La Piazza

Published by Javier Guerrero, February 2011

Even though the protagonist of this new chapter in the Malware for Beginners series is no malware specimen, it does share a couple of features with viruses, Trojans and other threats: You can easily find them in your email inbox and they can be really annoying. Yes, we are referring to those scary, apocalyptic email messages…

Yes, you know, those messages that friends and colleagues forward to you -with the best of intentions- to let you know about the latest virus, or a threat so deadly that can blow up your computer, kill your dog with some mysterious radiation and turn your granny into a blood-craving zombie… And for which there is no cure, of course.

Well, seriously now, this type of email is quite frequent. Even though these emails are not dangerous in themselves and are not aimed at defrauding anybody, they alarm people by taking advantage of their lack of knowledge and fear, as they don’t really know the reality and limitations of malware.

Not so long ago I myself received one of these messages, which you can see below loosely translated:

Let’s take a look at sentences like “This is a virus that burns your entire hard disk”. They could have used the term “delete” or “format”, but obviously “burn” is far more spectacular. Of course, no virus can damage a hard disk like that. And do not forget that recommendation, This is the reason why you must send this email to all your contacts. Is there any email user who doesn’t hate this sentence?

Anyway, the scariest bit comes in the second paragraph, where you are prompted to “Shut down your computer immediately” without even opening the message, or you are said there is no fix for this threat. Finally, they even mention CNN’s coverage of the story, and Microsoft, which classifies this virus as the most dangerous ever.

To sum up: One thing is to inform users about the dangers of malware, and another one is to raise confusion and scare people for no reason with the sole purpose of achieving notoriety.

Finally, keep an antivirus installed and update it frequently. This is your barrier against spam and phishing.If you are not sure about something during the installation or update processes, don’t leave it for later. Look for the appropriate solution in the support forums available to you for any queries you might have.

Javier Guerrero Díaz
. R+D – Development Dept.
Panda Security

Published by Iñaki Gorostiza,  January 2011

SEO is an attractive area of e-marketing, as soon as you start to get into it you realize that it requires very little theoretical technical knowledge, and that a little common sense will take you a long way.

In fact, this gives us a clue as to why there are so many self-proclaimed ‘gurus’ in this field.

I for one believe that a company can deal with SEO in-house, and that there is no need for external gurus to tell you how to ‘train’ your websites to jump through hoops for Google; trust in your own people, who know your market and your clients, and are more than capable of doing the job.

While it’s true that 80% of the positioning of a Web page is determined by factors such as domain authority and the popularity of back-links (off-page factors) the rest is down to the editor of Web content.

That’s right, I’m talking about you!

So here I would like to offer a series of ‘on-page’ tips. A few observations to remember when editing content for search engines:

• “He who does not think much of himself is much more esteemed than he imagines”. -Goethe
  As I said before, there is no one in the world that knows your company and clients better than you. If you learn from your clients by thinking like they do, you have achieved the most difficult part of your job.
• It is important to know how to write for search engines, but it is more important to know how to write for people.
• There is nothing more damaging for a website than the soulless contributions of a SEO technician who does not understand the above premise.
• The work of SEO technicians has two objectives:
  1. To position the Web page ABOVE the competition.
  2. To create an effective SNIPPET.
• Whether a user reaches your Web page or that of the competition depends therefore on VISIBILITY: appearing BEFORE and appearing BETTER!
• The title of a page is the main source of information for search engines.
• A good title can be enough to correctly position the page.
• A bad title can bring down any SEO strategy.
• Each page of your website should have its own unique and non-transferable title.
• Always display your brand in the title.
• Include the most important keywords in the title.
• And if you can achieve all the above in 65 characters or less, all the better.

I’ll continue in the next article! Until then…

============================================================================

Other articles published by Iñaki Gorostiza:

• An instant with Google Instant

• SEO & hackers, an odd couple

• Google Instant revolutionizes the SERP

You can contact Iñaki Gorostiza on his blog http://www.hellogoogle.com, where he publishes articles that help companies grow on Internet, and at http://twitter.com/hello_google.

Published by eKnowledge team, December 2010

Dear readers,

Thank you all for your support during this year.

