something I really like. So, be smart, be careful, and be virus free.

Computer Clarity

Over the last ten years, I have removed close to a half million viruses from thousands of computers.  One of the most common questions that I am asked is: “Why do these people write viruses?”  The answer is that there are several types of people writing different types of malware for several different purposes.  Here are some examples:

Vandals-
These people are like the punks that vandalize property for fun.  They are in small cliques and they try to impress each other by infecting the most computers in the shortest amount of time.  One virus from around seven years ago infected over 250,000 computers in 24 hours.  This one made all of the desktop icons run away from the mouse arrow.  This group of cyber-vandal virus writers wrote most of the early viruses, but as a percentage of all viruses discovered to date, they are less significant than some of the other groups.

People with a grudge-
Another small group of people who wrote many early viruses are the people with grudges against Microsoft, the government, corporations, or specific professions.  One virus from around six years ago called Magistrate targets attorneys.  This virus would infect a computer, search for any document containing legal terms and mail it out to everyone in the address book.  Other viruses would infect as many computers as possible, then tell all of them at the same time to try to access a web site or other internet server causing such high traffic that the server shuts down.

Cyber Warfare against the United States-
Over the last five years, another form of covert warfare has emerged.  Many antivirus companies have reported a high number of viruses originating in China, North Korea, and Iran.  They also report that these viruses seemed to be designed to infect English speaking countries specifically.  This is The Art of War in its perfect modern adaptation: never attack your enemy army directly when you can weaken your enemy infrastructure indirectly.   By infecting home, business, and government computers, the enemies of the United States can decrease our overall productivity, increase our population’s general level of stress and irritation, and possibly steal some secrets along the way.

Info Thieves-
These are the writers of the spyware floating around the internet.  They are looking for passwords, account numbers, social security numbers, and anything else that would give them access to your credit, money, or your identity.  This group and the next are both the fastest growing and the most damaging types of threats.

Viruses for Profit-
This group started out writing the adware that makes all of the popup ads fill a computer screen every time the computer connects to the internet.  They make arrangements with advertisers to get paid a few pennies every time their popup ad hits a desktop.  With a few hundred ads popping up on a few hundred thousand computers every day, these viruses generate income.  But a much more serious threat in this group has emerged.  Rogueware is software that impersonates an antivirus and attempts to entice the computer user to install the virus with warnings of viruses.  This is the biggest and fastest growing type of computer malware that I have seen so far.

<a href=”http://www.computerclarity.com/clarity-blog/?p=6″>See my article
concerning rogueware for more information.</a></p>

As you can see, the question “Why do people write viruses” has a logical answer.  Even if there are several types of virus writers with several motivations, people write malicious software because they are malicious people.

Computer Clarity

According to Panda Security and PandaLabs, the global leaders in computer security, “Rogueware consists of any kind of fake software solution that attempts to steal money from PC users by luring them into paying to remove nonexistent threats.”  They also point out the following facts:

• Rogueware attacks generate approximately $34 million per month for cybercriminals
• Each month rogueware infects approximately 35 million computers
• Twitter, Facebook, MySpace, and Digg, are used to spread rogueware
• Eastern Europe is the source of the majority of cybercriminals
• Rogueware is difficult to detect because it changes quickly

Because of these facts, your computer will encounter rogueware and your antivirus might not catch it.  So, what does a rogueware attack look like?  A window appears on your computer screen announcing the presence of viruses on your computer and offering to remove them if you pay them $40-$90.  If you don’t, the program starts hiding different windows controls and continues to warn you with popup windows until you do pay.  Then they will wait a random period of time before they do it again.  Once the rogueware is installed, it can be very difficult to remove, so it is best to catch and stop the installation attempt.  Fortunately this is very easy.  Rogueware tries to look like an antivirus.  You must know who your antivirus company is and don’t trust any other antivirus warning.  When you see a warning, identify what program is issuing the warning.  If it is not your antivirus software, then it is a rogue security officer trying to gain entry into your computer.

When this occurs on your computer you must close the window without following any of its instructions and without touching the window.   You must use the taskbar button below that represents the window, right click it, then hit close.  This should close the window, but if it does not, press and hold your power button on your computer.  You may lose any unsaved work, but it is better than removing the rogueware after the infection.

Rogueware and other types of malware threats are extremely prolific on the internet.  Antivirus companies are trying franticly to keep up with the threat, but only one is on top of it.  Panda Security makes and distributes the best computer security solutions and PandaLabs discovers the threats and writes the antivirus updates before the rest of the antivirus companies even know about it.  Several teams, each specialized in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc), work 24/7 to provide global coverage. To achieve this, they also have the support of TruPrevent® Technologies, which act as a global early-warning system made up of strategically distributed sensors to neutralize new threats and send them to PandaLabs for in-depth analysis. According to Av.Test.org, PandaLabs is currently the fastest laboratory in the industry in providing complete updates to users. According to my own test, Panda Security Solutions are the best available.

Computer Clarity