La Piazza

Published by Javier Guerrero, February 2011

Even though the protagonist of this new chapter in the Malware for Beginners series is no malware specimen, it does share a couple of features with viruses, Trojans and other threats: You can easily find them in your email inbox and they can be really annoying. Yes, we are referring to those scary, apocalyptic email messages…

Yes, you know, those messages that friends and colleagues forward to you -with the best of intentions- to let you know about the latest virus, or a threat so deadly that can blow up your computer, kill your dog with some mysterious radiation and turn your granny into a blood-craving zombie… And for which there is no cure, of course.

Well, seriously now, this type of email is quite frequent. Even though these emails are not dangerous in themselves and are not aimed at defrauding anybody, they alarm people by taking advantage of their lack of knowledge and fear, as they don’t really know the reality and limitations of malware.

Not so long ago I myself received one of these messages, which you can see below loosely translated:

Let’s take a look at sentences like “This is a virus that burns your entire hard disk”. They could have used the term “delete” or “format”, but obviously “burn” is far more spectacular. Of course, no virus can damage a hard disk like that. And do not forget that recommendation, This is the reason why you must send this email to all your contacts. Is there any email user who doesn’t hate this sentence?

Anyway, the scariest bit comes in the second paragraph, where you are prompted to “Shut down your computer immediately” without even opening the message, or you are said there is no fix for this threat. Finally, they even mention CNN’s coverage of the story, and Microsoft, which classifies this virus as the most dangerous ever.

To sum up: One thing is to inform users about the dangers of malware, and another one is to raise confusion and scare people for no reason with the sole purpose of achieving notoriety.

Finally, keep an antivirus installed and update it frequently. This is your barrier against spam and phishing.If you are not sure about something during the installation or update processes, don’t leave it for later. Look for the appropriate solution in the support forums available to you for any queries you might have.

Javier Guerrero Díaz
. R+D – Development Dept.
Panda Security

Published by Leyre Velasco, January 2011

The saga continues.. After presenting the Support video on how to activate 2011 products, today we would like to show you the new TechSupport video on how to carry out the download process.

[youtube=http://www.youtube.com/watch?v=0aqc79NpN2M&w=425&h=344]

This video, just like the other Support videos, are accessible both from the Support website as well as from the YouTube.

Posted by Blanca Carton, January 2011

Every year, PandaLabs, Panda Security’s anti-malware laboratory, publishes an annual malware report discussing the year’s most virulent threats. In 2010, this task was made all the more difficult as PandaLabs had to analyze and shift through no less than 20 million new viruses.

This report is also used as the basis for the company’s ‘Virus Yearbook’, which rather than a definitive list of threats that have infected most computers or caused more damage, is simply a summary of some of the viruses that, for one reason or another, have caught our eye.

Here are the Top Five:

1. The mischievous Mac lover: This title has been earned by a remote-control program with the worrying name of HellRaiser.A. It only affects Mac systems and needs user consent to install on a computer. Yet once installed, it can take remote control of the system and perform a whole host of functions… it can even open the DVD tray!
2. The Good Samaritan: Surely some of you will have guessed… Bredolab.Y comes disguised as a message from Microsoft Support claiming that a new security patch for Outlook has to be installed immediately… But watch out! If you download it you will have installed the SecurityTool rogueware, which will start telling you that your system is infected and that you should buy a certain solution to fix it. Of course, if you pay for the program, you will never receive it, it will not resolve the problem and that’s the last you will see of your money…
3. Linguist of the year: Our award for the linguist of the year goes to MSNWorm.IE. This virus, which in itself is nothing special, is distributed via Messenger with a link tempting the user into viewing a photo… in 18 languages!
4. The most annoying: Remember how viruses used to be? Or those ‘jokes’ that once installed would ask: “Are you sure you want to close the program? Yes – No?”. No matter what you clicked, the same screen would appear: “Are you sure you want to close the program?”, time and time again, enough to try the patience of a saint… Well that’s what this worm does: Oscarbot.YQ. Once it is installed, start praying, or doing yoga, or meditating… whatever you can think of, because it will drive you mad. Every time you close it, another screen opens asking another question, or opening a browser window, or… The most annoying, without a doubt.
5. Insect of the year: We would like to make special mention of the Mariposa (Butterfly) botnet, which was dismantled in March and led to the arrest of the creators thanks to the collaboration between Panda Security, the Spanish Civil Guard, FBI and Defense Intelligence… Like a true insect, it fed on the nectar of other people’s computers, flitting from one to another… and compromised a total of 13 million computers around the world.