Our wish for the New Year is to keep having your priceless support in order to continue developing and enhancing the Great Community we build together day by day.

We wish you all a very Merry Christmas and a Happy New Year and we want to share this little present with you. Click on the image below:

With our best wishes,

The eKnowledge team

Published by Javier Merchan, November 2010

Have you ever received an email from a supposed admirer in Russia or the Ukraine? If not, then either you don’t have email or your anti-spam protection is doing a fantastic job.

It goes like this. A stunningly attractive woman, normally from Russia, has found your email address and is writing to you because she wants to get to know you in person and visit your country. After you’ve exchanged a couple of emails with her, she falls hopelessly in love with you and desperately wants to meet you. So you think: How could she not fall in love with me? After all, I guess I can be quite charming.  And importantly, who could resist, after seeing her photo?

For all women reading this post: How can you say that you don’t understand men?  You see, we really are that simple.

Typical photos included in these emails:

Well, I’m sorry guys but I’m going to ruin it for you… for all your charm, you won’t end up marrying the beautiful Russian blonde. The girl of your dreams is, I’m afraid, just in your dreams.

Don’t get me wrong, I’m not saying you won’t meet and fall in love with someone as beautiful as this.  Just that it won’t happen like this.

This is one of the most popular Internet scams, just like the Nigerian letter, fake job offers and lottery prizes.  Yet people are still falling into the trap.

How do these scams work?

1. As with any other type of spam, thousands or millions of email addresses are harvested and spammed.  Obviously, the more mails sent, the greater the chance of finding potential victims.
2. The message claims to be from a girl, often from Russia, the Ukraine or other Eastern European countries, and include a photo (normally they use a model).
3. The messages are normally written in English or Spanish, two of the most widespread languages, with poor spelling and grammar, but given their nationality –and their looks- many seem prepared to excuse that.

   Typical message:
   

4. If you reply, you will soon hear from the girl, wanting to know all about you and no doubt telling you about how she intends to leave her country.  As you get more intimate, she will suggest coming to live with you, and will send you even more photos.
5. Then comes the crunch. Just when the girl is about to leave her country to meet you, some last-minute problem occurs (holdups with the visa, bribes that need to be paid, etc.). To resolve this, she will ask you for a small amount of money, anything from $500 to $1000. This, obviously, is where the fraud starts; the girl doesn’t exist, she is just an invention in order to defraud users.

Some years ago, this type of fraud tended to arouse more suspicion, yet now, with so many people participating in social networks (Facebook, Twitter, etc.), they have become more plausible. With so many personal profiles and email addresses in the public domain, people may think it feasible that somebody has seen their photos and has taken a liking to them.

What should I do if I’m targeted by one of these scams?

It’s normal that if you’re not aware of these types of criminal ploys, you might think that you have found true love on the Internet. So here are some practical tips that will help keep you out of harm’s way:

• Use your common sense. Always distrust emails from unknown sources. Even if you spend half your time in the gym and a real charmer, the chances of an unknown girl from another country wanting to know you via email are practically nil…  Love at first sight across the Internet is a very remote possibility. As a general rule, you should be highly suspicious of these kinds of contacts from the outset.

• Have a good antivirus installed that can detect spam. Many of these messages will be detected and classified as junk mail by most security solutions. This will help you be wary of the content of any such messages.

If however, you do fall victim to fraud, PandaLabs advises you to promptly report the crime to the police. Even though tracking down this type of crime can be complex, law enforcement agencies are becoming increasingly adept at dealing with cyber criminals.

You can find more information about Internet scams in Panda Security’s Press Center: top scams on the web

================================================================================

I have been working in Panda Security since 2001 and I am the PR Coordinator.  This may sound strange, but it consists of working with our offices worldwide to coordinate PR and Communication actions. I love sports (lately I prefer to watch rather than take part), reading and good movies… This is subjective, as some people may consider Rambo a good movie, and others may like French movies where the main characters look at each other through a window while the rain is pouring down it. You can contact me in http://twitter.com/javiermerchan or josejavier.merchan@pandasecurity.com

Published by Ana Etxebarria, november 2010

I spent my whole childhood learning English. I’m not exaggerating; I started when I was three years old in the kindergarten, doing gym class and singing “head, shoulders, knees and toes…”

When it came to deciding which degree course to go for, I opted for my best subject and chose one of those courses that will guarantee you a place in the dole queue: English Philology.

