La Piazza

Today February 14, we would like to congratulate not only lovers all over the world for St. Valentine’s Day but also the Spanish Police who, in collaboration with Europol and Interpol, have dismantled a cybercriminal band responsible for the so-called Police Virus. You can see the full story in the post from our fellow PandaLabs colleagues  echoing this important achievement.

We also take the opportunity to remind you of the steps to eliminate and, not least, apply prevention measures against this type of virus:

• How to disinfect the Police Virus Trj/Ransom.ab 

  And to prevent future infections, remember:

• Avoid browsing unsafe pages.
  How? By using virtual browsers as Panda Safe Browser. This type of browsing creates what is called a virtual environment completely isolated from the system and the other applications on your PC, letting you browse the Internet securely. It is as if your Internet session took place outside your computer. This way, your system will be safe from possible Internet threats.
• Enable automatic updates for your operating system, in the case of Windows, Windows update.
  If not active, you can use the Vulnerability detection analysis featured in any of the 2013 Panda products.
• Upgrade your programs as soon as possible.
  Do not rely the security of your computer security programs only. Note that many of these viruses mutate easily and very quickly. Therefore, it is very important to close the gates, which are the security holes they exploit.
• Remove, if not required, applications such as Java applets, Flash animations.
  Otherwise, keep them updated at all times.
• We are sure you already know, but we don’t get tired of repeating it: Never open mails from unknown senders as they may contain virus.

And remember, if you have any problems with the disinfection, please Contact TechSupport. We know how to help you.

The Police Virus continues spreading. This type of virus, a trojan specifically, usually exploits system or software vulnerabilities. Therefore, we would like to remind all our readers basic security measures to prevent future attacks, as published in the blog post How to disinfect the Police Virus.

• Avoid browsing unsafe pages
  How? By using virtual browsers as Panda Safe Browser. This type of browsing creates what is called a virtual environment completely isolated from the system and the other applications on your PC, letting you browse the Internet securely. It is as if your Internet session took place outside your computer. This way, your system will be safe from possible Internet threats.

• Enable automatic updates for your operating system, in the case of Windows, Windows update. If not active, you can use the Vulnerability detection analysis featured in any of the 2013 Panda products.

• Upgrade your programs as soon as possible
  Do not rely the security of your computer security programs only. Note that many of these viruses mutate easily and very quickly. Therefore, it is very important to close the gates, which are the security holes they exploit.

• Remove, if not required, applications such as Java applets, Flash animations. Otherwise, keep them updated at all times.

• We are sure you already know, but we don’t get tired of repeating it: Never open mails from unknown senders as they may contain virus.

Now, if you haven’t taken into account these security measures and you have already been infected, we recommend cleaning your computer with the free Panda RescueDisk tool.

And remember, if you have any problems with the disinfection, please Contact TechSupport. We know how to help you.

Posted by Blanca Carton, September 2011

As the holiday season is coming to a close, it’s back to school time again. It’s time to buy books, pick up supplies, buy new clothes, etc. It’s so crazy and so expensive!

And despite we all know that we have the option to buy all these items online at the same price or at a lower price than at a physical store, many of us are still reluctant to do so for fear of being duped on the Internet. Even thought it is true that online shopping is sometimes subject to fraud, it is just enough to follow some basic tips to protect yourself when doing your shopping online.

What to bear in mind when shopping online?

1. Only visit trusted sites. Look for pages with a professional appearance, pages from a well-known brand, sites displaying a customer service telephone number… It is very important to know who you are buying from.
2. Be wary of prize-drawings and ridiculously good offers. Read the conditions of each promotion carefully to avoid nasty surprises.
3. Pay for your purchases securely. You don’t necessarily need to always pay by credit card. There are different means of payment and, whenever possible, we recommend that you use cash on delivery to avoid surprises. If this is not possible and you choose to pay by credit card, remember that you will have to provide more information, and therefore you must be sure that the transaction will be completely safe.
4. Make sure you are on a HTTPS page:
   Web addresses normally start with ‘HTTP’, for example:
   http://www.pandasecurity.com/homeusers/downloads
   However, the pages you make online payments on must be more secure and they should start with ‘HTTPS’, for example:
   https://shop.pandasecurity.com
5. Keep an antivirus installed and update it frequently. This is your barrier against spam and phishing. Enter your passwords safely using a virtual keyboard.Note: if you are not sure about something during the installation or update processes, don’t leave it for later. Look for the appropriate solution in the support forums available to you for any queries you might have.
6. It is advisable to have a bank account with a credit card associated with it for making online purchases. This account will contain just the money you need for this purpose, making monitoring easier.
7. Keep product warranties in a safe place. Besides handling the electronic aspect of online purchases, e-businesses must offer straightforward warranties on products bought. The Web page must contain the following information:
   • Means of payment
   • Delivery terms
   • Product warranties
   • Returns
8. If you find out that the product you receive is faulty, is different from the one you purchased or the delivery terms are not fulfilled, file a complaint through the company’s Customer Service Dept.
9. Finally, if you don’t receive any answers and you suspect there could be some kind of fraud, report it as soon as possible.

