La Piazza

Published by Blanca Carton, May 2011

Osama Bin Laden’s death is an opportunity for cyber-criminals to very rapidly spread viruses through email messages including false images of him. They use latest news as the recent earthquake and tsunami in Japan as bait for their target. Cyber-criminals created the very same day web sites, emails, advertisement pop-ups, etc. whereby they tried to get funds to help the victims of the disaster.

Up to now, there are no official photos or videos of the body of Bin Laden, so, if you get messages inviting you to view them, don´t trust them and be careful! In some cases, when you open these messages, you will be asked to give your personal or bank details or you will be warned that your PC is infected and encourage you to download a fake antivirus. This fake antivirus will then contain a trojan or worm which will install on your computer, allowing information theft.

This increase in trojan attacks taking advantage of latest news is well reflected on the first semester 2011 PandaLabs* Virus Report.

His spokesman Luis Corrons indicates that: “These first three months have witnessed some particularly intense virus activity and there have been a number of serious incidents during this period, such as: the largest single attack against Android cell phones or intensive use of Facebook to distribute malware.

There has been a new surge in the number of IT threats in circulation: in the first three months of the year, there was a daily average of 73,000 new samples of malware.

Once again, over this quarter Trojans have accounted for most new threats, some 70 percent of all new malware created. Yet there is logic to this, as these types of threats are favored by organized criminals for stealing bank details with which to perpetrate fraud or steal directly from victims’ accounts.

Finally, remember that the best defense against all types of cyber-attacks is to maintain good practises regarding your personal data when surfing the Internet, access trusted sources and to have an up-to-date antivirus.

Why not try one of our free antivirus programs. They offer the best protection against viruses and software designed to steal your information.  If you are not sure about something during the installation or update processes, don’t leave it for later. Look for the appropriate solution in the support forums available to you for any queries you might have.

===========================================================================

*PandaLabs: Panda Security´s detection and disinfection laboratory.

Edited by Javier Guerrero, March 2010

One of the things users most often complain about regarding antivirus solutions, is their resource consumption and the system slowdowns they cause once they are installed. In this article, we will offer you a straightforward and reasonable explanation as to why this occurs.

A virus -or any other malware- is an element that launches malicious actions on operating systems. These potentially dangerous actions are diverse, and can range from infecting a file (operations on files) to running a Trojan (process operations) or installing a worm (registry operations). We won’t even mention network operations, which would take up an entire article on their own.

On the other hand, an antivirus is a security solution that adds additional functionality to the operating system in order to protect it from such malicious operations. Consequently, the product must install a series of components on different parts of the system in order to detect the actions in real time. This is known as an ‘on-access’ scanner.

Many of these events are ruled out and others are checked using several scanning techniques to determine whether they are (or could be, which is an important point) caused by malware. However, in order to have “on-access” protection, all actions must be intercepted in real time.

Please note the words “in real time” have been underlined in the previous paragraph. The importance of this will be revealed as we go into figures and data obtained from a small test we have conducted, which will provide further understanding of performance problems:

• On a computer running a recently installed Windows 7 operating system with no third-party applications installed, in a 90-second period during which we only ran the Calculator and Paint, 481 process operations, 26,012 operations on files and 45,885 registry operations took place. These 72,378 operations must be checked in real time and denied if they are considered to be malicious.

• In order to determine whether a file is infected, each file must be checked in real time against a large signature file database made up of hundreds of thousands of virus definitions.

The problem seems to be clearer, doesn’t it?

But there is more: antivirus solutions must also protect themselves against common malware attacks, which can reduce or block their functionality. This means they need to carry out additional controls, which can once again cause the system slowdowns.

Software performance is optimized to the maximum. However, as long as there are “on-access” scans, real-time processing is inevitable and will affect system performance considerably, reasonably, or transparently, depending on the type of product installed (the effects of a simple scanner and of a complete suite including a firewall, an antivirus, self-protection, behavior scans, parental control, etc. are not the same). However, there will always be a penalty.