At university I had to choose a second foreign language. I chose German. I didn’t learn very much, though I did get to spend an unforgettable year living in Munich, so I think that was the right decision.

Some years on, I feel I can say that my English is decent enough and in German I would be able to order a taxi, book a table in a restaurant and not much else.

But we are in 2010, and my linguistic limitations are no longer an obstacle to reading a Web page in German. Let’s take my company’s Web page as an example. It seems as if there is some kind of special Panda Security 2011 product discount, but I couldn’t tell you much more. Now, if you look closely, Google is kindly asking if we would like the page translated. So, would we? Yeah, why not?

The result is not great, but it may be good enough depending on what we’re looking for.

Let’s keep testing. I have copied a complete paragraph describing one of our products, Panda Global Protection 2011, into Google Translator.

The result is spectacular. It really is good. My conclusion is that you no longer need to know a language to be able to read newspapers, Web pages, etc.

Of course, these types of tools would never be able to tell us how to pronounce the words, or maybe they would?

Forvo (http://forvo.com/) offers the pronunciation of more than 700,000 words in the most common languages and in some that are not so common:

I could go on indefinitely about the countless translation applications that exist for iPhone or iPad, but I think we can leave it there for the moment.

To finish, I would say that it is no longer necessary to know a language in order to read it, but of course it would always be necessary in order to have a coffee, exchange ideas, or tell someone who doesn’t speak your language how you feel. I still think I chose a wonderful course at university, and although it has had nothing to do with my professional career, the memories I have from those years will be with me forever. Bye, Tschüss, Adiós!

Published by José Manuel Bernal, October 27th 2010

We are happy to announce that we just released Panda Cloud Antivirus version 1.3.

This new version of Panda Cloud Antivirus has been made possible thanks to our large community of users and specially to our Support Forum Trusted Mods who have helped a lot of users and gathered enough feedback to incorporate major improvements as well as many different bug fixes. All new features have been included in both the Free and Pro Edition.

If you have Panda Cloud Antivirus 1.1.0, 1.1.1 or 1.1.2, you will get the upgrade automatically and transparently.

If you don’t have Panda Cloud Antivirus installed yet you can download it from www.cloudantivirus.com

What’s new at the latest Cloud Antivirus version?

The new Cloud AV version includes:

• Malicious Web & URL Filtering. This feature blocks websites that push malware, exploits and drive-by downloads. It is available both in Free and in Pro Editions and is installed by the toolbar. Unlike similar solutions, this web filtering works at a low level so it works under all browsers: Internet Explorer, Firefox, Chrome, Safari, etc.For those of you that didn’t install the toolbar but would like to install the Web & URL Filtering, you can download it from here and install it manually.

• Unified Recycle Bin and Quarantine. Previously the Recycle Bin handled suspicious detections and the Quarantine handled deleted malware detections. This has been unified into a new Recycle Bin for ease of management. This is included in both Free and Pro Editions.

• Automatic and transparent upgrades to new product versions, previously only available in the Pro Edition, this is now available in the Free Edition as well. All users of Free Editions versions 1.1.0, 1.1.1 and 1.1.2 will automatically and transparently upgrade to the new 1.3. See notes below for the upgrade schedule.

• No more nagging advertising. After listening to many of you we have decided to turn off the nagging advertising popups prompting to upgrade to Pro Edition. If you want to support Panda Cloud Antivirus and wish to get the Pro Edition, you can do so from here, but we won’t bug you anymore from the popups.

• Hot updating of behavioural blocking rules. In order to increase protection on the fly against new vulnerabilities and attacks and to fix false positives, hot updating of behavioural blocking rules allows faster response time in both the Free and Pro Editions.

• Immediate notifications of virus detections. Previously if Panda Cloud Antivirus encountered multiple viruses, it would delay its traybar notification and show them grouped. This behaviour has been changed so that the notifications are shown immediately.

