La Piazza Blog - PANDA SECURITY SUPPORT

Posted by Sean-Paul Correll, October 21,  2009
     
Banking Trojans are one of the most prevalent Malware species in the threat landscape today.  Malware authors aim to keep infections live and undetected long enough so that they can get what they are really after: money.

Financial motivations lead malware developers to craft the stealthiest banking Trojans to steal personal and financial data for further exploitation on the black market.  Day after day innocent victims are hacked with the end result being an emptied out bank account.

This video demonstrates how dangerous and stealthy banking Trojans can be and why we must continue to raise awareness on the issue.

Make sure your Panda Security–antivirus  solution is up-to-date, we’ll take care of protecting you while you use your bank online.
As you can see, the criminal mind is quite creative, but you can avoid falling victim by paying attention and implementing the necessary security measures.

Would you like us to mention any other information that can help people avoid these crimes? Why not tell us about it?

If you still have a banking trojan problem, we remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

e-Knowledge Department

Posted by Blanca Carton October 13, 2009

Twitter, Facebook and MySpace are highly popular social networks. Unfortunately, there are always hackers who try to exploit the success of these networks for financial gain. Such is the case of Twitter, which has become an easy target for hackers to distribute spam.

How can you protect against spam in Twitter?

• Disable the “followback auto” option. This way, you will be able to choose the people you want to follow.
• Do not access all the links you receive. Make sure you know who you are following. 
• Follow the spam profile in Twitter: http://twitter.com/spam. You can find good tips here. For example, according to a recent post,  “If you gave your login and password info to TwitViewer, we strongly suggest you change your password now. Thank you!”
• Install a complete security solution on the computer, preferably with an antivirus, firewall and phishing filter module.

If you follow these tips you will be protected against spam.

What type of spam could I have received?

The most common types are:

• Trending Subjects Spam: This spam searches for popular subjects (e.g. Michael Jackson’s new movie, store discounts, etc.) to publish similar tweets with malicious URLs.
• Tweet spam: This type of message comes from one user following another. Consequently, all the attached followers can see the tweet.
• Direct Message: This direct message comes from a follower. Therefore only the recipient can see it.

Don’t forget to follow us in Twitter @PandaTechSup and visit us at our New Tech Support Forum !!

Blanca Carton -  eknowledge Department

Posted by Nerea Bezares October 08, 2009

Some parents believe that if their children do not have access to new technologies, they may not be preparing them for the future. Consequently, they purchase a PC and pay for an Internet connection for their children to benefit from it.

• Do children really need a computer at home?
• How much time should they spend on the computer?
• What should and shouldn’t they do?

These answers can be provided by your children’s teachers, who will inform you: 

1. Whether they learn about new technologies at school and whether they need a PC at home. 
2. Whether the school has computers children can use out of school hours to do their homework.
3. Whether libraries and youth centers nearby offer basic courses, activities or free Internet use. 

Above all, teachers will know your children and can provide guidance regarding activities and the time they should dedicate every day, depending on their age and educational progress.

You will see children’s enthusiasm as they turn the computer on (without fear or prejudice), and the speed with which they assimilate concepts that adults have taken a long time to assimilate.

• Through educational games (music, letters, numbers, pictures, etc.) they expand their vocabulary, and improve their writing, reading, memory and motivation.
• When they search for information (mostly when working with other students or parents) children learn to overcome obstacles through team work, and are encouraged to share.
• On using social networks (Facebook, Twitter,…), they evolve as individuals feeling part of a group that has their same interests, etc. Remember that this point is not without risks.
• Later on, as children advance, let them explore in a controlled way, monitoring them at a distance. You will be increasing their security and autonomy.

We have found common guidelines among parents and children between four and eight years:

• Parents install games they have previously checked.
• Internet access is limited to specific pages through a control (Antivirus - Parental Control).
• During the week, limit computer use to an hour a day maximum.
• When children have the chance to play with friends, go for walks, on excursions, etc. turn the computer off. 
• If children behave badly, don’t let them use the computer. 
• In the case of adolescents, these guidelines are also valid, but slowly increasing their autonomy according to their level of responsibility.

All this, bearing in mind the danger and tips previously explained in this blog and in your children’s educational environment.

Tell us your experience and whether you want us to focus further on a specific area.

Nerea Bezares -  eknowledge Department

Posted by Miguel Corral Rivas October 01, 2009

We are all concerned, to one extent or another, about the new swine flu virus which is generating widespread alarm, and malware creators are wasting no time in exploiting this concern to spread malicious programs.

In this case they are using a Trojan, propagated massively via emails with messages about swine flu, to steal confidential information.

1. These Trojans enter computers when users open a PowerPoint presentation (“Pos.exe”) claiming to expose a ‘great secret about the financial conspiracy involving pharmaceutical laboratories’.
2. On running this attachment to emails, the Trojan is downloaded to the computer without the user’s knowledge, while the presentation is displayed on screen.
3. This backdoor Trojan, called WinVNC.A, is designed specifically to steal confidential information from users and send it to the creator of the malware.

Panda Security advises users to ensure that their antivirus is kept up-to-date and not to run attachments from dubious sources.

Similarly, for those people who do catch swine flu or have to spend a few days at home as a precaution, these recommendations are just as important. 

Of course in this case, we hope you get well soon!!

Miguel Corral Rivas -  Expert Technician

Yes, and you could also be paying for it without receiving any services whatsoever. And that’s not all.

Rogueware is a type of cyber-crime that involves offering fake antivirus products, with prices ranging from €35 to €56, designed to simulate detection of viruses on victims’ computers.

One of the most common variants of rogueware involves running fake scans of users’ computers from a Web page. 

The interface of the fake antivirus is practically identical to that of genuine programs. 

The names also have a genuine ring to them: Advanced Virus Remover, PC Security, Smart Defender Pro, System Security Protection, Antivirus XP 2009… 

Scan results are always positive, and the application will ask users if they would like to disinfect their computers. If users agree, the fake antivirus is downloaded, and victims are asked to pay for the license in order to remove the (nonexistent) threats.

In some cases, users will have simply wasted their money on buying a license for a program that will leave their computer just as it was in the first place. For the criminals this is a profitable business, and for users a serious security problem. 

In the worst cases, victims will have revealed confidential data, including bank details and credit card numbers which can then be used for identity theft or for stealing directly from accounts.

How to avoid downloading fake antivirus programs.

• Always use an antivirus from a recognized vendor. We don’t just mean ours, but any of those from familiar names among security providers.

This post has been written in collaboration with PandaLabs.

Have you ever found yourself in a similar situation? Why not tell us about it? By identifying fake antivirus programs we can prevent this fraud from spreading further.