In the end it all boils down to reaching a reasonable balance between performance and security, and this, is, has been and will be one of the biggest challenges of antivirus solutions, particularly considering that security solutions are always at a disadvantage compared to malware… but we will explain this in another article.

Note: in this article I am talking about the “classic” antivirus analysis approach. The new Cloud analysis approach it’s a different thing. For more information, please check this post at our Panda Research Blog: http://research.pandasecurity.com/arguments-against-cloud-based-antivirus/

Javier Guerrero Diaz
Development department – R&D

Edited by Javier Guerrero, March 2010

Some months ago I had the opportunity, in my free time and on my own behalf, to give an informal talk about malware to students at the secondary school where my children study.

The idea was to briefly summarize the main threats to which computer users are exposed every day (worms, Trojans, spyware, etc.), including a practical demonstration: infecting a computer using a contaminated pendrive, so the students would see how easily one can be affected by malware.

It was an interesting experience, although somewhat tiring (it’s not easy to keep the attention of 120 12 to 13-year-olds for more than an hour), and some interesting things came out of it:

• When I showed examples of screens displayed by worms that affect Messenger, many of the kids said “I see this message a lot in Messenger, and often just click OK”.
• Almost everybody there complained of continuous pop-ups, typical of adware.
• Many of them had fake antiviruses or rogueware on their systems.
• Very few of them saw anything wrong with opening emails from unknown senders, with subjects such as “look at my new photos”, etc.

It’s possible to draw several conclusions from this, but perhaps the most obvious, at least for me, is that although children have grown up with technology and computers and are comfortable using them, their awareness of the threat of malware is practically nil.

This may seem like an over-generalization, yet I believe it demonstrates the unquestionable fact that there is still much ignorance about IT security and malware among consumers, and particularly among adolescents.

Although initiatives such as the “Kids on the Web” campaign (sponsored by Panda Security) are a step in the right direction, it is evident that we need to continue working in this fashion to greatly improve awareness about malware.

Javier Guerrero works in Panda as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection, the shield or the Cloud AV interception layer. He is currently part of the interception unit and is responsible for the file and process interceptors in Cloud AV.

Javier Guerrero Díaz
. R&D – Development

Posted by Alvaro Fradua

I have read a very interesting article in the genbeta blog which caught my attention and I would like to share it with you. Apparently, last week, “ a joke which affected Apple’s IPhone mobile devices spread. Now, this wasn’t really dangerous as it only changed the background image replacing it with pop singer Rick Astley’s. However, the security company Intego has noticed that a new sample of dangerous malware had been spotted.

This new type of malware was first detected in New Zealand, and its main risk involves customers using the IPhone to access their account at ING bank. The trojan replaces the original website in order to be able to steal access data and then manipulate the accounts. It also takes data about the phone, and sends it to a Lithuanian server changing the default password from “alpine” to “ohshit”.

Until now, three worms involving the IPhone have been detected, all of them affecting IPhones which had been jailbroken by installing the SSH package. In all cases, this type of infection could be prevented by changing the default password of the mobile devices.”

Quoted from genbeta.com 

Thanks for noticing!!

Posted by Miguel Corral Rivas October 01, 2009

We are all concerned, to one extent or another, about the new swine flu virus which is generating widespread alarm, and malware creators are wasting no time in exploiting this concern to spread malicious programs.

In this case they are using a Trojan, propagated massively via emails with messages about swine flu, to steal confidential information.

1. These Trojans enter computers when users open a PowerPoint presentation (“Pos.exe”) claiming to expose a ‘great secret about the financial conspiracy involving pharmaceutical laboratories’.
2. On running this attachment to emails, the Trojan is downloaded to the computer without the user’s knowledge, while the presentation is displayed on screen.
3. This backdoor Trojan, called WinVNC.A, is designed specifically to steal confidential information from users and send it to the creator of the malware.

Panda Security advises users to ensure that their antivirus is kept up-to-date and not to run attachments from dubious sources.

Similarly, for those people who do catch swine flu or have to spend a few days at home as a precaution, these recommendations are just as important. 

Of course in this case, we hope you get well soon!!

Miguel Corral Rivas -  Expert Technician