• Suspicious detection counter. Under the statistics window there’s some new counters for the different types of heuristics and behavioural detections.

• New versioning format. Unified versioning format in GUI and other parts of the program.

• Many bugfixes as reported by users in our support forum:

1. Fixed issue with Windows 7 Start menu slow-down.
2. Fixed Panda traybar icon disappearing.
3. Fixed “you are not connected to the Internet” message when there is connection.
4. Fixed issue when Free Edition users can activate behavioural analysis.
5. Fixed slow-down and conflicts while playing Allods Online and AION.
6. Fixed cloud-response time configuration which defaults to 30 seconds.
7. Fixed constant accesses to the floppy disk drive.
8. Fixed BSOD issue after install.
9. Fixed bug while exporting an empty report to TXT/CSV.
10. Fixed Conficker detection.
11. Fixed BSOD while compressing malicious PDFs.
12. Fixed translation errors.

Panda Cloud Antivirus version free and Panda Cloud Antivirus version paid

The basic version will remain free, and those who wants to buy superior version with more features and tech support can pay for the Pro one for 29,95.

Panda Cloud Antivirus Support Forum

I’d like to encourage anybody who needs help to contact me or any other moderator through our support forum. I am sure we can be of great help to answer any questions you might have.

You will have a whole support team available to you, including the following moderators: intrepid44, Shadowman, swejuggalo, Ibrad09, GoneToPlaid, budee and kilps. Also, I’d like to take this opportunity to thank them all for their great job.

Take part in the forum and tell us your opinion!

Note: More information in Panda Cloud Antivirus Blog

Published by Luis Corrons, October  7, 2010

Latest news!!

According to Tieve.tk, the ‘Anonymous’ cyber-activist group, has called on its community to launch a distributed denial of service attack (DDoS) at midnight (00:00h CET) October 7 against the Spanish copyright protection society (SGAE). This group, in an initiative called “Operation Payback”, has been launching denial of service attacks against various targets in recent weeks as a response to the attempted closure of free file-sharing websites.

SGAE

A distributed denial of service attack (DdoS) involves launching numerous requests at a server hosting the Web page so that the hosting service cannot cope with the load and the server ‘crashes’, i.e. the service is suspended. In this case, for example, anyone trying to access the SGAE website may not be able to reach the domain.

On September 17 we witnessed what could be deemed the first organized mass cyber-protest on the Internet, against the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA), bodies that set out to protect copyright and distribution rights, as a response to the action that both these organizations have been undertaking against free file-sharing sites: they had contracted an Indian software company to launch attacks against sites such as The Pirate Bay, forcing them to close.

Details of the attacks, which have been monitored in real-time by our researcher Sean-Paul Correll are available here.

Published by Iñaki Gorostiza, september 29,  2010

This follow-up to the piece An instant with Google Instant furthers the analysis of this issue.

The SERP has changed, or better still, the SERP now changes with every keystroke:

• The first page is now the key component of the search. Where before it was already unlikely that a user would go beyond the second or third page of results returned, Google Instant brings the relevance of the Top 10 results into even sharper focus.

• The visual content fully captures the user’s attention. The SERP becomes a kaleidoscope where Web maps, images and videos stand out against any text content.

• Google Instant minimizes bad searches due to spelling or grammatical errors, and this has a direct impact on those pages that feed off such mistakes.

• The space on the SERP dedicated to organic results is reduced in favor of suggestions. This can lead to a page where there is just one organic result for every eight sponsored links. Let’s take a look:

• Now more than ever, webmasters will have to draw Google users’ attention with the title and snippet (the brief text below the title describing the Web page).

• Interestingly, adult pages are ignored by Google Instant. Try searching, say, for “sex” and you’ll see that the search engine does nothing. Of course certain search terms may suffer collateral damage, careful if you’re looking for “Whorfian hypothesis” for example.

• The influence of the ‘long tail’ is questionable:
  • The long tail can be partially cannibalized by head terms, as before a long search term such as “Antivirus in Spanish compatible with Windows 7″ is entered, a ‘good enough’ result may be displayed.
  • It’s also true that simple searches, such as “Antivirus” will generate more specific suggestions such as “Free antivirus in Spanish”.

