La Piazza

Published by Javier Merchan, November 2010

Have you ever received an email from a supposed admirer in Russia or the Ukraine? If not, then either you don’t have email or your anti-spam protection is doing a fantastic job.

It goes like this. A stunningly attractive woman, normally from Russia, has found your email address and is writing to you because she wants to get to know you in person and visit your country. After you’ve exchanged a couple of emails with her, she falls hopelessly in love with you and desperately wants to meet you. So you think: How could she not fall in love with me? After all, I guess I can be quite charming.  And importantly, who could resist, after seeing her photo?

For all women reading this post: How can you say that you don’t understand men?  You see, we really are that simple.

Typical photos included in these emails:

Well, I’m sorry guys but I’m going to ruin it for you… for all your charm, you won’t end up marrying the beautiful Russian blonde. The girl of your dreams is, I’m afraid, just in your dreams.

Don’t get me wrong, I’m not saying you won’t meet and fall in love with someone as beautiful as this.  Just that it won’t happen like this.

This is one of the most popular Internet scams, just like the Nigerian letter, fake job offers and lottery prizes.  Yet people are still falling into the trap.

How do these scams work?

1. As with any other type of spam, thousands or millions of email addresses are harvested and spammed.  Obviously, the more mails sent, the greater the chance of finding potential victims.
2. The message claims to be from a girl, often from Russia, the Ukraine or other Eastern European countries, and include a photo (normally they use a model).
3. The messages are normally written in English or Spanish, two of the most widespread languages, with poor spelling and grammar, but given their nationality –and their looks- many seem prepared to excuse that.

   Typical message:
   

4. If you reply, you will soon hear from the girl, wanting to know all about you and no doubt telling you about how she intends to leave her country.  As you get more intimate, she will suggest coming to live with you, and will send you even more photos.
5. Then comes the crunch. Just when the girl is about to leave her country to meet you, some last-minute problem occurs (holdups with the visa, bribes that need to be paid, etc.). To resolve this, she will ask you for a small amount of money, anything from $500 to $1000. This, obviously, is where the fraud starts; the girl doesn’t exist, she is just an invention in order to defraud users.

Some years ago, this type of fraud tended to arouse more suspicion, yet now, with so many people participating in social networks (Facebook, Twitter, etc.), they have become more plausible. With so many personal profiles and email addresses in the public domain, people may think it feasible that somebody has seen their photos and has taken a liking to them.

What should I do if I’m targeted by one of these scams?

It’s normal that if you’re not aware of these types of criminal ploys, you might think that you have found true love on the Internet. So here are some practical tips that will help keep you out of harm’s way:

• Use your common sense. Always distrust emails from unknown sources. Even if you spend half your time in the gym and a real charmer, the chances of an unknown girl from another country wanting to know you via email are practically nil…  Love at first sight across the Internet is a very remote possibility. As a general rule, you should be highly suspicious of these kinds of contacts from the outset.

• Have a good antivirus installed that can detect spam. Many of these messages will be detected and classified as junk mail by most security solutions. This will help you be wary of the content of any such messages.

If however, you do fall victim to fraud, PandaLabs advises you to promptly report the crime to the police. Even though tracking down this type of crime can be complex, law enforcement agencies are becoming increasingly adept at dealing with cyber criminals.

You can find more information about Internet scams in Panda Security’s Press Center: top scams on the web

================================================================================

I have been working in Panda Security since 2001 and I am the PR Coordinator.  This may sound strange, but it consists of working with our offices worldwide to coordinate PR and Communication actions. I love sports (lately I prefer to watch rather than take part), reading and good movies… This is subjective, as some people may consider Rambo a good movie, and others may like French movies where the main characters look at each other through a window while the rain is pouring down it. You can contact me in http://twitter.com/javiermerchan or josejavier.merchan@pandasecurity.com

Published by Luis Corrons, November 2010

The Dutch High Tech Crime Team (THTC) of the National Crime Squad announced the dismantling of a dangerous botnet. This botnet is part of the Bredolab network, used by cyber-criminals to distribute malware on the computers of unwary users, infecting more than 30 million computers around the world.

How do Trojans work?
The main objective of this type of malware is to install other applications on the infected computer, so it can be controlled from other computers.

Trojans do not spread by themselves, and their name derives from the trick that the astute Greeks used to enter Troy in mythology: They reach computers hidden in an apparently inoffensive program, but in certain cases, when the application is run, a second program, the Trojan, infects the computer. This is a perfect example of a downloader-type Trojan.

What do Trojans do?
Like viruses, they can destroy files or information on hard disks. Yet they can also capture and forward confidential data to an external address or open communication ports, allowing intruders to remotely control your computer.

They can also capture keystrokes or record passwords entered by users. They are frequently used by cyber-criminals, for example, to steal bank details.

Means of infection:

1. Cyber-crooks look for vulnerabilities on websites and, once they find them, inject malicious code into the page in order to compromise it.
2. Trojans infect users’ computers as they access a compromised website. The Trojan triggers the infection directly without the user’s consent, or hides the malicious payload within other downloads carried out by the user.
3. Once on the user’s computer, the Trojan opens a backdoor for downloading other malware, or opens a port to remotely control the system.

According to PandaLabs, more than 50% of the malware received this year was Trojans. This is logical given that Trojans are designed, by and large, for financial gain, and they offer the best ROI to their creators.

In this presentation you can find out if you are infected and how to keep yourself safe from trojan infections:

Remember, “The most destructive virus sits between the keyboard and the chair”.  Don’t become the weak link on your computer!!

