La Piazza

Published by Javier Guerrero, November 2010

Many people think that when antivirus companies talk about the vast number of malware threats that exist, they are exaggerating in order to sell their software. In other words, they are scaremongering to frighten users into buying their products. That’s why when I write articles about malware, I like to refer to first-hand experiences, as I am going to do in this post.

Some time ago a friend called me, concerned because his computer displayed a window notifying him that it had been infected by malware; specifically 42 examples of all types of malware: viruses, spyware, adware, Trojans… This was a bit of a shock, as his anti-malware solution had only detected a couple of threats, which in theory it had deleted. What’s more, these warnings did not come from the antivirus, and neither would they let him eliminate the infection.

As I guessed his antivirus might’ve been out of date, I suggested he looked for a second opinion, and used our Panda ActiveScan free online scanner.

However, my friend was unable to install the ActiveScan scan module, neither with Internet Explorer nor with Firefox; something was stopping it. In fact, it had become virtually impossible to use the computer, so he couldn’t browse the Web, install or uninstall applications. It seemed that his computer had been hijacked by this application.

My suspicions were confirmed when (on going round to his house) I could see the window in question. It belonged to a (supposed) security product called “Personal Security”:

However, the problems I mentioned before suggested there was something dubious about this software. Also, my friend was quite sure he had not installed this product, at least not in the way one normally installs a product in Windows. It was also highly suspicious that his antivirus had not detected all the malware displayed in the window.

The conclusion was obvious: This was a fake or rogue antivirus.

What is a Rogue Antivirus?

This is a malicious application which, in the guise of a trial version of a normal antivirus, tries to trick users into believing that their computers have been infected by numerous examples of malware.

What’s the aim?

Money, of course. Users are then forced to buy a ‘full version’ of the application if they want to ‘disinfect’ their computers. Many people fall for this, either unwittingly, or because they want the system to return to normal.

The rogue antivirus we are talking about today displays the following window:

And obviously, there is a form in which victims are prompted to enter their personal and bank details.

This type of malware is now widespread, largely because it is successful in tricking many people, as the graphic interfaces used (windows, buttons, etc.) are often very professionally crafted.

For example, this particular fake antivirus displays a warning which is similar in appearance to the Windows Security Center:

How to avoid them

The careful and professional design of many of these programs make them particularly dangerous, as they will fool many users with little knowledge of IT security.

Although much of the usual advice we offer (use a good up-to-date antivirus, don’t download unknown programs, take care with USB devices, etc.) is just as valid in these cases, it is particularly important to be careful with the websites you visit.

One of the most common techniques used for spreading these fake programs is known as “Blackhat SEO” (we will talk about this in the next post), which basically manipulates Web search results, including links to malicious pages used to infect users. These pages provoke false infection warnings, prompting the user to click a button to download or install the product.

You should never click on any part of these windows, as this will start installation. In these cases try closing all windows using the ALT-F4 key combination, although the infection may have already taken place.

So, What happened to my friend?

We managed to resolve the problem by starting up in safe mode and manually deleting all files and registry entries corresponding to the fake antivirus. Of course we had to get this information through another computer, as the system had been completely hijacked by the intruder.

To end this post, I would just like to answer the question set out at the beginning: Yes, the threat of malware is real. We are not exaggerating it in the slightest.

===============================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer, etc. He is currently part of the interception unit and is responsible for the file and process interceptors in Panda Cloud Antivirus.

Published by Blanca Carton, July 7th, 2010

Summer is finally here and online security and the protection of your computer is something that you must take seriously.

That’s why we are reminding you of the 10 golden rules to protect your home and your computer.

1. We all love Community 2.0 and telling our friends what we are doing (Twitter, Facebook,… ). But remember: Don’t reveal any information about where you are going or how long you’ll be away during your vacation. Thieves are always lurking.
2. Keep your antivirus enabled and update it regularly.
3. Delete all unnecessary files and clear your computer history. Your computer will work better.
4. Configure your computer so that Windows updates are automatically installed.
5. Use common sense. If you receive an email message with attachments from a dubious source, delete it.
6. Be careful when surfing the Web. Avoid downloading programs from unknown websites. And even if you know the source, stay alert and take all necessary precautions before opening them.
7. Keep only those applications you really use. We all like to download and try programs that may seem attractive but… By the end of the year you usually end up with a lot of installed programs that you never use again after the first time. Remember that each of these programs slows down your PC! Keep only those programs you normally use and you’ll improve your computer’s performance.
8. Be careful when you connect removable (USB) drives to your computer. They are a real source of infection.  Use our Panda USB Vaccine and avoid any risks.
9. Do not answer any email messages that ask for your personal financial data. A bank will never request your personal data via email. Cyber-crooks use alarming message subjects and bodies like Urgent: Your account data has been stolen, in order to get an answer from you.
10. Back up the content of your system so that you minimize the risk of losing it in the event of damage or theft.

Remember that our support forum is always at your service to resolve your queries, even during your vacation.

Have a great summer!

Posted by Blanca Carton October 13, 2009

Twitter, Facebook and MySpace are highly popular social networks. Unfortunately, there are always hackers who try to exploit the success of these networks for financial gain. Such is the case of Twitter, which has become an easy target for hackers to distribute spam.

How can you protect against spam in Twitter?

• Disable the “followback auto” option. This way, you will be able to choose the people you want to follow.
• Do not access all the links you receive. Make sure you know who you are following. 
• Follow the spam profile in Twitter: http://twitter.com/spam. You can find good tips here. For example, according to a recent post,  “If you gave your login and password info to TwitViewer, we strongly suggest you change your password now. Thank you!”
• Install a complete security solution on the computer, preferably with an antivirus, firewall and phishing filter module.

If you follow these tips you will be protected against spam.

What type of spam could I have received?

The most common types are:

• Trending Subjects Spam: This spam searches for popular subjects (e.g. Michael Jackson’s new movie, store discounts, etc.) to publish similar tweets with malicious URLs.
• Tweet spam: This type of message comes from one user following another. Consequently, all the attached followers can see the tweet.
• Direct Message: This direct message comes from a follower. Therefore only the recipient can see it.

Don’t forget to follow us in Twitter @PandaTechSup and visit us at our New Tech Support Forum !!

Blanca Carton -  eknowledge Department