• Well known brands will benefit: after entering just one or two letters, don’t be surprised to see the name of a famous company.

It only takes an instant to forget a lifetime, but sometimes even a lifetime isn’t enough to forget an instant.

In a few months we will know exactly the impact that Google Instant has on the search trends of users, as well as on Search Marketing strategies. For the moment, we just have to make educated guesses.

While it’s true that Google Instant represents a significant step forward, it shouldn’t really alter the fundamentals of SEO/SMO, at least not to the extent that some fear. Sleep tight everyone.

==============================================================================

You can contact Iñaki Gorostiza on his blog http://www.hellogoogle.com, where he publishes articles that help companies grow on Internet, and at http://twitter.com/hello_google.

Published by Javier Guerrero, July 15th, 2010

The computer security industry, just like many others, has it own share of urban myths. This short article deals with one of the most popular and also most absurd ones.

A few days ago I was talking to a friend and during the conversation he asked me, half jokingly, if antivirus manufacturers also developed their own viruses.  I was quite surprised to learn that this myth, which I thought had long since disappeared, is still very much alive. Actually, at first I completely ruled out the possibility of writing about it, as I found it completely ridiculous and because Panda Security (and every other security software developer) has been laughing off this idea for years now, the last time on our CEO Juan Santana’s blog IT security myths.

So, even though it is sufficient to use your common sense to realize there is absolutely no truth behind this, we will try once again to dismantle this ‘conspiracy theory’.

The security industry has been around for many years now. And surely if this myth were true, it would have been uncovered a long time ago, with the subsequent scandal and damage to all companies in the security sector. Of course, no serious company could possibly take a chance on something like this.

Nevertheless, the most solid, irrefutable argument against this assumption is the fact that antivirus vendors have never needed to develop their own malware creations.

Of course I have first-hand experience with this: My first job at Panda, back in 1997, consisted of analyzing viruses and extracting their ‘signatures’ to add them to our knowledge database. Well, already by then we had more than enough malware samples to catalog, and I personally entered as many as 1,000 specimens in a little over one year. Since then, the number of threats in circulation has grown exponentially up to the point of generating an entire industry which has forced security vendors to come up with new ways to process such huge amounts of malware. In Panda Security’s case, it led us to develop ‘Collective Intelligence’ which has proven to be highly efficient solution.

Therefore: No, the security industry has never needed to develop any malware, not even as a proof-of-concept, as unfortunately for all of us, there is no lack of bad guys out there…

Javier Guerrero Díaz // R+D – Development Dept. // Panda Security

Posted by Ana Etxebarria, July 14th, 2010

This blog is called La Piazza or ‘the Square’ as we though it should serve as a meeting place for us to discuss things. And in line with such a Latin tradition, in this square you don’t only talk but also listen to others.

However, nothing is perfect and you cannot ignore the fact that public squares have always been a place for gossiping and spreading rumors. Then, over time, television came and filled our lives with idle chat about people we haven’t even met personally.

Television’s great danger is that, from the start, many people thought whatever appeared on the screen was real. Consequently, lies that in the past never reached further than a household or village became the talk of the nation within hours. And the same can be said about the damage they caused.

However, the world kept evolving and national television gave way to the World Wide Web. Our little town squares went global, so any piece of gossip, true or false, spread like wildfire within seconds. This is undoubtedly a reality that has many advantages but also some risks.

In my opinion, the biggest threat is that of taking for granted that any news item that appears on a blog, the Wikipedia or any other Internet site is true. You can tell a lie a thousand times, but it’s still a lie. You have to be prudent, check the source, get information from sites with other views… before taking a piece of information as true just because you ‘read it on the Internet’. Otherwise, it doesn’t matter if we live in the age of information, you will still be as misinformed as ever.

Let me finish with a couple of articles on false news posted on Wikipedia and echoed by the media as being true:

• http://tech.slashdot.org/article.pl?sid=09/02/10/2211220
• http://www.msnbc.msn.com/id/30699302/

I am also posting the link of a satirical online publication which, even though it doesn’t intend to pass any of its news off as true, still gets harsh criticism from some readers who take it seriously: The Onion

Enjoy it! : -)