How to protect yourself against attacks

The first rule is to use your common sense. If you receive an email message with attachments from a dubious source, delete it.

Be careful when surfing the Web. Avoid downloading programs from unknown websites. And even if you know the source, stay alert and take all necessary precautions before opening them.

Finally, to be completely protected it is essential that you have an antivirus installed and updated, regardless of whether your operating system is Windows or Mac.

Remember, if you have any questions about the operation of your product, you can always find the answers in the articles published on the Panda Security support website, in the videos posted on our YouTube Support Channel or by contacting our expert technicians through the Tech Support forum.

===============================================================================

This is an extract from the Post published by PandaLabs Recaps Year of Malware with its Virus Yearbook 2010

Published by Javier Guerrero, December 2010

The protagonist of this new chapter in the “Malware for Beginners” series is very significant as, even though this type of malware was not the first one to appear, it was the reason for the ‘boom’ of the viral phenomenon and became the epitome of what is today known as malware.

In fact, we still use today the term “virus” to refer to any type of malware in general, when reality shows that, except for the occasional surge, the number of viruses in circulation is much lower than that of Trojans, for example.

But, what is a virus?

Well, just as any other type of malware, a virus is a small program that “infects” other files. The infection process consists of introducing its code in the target file (normally an executable file) so that, from then on, the infected file will carry the virus and become a new source of infection.

It is due to this parasitic behavior that this type of file was compared to biological viruses. Computer viruses differ from other malware specimens like Trojans or worms in that the latter do not need a host to spread. Also, this characteristic makes them more complex to develop as a computer virus must know the internal structure of the file it tries to infect in order to be able to install on it.

These two aspects may explain why there are so few viruses currently in circulation compared to other malware strains. Also:

• Any error in the infection process could lead to file corruption and lack of usability.

• Finally, given that viruses affect all executable files on the system and any computer with the Windows operating system and the most popular applications installed may contain thousands of executable files, virus infections can be really spectacular and visible.

Obviously, this goes against the current strategy followed by malware writers, who now focus on silent attacks in order to profit financially from their creations.

And as always, don’t forget that to protect yourself it is essential to have an antivirus program installed and up-to-date with an anti-spam filter. Any Panda Security solution will keep your computer free from viruses and other malware.

Javier Guerrero Díaz
R+D – Development Dept.
Panda Security

===========================================================================

Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer. He currently works in the Interception Unit and is responsible for the Cloud AV file and process interceptors.

Published by Blanca Carton,  december 2010

Many of us are a bit reluctant to shop online as we believe we may fall victim to some scam. Even thought it is true that online shopping is sometimes subject to fraud, it is just enough to follow some basic tips to protect yourself when doing your Christmas shopping online.

What to bear in mind when shopping online

1. Only visit trusted sites. Look for pages with a professional appearance, pages from a well-known brand, sites displaying a customer service telephone number… It is very important to know who you are buying from.
2. Be wary of prize-drawings and ridiculously good offers. Read the conditions of each promotion carefully to avoid nasty surprises.
3. Pay for your purchases securely. You don’t necessarily need to always pay by credit card. There are different means of payment and, whenever possible, we recommend that you use cash on delivery to avoid surprises.If this is not possible and you choose to pay by credit card, remember that you will have to provide more information, and therefore you must be sure that the transaction will be completely safe.
4. Make sure you are on a HTTPS page: Web addresses normally start with ‘HTTP’, for example: http://www.pandasecurity.com/homeusers/downloads However, the pages you make online payments on must be more secure and they should start with ‘HTTPS’ https://shop.pandasecurity.com
5. It is advisable to have a bank account with a credit card associated with it for making online purchases. This account will contain just the money you need for this purpose, making monitoring easier.
6. Keep product warranties in a safe place. Besides handling the electronic aspect of online purchases, e-businesses must offer straightforward warranties on products bought. The Web page must contain the following information:
   • Means of payment
   • Delivery terms
   • Product warranties
   • Returns
7. If you find out that the product you receive is faulty, is different from the one you purchased or the delivery terms are not fulfilled, file a complaint through the company’s Customer Service Dept.
8. If you don’t receive any answers and you suspect there could be some kind of fraud, report it as soon as possible.
9. Finally, keep an antivirus installed and update it frequently. This is your barrier against spam and phishing.If you are not sure about something during the installation or update processes, don’t leave it for later. Look for the appropriate solution in the support forums available to you for any queries you might have, even during the holidays.

