La Piazza Blog - PANDA SECURITY SUPPORT

Posted by Nerea Bezares, 29th October, 2009

Computer fraud is an everyday issue. We are becoming accustomed to hearing on the news about criminal groups that clone credit cards, hack mail accounts, bank accounts, etc.                                                                                                                                                                               

Most of these scams are carried out withour the user’s knowledge. The process is transparent until the scam is complete. However, in the case of phishing, users knowingly send their bank details to an email address (or website), and therefore have an active role in the scam.
 
Despite the best efforts of banks to warn users about these risks, victims still fall into the same traps. Today however, I would like to talk about another scam we have encountered on the Internet. It’s a traditional scam adapted to use a combination of new technologies to defraud users.
 
Ever heard of the pigeon drop scam before? Basically, it involves convincing a victim or ‘pigeon’ to give up a sum of money in order to obtain a larger sum of money. The result however is that the scammers end up with all the money.

There are many variations, but typically, the victim is presented with the chance by one of the scammers -who will often appear to be extremely naïve or stupid- to get a large sum of money (or valuable object) in exchange for a much smaller amount. A stranger (in reality, one of the scammers) will invariably appear, encouraging the victim to seize this ‘opportunity’. The victim hands over his money in exchange for the bag or envelope containing his sudden windfall, which, as the bag has been switched, turns out to be strips of newspaper or other worthless material. By this time the scammers have made off with the victim’s money, and the ‘pigeon’ will rarely report the crime through guilt or shame.
 
As innovation is all the rage among the criminal fraternity, we now have a technological version of this traditional scam. A user receives an email explaining how easy it is to become a hacker and get hold of a list of credit card numbers which can then be used to buy things online, transfer money out of people’s accounts, etc.

To access the list, the user simply has to forward his own credit card details to the sender of the email, who is –needless to say- the real hacker. The hacker will then be able to use the credit card for whatever he wants. The scammed user will not know how to explain it to the authorities, as on the one hand, he has given out his details voluntarily, and on the other, he did so to steal from other users.
 
What do you think about this scam? Do you think those who attempt to scam others deserve what they get?

We remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

Posted by Sean-Paul Correll, October 21,  2009
     
Banking Trojans are one of the most prevalent Malware species in the threat landscape today.  Malware authors aim to keep infections live and undetected long enough so that they can get what they are really after: money.

Financial motivations lead malware developers to craft the stealthiest banking Trojans to steal personal and financial data for further exploitation on the black market.  Day after day innocent victims are hacked with the end result being an emptied out bank account.

This video demonstrates how dangerous and stealthy banking Trojans can be and why we must continue to raise awareness on the issue.

Make sure your Panda Security–antivirus  solution is up-to-date, we’ll take care of protecting you while you use your bank online.
As you can see, the criminal mind is quite creative, but you can avoid falling victim by paying attention and implementing the necessary security measures.

Would you like us to mention any other information that can help people avoid these crimes? Why not tell us about it?

If you still have a banking trojan problem, we remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

e-Knowledge Department

Posted by Cristina Bermudez,  October 16, 2009

This is a relatively common question and the answer is:

Spam is the massive sending of UNSOLICITED email. 

Spam is not mail received due to a voluntary subscription to a distribution list (usually in exchange for relevant information), even if you consider it to be annoying, as long as you can easily unsubscribe with just a few clicks.

 Tips to avoid being saturated by large amounts of unwanted mail:

1. Be wary of messages received from unknown addresses. In general, any message from an unknown address could be spam. If it is unsolicited mail and you don’t know the sender, we advise you to delete it immediately.
2. Never open or respond to the spam message. If you open and respond to an unsolicited mail, you will be confirming the spammer your address is correct and in use, and you will probably receive more spam.
3. Only publish your address on trusted websites that guarantee the address will not be published and you will not receive unsolicited information. 
4. Install an antivirus - anti-spam filter on your PC, NOW! 
5. Do not take part in email forwards, as they are an important source of email addresses for spammers.
6. Incredible but true, you still draw your attention to messages like “The true origin of swine flu”, “Poor deformed child could be cured by forwarding this message”; there are numerous messages of this type and they are all false.

If, after following these tips, you still have a spam problem, we remind you we are in the  Tech Support Forum and on http://twitter.com/PandaTechSup

Critina Bermudez -  eKnowledge Department

Posted by Miguel Corral Rivas October 01, 2009

We are all concerned, to one extent or another, about the new swine flu virus which is generating widespread alarm, and malware creators are wasting no time in exploiting this concern to spread malicious programs.

In this case they are using a Trojan, propagated massively via emails with messages about swine flu, to steal confidential information.

1. These Trojans enter computers when users open a PowerPoint presentation (“Pos.exe”) claiming to expose a ‘great secret about the financial conspiracy involving pharmaceutical laboratories’.
2. On running this attachment to emails, the Trojan is downloaded to the computer without the user’s knowledge, while the presentation is displayed on screen.
3. This backdoor Trojan, called WinVNC.A, is designed specifically to steal confidential information from users and send it to the creator of the malware.

Panda Security advises users to ensure that their antivirus is kept up-to-date and not to run attachments from dubious sources.

Similarly, for those people who do catch swine flu or have to spend a few days at home as a precaution, these recommendations are just as important. 

Of course in this case, we hope you get well soon!!

Miguel Corral Rivas -  Expert Technician

Posted by Blanca

Twitter, Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn.

Data posted on the sites - name, date of birth, address, job details, email and phone numbers - is a windfall for hackers.

A vicious virus Koobface - “koob” being “book” in reverse - has affected thousands of Facebook and Twitter users since August 2008, said Asier Martinez, our security specialist. “Its spread has been very significant and it has been detected in 4,000 different variants,” he said.

The virus hijacks the accounts of social networking site users and sends messages steering friends to hostile sites containing malware, a malicious software often designed to infiltrate a computer system for illicit purposes.

In one of its variants, Koobface sends the victim a warning that its Flash player is outdated along with an invitation to download a new version, which is in fact the virus.

Remenber that malware can be used to steal bank account data or credit card information once installed on a personal computer.

Facebook has sought to resist attacks by Koobface and similar viruses by blocking links to hostile sites and shutting down accounts from users that show signs of infection, such as sending too many messages.  You also must be very careful with people who ask to join your friends list adding that hackers often sent requests.

Another danger of social networking sites are:

• The popular quizzes.
• Horoscopes and games made available for free to users which can sometimes be used to hide links to hostile sites.
• Birthday greetings as well as messages sent at Christmas and other holidays may also appear to come from friends when in fact they are linked directly to sites that try to convince would-be victims to reveal personal information like passwords or bank numbers.

The number of viruses detected in recent years has exploded while the profile of cyber-criminals has changed. Before it was very savvy teenagers who wanted to show off their computer skills. Now you don’t really need to know much about information technology to be a hacker, all the tools have already been created.

Now, why not sharing with me some of your experiences?