Follow these simple tips and you won’t have any surprises when it comes to doing your shopping on the Internet.

Published by Javier Guerrero, December 2010

The protagonist of this new chapter in the “Malware for Beginners” series is very significant as, even though this type of malware was not the first one to appear, it was the reason for the ‘boom’ of the viral phenomenon and became the epitome of what is today known as malware.

In fact, we still use today the term “virus” to refer to any type of malware in general, when reality shows that, except for the occasional surge, the number of viruses in circulation is much lower than that of Trojans, for example.

But, what is a virus?

Well, just as any other type of malware, a virus is a small program that “infects” other files. The infection process consists of introducing its code in the target file (normally an executable file) so that, from then on, the infected file will carry the virus and become a new source of infection.

It is due to this parasitic behavior that this type of file was compared to biological viruses. Computer viruses differ from other malware specimens like Trojans or worms in that the latter do not need a host to spread. Also, this characteristic makes them more complex to develop as a computer virus must know the internal structure of the file it tries to infect in order to be able to install on it.

These two aspects may explain why there are so few viruses currently in circulation compared to other malware strains. Also:

• Any error in the infection process could lead to file corruption and lack of usability.

• Finally, given that viruses affect all executable files on the system and any computer with the Windows operating system and the most popular applications installed may contain thousands of executable files, virus infections can be really spectacular and visible.

Obviously, this goes against the current strategy followed by malware writers, who now focus on silent attacks in order to profit financially from their creations.

And as always, don’t forget that to protect yourself it is essential to have an antivirus program installed and up-to-date with an anti-spam filter. Any Panda Security solution will keep your computer free from viruses and other malware.

Javier Guerrero Díaz
R+D – Development Dept.
Panda Security

===========================================================================

Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer. He currently works in the Interception Unit and is responsible for the Cloud AV file and process interceptors.

Posted by Javier Guerrero, September 8th, 2010

Sometimes when writing my posts, I get the urge to forget about malware for a while and talk about the other “side”: antivirus software. Specifically, I like to stress the difficulty involved in certain aspects of developing anti-malware products; I think it’s an interesting subject, and one that is not widely understood.

False positives

And so now, I’d like to talk about a problem that affects all malware detection software: false positives… So what are they?

A false positive occurs when an antivirus erroneously identifies a legitimate file or process as malware. This can happen with signature-based scans as well as behavior analysis.

An antivirus identifies malware basically using one of two methods: signature-based scanning or analysis of behavior. In the first instance, the scanner looks for a specific pattern of bytes, which has been previously catalogued as malicious, or at least suspicious, and may correspond to a sequence of malware commands, a univocal value that identifies the file (known as a hash) or other values that may be used for identification.

In the case of behavior analysis, actions are detected which, although on their own may not be malicious, when they are correlated with others represent a symptom of malicious activity.

The problem is that neither of these methods is infallible: the hash of a file is useless, for example, against polymorphic viruses, or expackers. Moreover, a sequence of instructions classified as suspicious could easily be contained in a legitimate file, as after all, we are talking about executable code.

The same thing occurs with behavior analysis: The process that generates an executable file, which later writes a registry entry referring to the executable, could be an intruder inserting a rootkit on the system, but also the installer of a bona fide application.

The consequences of false positives can be serious: If an antivirus erroneously deletes a file which is vital to the functioning of the computer, the system could be rendered unusable, and this does actually happen, with grave repercussions.

Fortunately, false positives are not frequent (particularly in relation to the immense amount of files that anti-viruses have to scan) and security companies implement strict quality control to avoid them.

In any event, as I mentioned in the beginning, all developers suffer from this problem, which, I believe, demonstrates how challenging it is to develop and anti-malware product.

Edited by Javier Guerrero, March 2010

Some months ago I had the opportunity, in my free time and on my own behalf, to give an informal talk about malware to students at the secondary school where my children study.

The idea was to briefly summarize the main threats to which computer users are exposed every day (worms, Trojans, spyware, etc.), including a practical demonstration: infecting a computer using a contaminated pendrive, so the students would see how easily one can be affected by malware.