Follow these simple tips and you won’t have any surprises when it comes to doing your Christmas shopping on the Internet. The end result will be the smile of those receiving your presents.

Nothing else from my side, I’d like to wish you all very happy holidays in the company of your loved ones.

Published by Luis Corrons, November 2010

The Dutch High Tech Crime Team (THTC) of the National Crime Squad announced the dismantling of a dangerous botnet. This botnet is part of the Bredolab network, used by cyber-criminals to distribute malware on the computers of unwary users, infecting more than 30 million computers around the world.

How do Trojans work?
The main objective of this type of malware is to install other applications on the infected computer, so it can be controlled from other computers.

Trojans do not spread by themselves, and their name derives from the trick that the astute Greeks used to enter Troy in mythology: They reach computers hidden in an apparently inoffensive program, but in certain cases, when the application is run, a second program, the Trojan, infects the computer. This is a perfect example of a downloader-type Trojan.

What do Trojans do?
Like viruses, they can destroy files or information on hard disks. Yet they can also capture and forward confidential data to an external address or open communication ports, allowing intruders to remotely control your computer.

They can also capture keystrokes or record passwords entered by users. They are frequently used by cyber-criminals, for example, to steal bank details.

Means of infection:

1. Cyber-crooks look for vulnerabilities on websites and, once they find them, inject malicious code into the page in order to compromise it.
2. Trojans infect users’ computers as they access a compromised website. The Trojan triggers the infection directly without the user’s consent, or hides the malicious payload within other downloads carried out by the user.
3. Once on the user’s computer, the Trojan opens a backdoor for downloading other malware, or opens a port to remotely control the system.

According to PandaLabs, more than 50% of the malware received this year was Trojans. This is logical given that Trojans are designed, by and large, for financial gain, and they offer the best ROI to their creators.

In this presentation you can find out if you are infected and how to keep yourself safe from trojan infections:

Remember, “The most destructive virus sits between the keyboard and the chair”.  Don’t become the weak link on your computer!!

And as always, don’t forget that to protect yourself it is essential to have an antivirus program installed and up-to-date with an anti-spam filter. Any Panda Security solution will keep your computer free from Trojans and other malware.

Published by Javier Guerrero, November 2010

Many people think that when antivirus companies talk about the vast number of malware threats that exist, they are exaggerating in order to sell their software. In other words, they are scaremongering to frighten users into buying their products. That’s why when I write articles about malware, I like to refer to first-hand experiences, as I am going to do in this post.

Some time ago a friend called me, concerned because his computer displayed a window notifying him that it had been infected by malware; specifically 42 examples of all types of malware: viruses, spyware, adware, Trojans… This was a bit of a shock, as his anti-malware solution had only detected a couple of threats, which in theory it had deleted. What’s more, these warnings did not come from the antivirus, and neither would they let him eliminate the infection.

As I guessed his antivirus might’ve been out of date, I suggested he looked for a second opinion, and used our Panda ActiveScan free online scanner.

However, my friend was unable to install the ActiveScan scan module, neither with Internet Explorer nor with Firefox; something was stopping it. In fact, it had become virtually impossible to use the computer, so he couldn’t browse the Web, install or uninstall applications. It seemed that his computer had been hijacked by this application.

My suspicions were confirmed when (on going round to his house) I could see the window in question. It belonged to a (supposed) security product called “Personal Security”:

However, the problems I mentioned before suggested there was something dubious about this software. Also, my friend was quite sure he had not installed this product, at least not in the way one normally installs a product in Windows. It was also highly suspicious that his antivirus had not detected all the malware displayed in the window.

The conclusion was obvious: This was a fake or rogue antivirus.

What is a Rogue Antivirus?

This is a malicious application which, in the guise of a trial version of a normal antivirus, tries to trick users into believing that their computers have been infected by numerous examples of malware.