And as always, don’t forget that to protect yourself it is essential to have an antivirus program installed and up-to-date with an anti-spam filter. Any Panda Security solution will keep your computer free from Trojans and other malware.

Published by Ana Etxebarria, november 2010

I spent my whole childhood learning English. I’m not exaggerating; I started when I was three years old in the kindergarten, doing gym class and singing “head, shoulders, knees and toes…”

When it came to deciding which degree course to go for, I opted for my best subject and chose one of those courses that will guarantee you a place in the dole queue: English Philology.

At university I had to choose a second foreign language. I chose German. I didn’t learn very much, though I did get to spend an unforgettable year living in Munich, so I think that was the right decision.

Some years on, I feel I can say that my English is decent enough and in German I would be able to order a taxi, book a table in a restaurant and not much else.

But we are in 2010, and my linguistic limitations are no longer an obstacle to reading a Web page in German. Let’s take my company’s Web page as an example. It seems as if there is some kind of special Panda Security 2011 product discount, but I couldn’t tell you much more. Now, if you look closely, Google is kindly asking if we would like the page translated. So, would we? Yeah, why not?

The result is not great, but it may be good enough depending on what we’re looking for.

Let’s keep testing. I have copied a complete paragraph describing one of our products, Panda Global Protection 2011, into Google Translator.

The result is spectacular. It really is good. My conclusion is that you no longer need to know a language to be able to read newspapers, Web pages, etc.

Of course, these types of tools would never be able to tell us how to pronounce the words, or maybe they would?

Forvo (http://forvo.com/) offers the pronunciation of more than 700,000 words in the most common languages and in some that are not so common:

I could go on indefinitely about the countless translation applications that exist for iPhone or iPad, but I think we can leave it there for the moment.

To finish, I would say that it is no longer necessary to know a language in order to read it, but of course it would always be necessary in order to have a coffee, exchange ideas, or tell someone who doesn’t speak your language how you feel. I still think I chose a wonderful course at university, and although it has had nothing to do with my professional career, the memories I have from those years will be with me forever. Bye, Tschüss, Adiós!

Published by Javier Guerrero, November 2010

Many people think that when antivirus companies talk about the vast number of malware threats that exist, they are exaggerating in order to sell their software. In other words, they are scaremongering to frighten users into buying their products. That’s why when I write articles about malware, I like to refer to first-hand experiences, as I am going to do in this post.

Some time ago a friend called me, concerned because his computer displayed a window notifying him that it had been infected by malware; specifically 42 examples of all types of malware: viruses, spyware, adware, Trojans… This was a bit of a shock, as his anti-malware solution had only detected a couple of threats, which in theory it had deleted. What’s more, these warnings did not come from the antivirus, and neither would they let him eliminate the infection.

As I guessed his antivirus might’ve been out of date, I suggested he looked for a second opinion, and used our Panda ActiveScan free online scanner.

However, my friend was unable to install the ActiveScan scan module, neither with Internet Explorer nor with Firefox; something was stopping it. In fact, it had become virtually impossible to use the computer, so he couldn’t browse the Web, install or uninstall applications. It seemed that his computer had been hijacked by this application.

My suspicions were confirmed when (on going round to his house) I could see the window in question. It belonged to a (supposed) security product called “Personal Security”:

However, the problems I mentioned before suggested there was something dubious about this software. Also, my friend was quite sure he had not installed this product, at least not in the way one normally installs a product in Windows. It was also highly suspicious that his antivirus had not detected all the malware displayed in the window.

The conclusion was obvious: This was a fake or rogue antivirus.

What is a Rogue Antivirus?

This is a malicious application which, in the guise of a trial version of a normal antivirus, tries to trick users into believing that their computers have been infected by numerous examples of malware.

What’s the aim?

Money, of course. Users are then forced to buy a ‘full version’ of the application if they want to ‘disinfect’ their computers. Many people fall for this, either unwittingly, or because they want the system to return to normal.

The rogue antivirus we are talking about today displays the following window:

And obviously, there is a form in which victims are prompted to enter their personal and bank details.

This type of malware is now widespread, largely because it is successful in tricking many people, as the graphic interfaces used (windows, buttons, etc.) are often very professionally crafted.

For example, this particular fake antivirus displays a warning which is similar in appearance to the Windows Security Center:

How to avoid them

The careful and professional design of many of these programs make them particularly dangerous, as they will fool many users with little knowledge of IT security.

Although much of the usual advice we offer (use a good up-to-date antivirus, don’t download unknown programs, take care with USB devices, etc.) is just as valid in these cases, it is particularly important to be careful with the websites you visit.

One of the most common techniques used for spreading these fake programs is known as “Blackhat SEO” (we will talk about this in the next post), which basically manipulates Web search results, including links to malicious pages used to infect users. These pages provoke false infection warnings, prompting the user to click a button to download or install the product.

You should never click on any part of these windows, as this will start installation. In these cases try closing all windows using the ALT-F4 key combination, although the infection may have already taken place.

So, What happened to my friend?

We managed to resolve the problem by starting up in safe mode and manually deleting all files and registry entries corresponding to the fake antivirus. Of course we had to get this information through another computer, as the system had been completely hijacked by the intruder.

To end this post, I would just like to answer the question set out at the beginning: Yes, the threat of malware is real. We are not exaggerating it in the slightest.

===============================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer, etc. He is currently part of the interception unit and is responsible for the file and process interceptors in Panda Cloud Antivirus.