What’s the aim?

Money, of course. Users are then forced to buy a ‘full version’ of the application if they want to ‘disinfect’ their computers. Many people fall for this, either unwittingly, or because they want the system to return to normal.

The rogue antivirus we are talking about today displays the following window:

And obviously, there is a form in which victims are prompted to enter their personal and bank details.

This type of malware is now widespread, largely because it is successful in tricking many people, as the graphic interfaces used (windows, buttons, etc.) are often very professionally crafted.

For example, this particular fake antivirus displays a warning which is similar in appearance to the Windows Security Center:

How to avoid them

The careful and professional design of many of these programs make them particularly dangerous, as they will fool many users with little knowledge of IT security.

Although much of the usual advice we offer (use a good up-to-date antivirus, don’t download unknown programs, take care with USB devices, etc.) is just as valid in these cases, it is particularly important to be careful with the websites you visit.

One of the most common techniques used for spreading these fake programs is known as “Blackhat SEO” (we will talk about this in the next post), which basically manipulates Web search results, including links to malicious pages used to infect users. These pages provoke false infection warnings, prompting the user to click a button to download or install the product.

You should never click on any part of these windows, as this will start installation. In these cases try closing all windows using the ALT-F4 key combination, although the infection may have already taken place.

So, What happened to my friend?

We managed to resolve the problem by starting up in safe mode and manually deleting all files and registry entries corresponding to the fake antivirus. Of course we had to get this information through another computer, as the system had been completely hijacked by the intruder.

To end this post, I would just like to answer the question set out at the beginning: Yes, the threat of malware is real. We are not exaggerating it in the slightest.

===============================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer, etc. He is currently part of the interception unit and is responsible for the file and process interceptors in Panda Cloud Antivirus.

Published by Javier Guerrero,  October 2010

We use the term malware to refer generically to the multiple threats to which IT systems are exposed every day. However, this word covers a whole range of concepts with which, on the whole, most users are unfamiliar.

Although this is perfectly understandable (one of my favorite maxims is that “you don’t need to be mechanic to drive a car”), it’s not a bad idea to have an understanding of the mechanisms used by the different types of malware. So let’s start with something simple: keyloggers.

A keylogger is simply a component (generally software, although hardware-based keyloggers also exist) that registers keystrokes on a keyboard without the user’s knowledge.

Not too nasty really, is it? Nothing could be further from the truth. Keyloggers are used to steal information entered by users, such as:

• User names and passwords for starting OS sessions social network credentials.
• Credit card numbers. Keyloggers are a crucial element of many banker Trojans that steal this type of data and send it to hackers, who profit financially at the expense of unwitting users.In fact, most banks now implement measures in their Web services to protect against this threat, such as virtual keyboards.

In any event, the advice that we generally give for other types of malware also applies for keyloggers:

• Don’t download or run files from dubious sources
• Only browse trusted sites
• Use a good, up-to-date security suite.

And, of course, use your common sense. These are the best weapons in the fight against malware.

===================================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: The first Panda Platinum, Panda Security and Panda Security for Networks, involving firewall and TruPrevent technologies, file residents, Shield and the Cloud AV interception layer. He is currently part of the interception unit and it is responsible for the file and process interceptors in Cloud AV.

By Iñaki Gorostiza, September 22, 2010

Google Instant highlights just how marvelous human beings are: we can search for something at the same time as we read the results, without our heads exploding.

Instant is the result of 15 new technologies which, according to the people at Google, will help our searches return faster and more accurate results. An unprecedented act of generosity that will help us save five seconds for every search we make. Start thinking what you’re going to do with all this free time!

On the face of it, Instant is a significant advance in the mechanics of search engines, yet Adwords advertisers and behavioral philosophers dabbling in SEO have misgivings. Collective hysteria has erupted across social media, with apocalyptic predictions of the death of SEM and SEO.

This is nothing new, every time the search engine supreme engenders a new function (Google has delivered more than 540 search quality improvements since 2009) the Earth’s axis shifts another millimeter: Caffeine, Google Suggest, personalized searches, universal – realtime search, and now Instant. But, has anything really changed? Do we really have something to worry about?

What’s new in Google Instant?

Broadly speaking, three things are new:

• Dynamic results: Every time you type a letter, the SERP updates to display the results most relevant to what you have written.
• Predictions: Google will predict what you are looking for, and will display this prediction in light gray text.
  
• Textfield with Scroll: You can immediately mouse over the predictions and see the results.

Google Instant supports Chrome, Firefox, Safari and Internet Explorer 8+ and is already available to Google users in France, Germany, Italy, Russia, the UK, USA and Spain.

Although it is currently only implemented for Web searches (and accessed from a Google account), the plan is to include it in other content: videos, images, maps and news, as well as on other devices, such as cell phones.

Why Google Instant?

Google Instant, evidently, optimizes search time, and estimates suggest that users will save some 350 million hours over the next year.

It is also thought that Instant will improve the scope and quality of search results, in other words, our searches will be better.

Google hopes that these two factors will encourage users to make more searches with the consequent positive repercussions for its main source of monetization: its Adwords sponsored advertisements.

Moreover, Google Instant, as we will see below, will subtly favor PPC over organic results in the SERP. Everything suggests that this is another initiative from Google that will improve revenue while making us all happier individuals.

Redefining e-marketing metrics

The first direct consequence of Instant is that it redefines the concept of the impression, which is of essential importance to PPC.

Traditionally, an ‘impression’ has been defined as every time an Adwords advertisement is viewed in the SERP. Starting with this parameter, others such as the CTR or CR can be derived with a view to calculating the ROI of a campaign.

In this new scenario, where the SERP is dynamic, changing with every keystroke, Google does not count impressions until one of the following criteria has been met:

• The user clicks Enter to run the search.
• The user clicks the Search button.
• The user clicks a specific result.
• The user clicks a suggestion.
• The user does nothing for three or more seconds.

One aspect that I personally find lacking is that Google Analytics still doesn’t offer advertisers a way of segmenting traffic directed from Google Instant. Fortunately though, the community has made up for the omission by generating filters for this purpose. So what’s your take on this?

I’ll be following up this issue and shortly publish a second part to the article, looking at how Google Instant revolutionizes the SERP.

==================================================================================

Iñaki Gorostiza works in Panda Security as Web Development Responsable. Since joining the company in 2002, he has taken part in numerous projects, in the Development Area and online promotion. You can contact him on his blog http://www.hellogoogle.com, where he publishes articles that help companies grow on Internet, and at http://twitter.com/hello_google.

At Panda Security we are relentless in our efforts to advise users about the best way of protecting themselves from the continuous threat of malware. On this occasion, I would like to offer a new recommendation, which stems from an unfortunate experience I had recently.

A few weeks ago… I was hit by a virus.

Yeah, I know, I should hang my head in shame; I work as a developer for a major anti-malware company and I’m well aware of the risks. Anyway, I was messing about on my home computer, doing some less-than-sensible things and the inevitable happened.
At first I didn’t notice anything strange, but then some odd things start to happen; for example some games, like Steam or my treasured Battlefield, stopped working, the programs displayed error messages whenever I tried to run them, and my Internet connection went really slowly. Every user knows their own computer, and knows when something is not right, and in this case something was clearly not right.

Then finally the computer just wouldn’t start up, and displayed the BSOD (blue screen) in a critical controller for the Operating System; so critical in fact, that the computer wouldn’t even start in safe mode.

Ideally, at this point I would have had to have a safe boot disk with a commandline antivirus, like our Panda SafeCD, but I didn’t (cobblers’ children and all that…..). Then I remembered that I had two Operating Systems installed in dual-boot configuration, Windows XP and Windows 7:

Dual Operating System

So I could start up the other operating system, which wasn’t infected, launch our antivirus, detect the malware and eliminate it without needing a safe boot disk. So in this way, my dual-boot configuration was an unexpected and valuable ally against the malware that had infected my PC.

In short, this experience has taught me some valuable lessons:

Make sure you always have a way of starting your computer in the event that the operating system fails, whether this is via CD, DVD, USB drive, or as in my case, an alternative operating system installed on another partition.

Always make sure you have a set of tools available for analyzing and eliminating malware in a low resource environment (read commandline). Our free antivirus for command line is a good example. You’ll also find other free scanners and tools at http://free.pandasecurity.com/

Don’t take foolish risks with your system.
And at least if you are going to, don’t use the administrator account.