It was an interesting experience, although somewhat tiring (it’s not easy to keep the attention of 120 12 to 13-year-olds for more than an hour), and some interesting things came out of it:

• When I showed examples of screens displayed by worms that affect Messenger, many of the kids said “I see this message a lot in Messenger, and often just click OK”.
• Almost everybody there complained of continuous pop-ups, typical of adware.
• Many of them had fake antiviruses or rogueware on their systems.
• Very few of them saw anything wrong with opening emails from unknown senders, with subjects such as “look at my new photos”, etc.

It’s possible to draw several conclusions from this, but perhaps the most obvious, at least for me, is that although children have grown up with technology and computers and are comfortable using them, their awareness of the threat of malware is practically nil.

This may seem like an over-generalization, yet I believe it demonstrates the unquestionable fact that there is still much ignorance about IT security and malware among consumers, and particularly among adolescents.

Although initiatives such as the “Kids on the Web” campaign (sponsored by Panda Security) are a step in the right direction, it is evident that we need to continue working in this fashion to greatly improve awareness about malware.

Javier Guerrero works in Panda as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection, the shield or the Cloud AV interception layer. He is currently part of the interception unit and is responsible for the file and process interceptors in Cloud AV.

Javier Guerrero Díaz
. R&D – Development

Posted by Leyre Velasco, November 3rd, 2009

Do I have a virus? Am I protected with my current antivirus? Can I post in the Panda Forum? How can I activate my product?
All the answers to these questions and many more can be found in Panda antivirus Technical Support website. Resolve yourself your query any time of the day and from anywhere in the world.
Do you still not know it? Access now the Technical Support page and see it for yourself!! At the product level, Panda offers an extensive Knowledge Base which includes the most searched solutions tailored for you.

From the free antivirus option, you will be able to scan your computer completely free through an online scanner, detecting malware infections, such as threats, rootkits, trojans, identity theft, etc. Besides, from the Panda Support page, you will be able to access the Customer Service section, containing the most frequently asked questions about modifying your customer details, a password reminder wizard and so on.

Last but not least, we would like to highlight the Support Forum, a community meeting point where you can discuss technical and off-topic issues, make suggestions, share your experiences about the Panda products and of course, find solutions to your questions. Why don’t you join in? Simply register and take an active part in the forum!!

How else can we improve Support? Share your suggestions with us! We would be delighted to hear from you!

Posted by Miguel Corral Rivas October 01, 2009

We are all concerned, to one extent or another, about the new swine flu virus which is generating widespread alarm, and malware creators are wasting no time in exploiting this concern to spread malicious programs.

In this case they are using a Trojan, propagated massively via emails with messages about swine flu, to steal confidential information.

1. These Trojans enter computers when users open a PowerPoint presentation (“Pos.exe”) claiming to expose a ‘great secret about the financial conspiracy involving pharmaceutical laboratories’.
2. On running this attachment to emails, the Trojan is downloaded to the computer without the user’s knowledge, while the presentation is displayed on screen.
3. This backdoor Trojan, called WinVNC.A, is designed specifically to steal confidential information from users and send it to the creator of the malware.

Panda Security advises users to ensure that their antivirus is kept up-to-date and not to run attachments from dubious sources.

Similarly, for those people who do catch swine flu or have to spend a few days at home as a precaution, these recommendations are just as important. 

Of course in this case, we hope you get well soon!!

Miguel Corral Rivas -  Expert Technician

Posted by Blanca

Twitter, Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn.

Data posted on the sites – name, date of birth, address, job details, email and phone numbers – is a windfall for hackers.

A vicious virus Koobface – “koob” being “book” in reverse – has affected thousands of Facebook and Twitter users since August 2008, said Asier Martinez, our security specialist. “Its spread has been very significant and it has been detected in 4,000 different variants,” he said.

The virus hijacks the accounts of social networking site users and sends messages steering friends to hostile sites containing malware, a malicious software often designed to infiltrate a computer system for illicit purposes.

In one of its variants, Koobface sends the victim a warning that its Flash player is outdated along with an invitation to download a new version, which is in fact the virus.

Remenber that malware can be used to steal bank account data or credit card information once installed on a personal computer.

Facebook has sought to resist attacks by Koobface and similar viruses by blocking links to hostile sites and shutting down accounts from users that show signs of infection, such as sending too many messages.  You also must be very careful with people who ask to join your friends list adding that hackers often sent requests.

Another danger of social networking sites are:

• The popular quizzes.
• Horoscopes and games made available for free to users which can sometimes be used to hide links to hostile sites.
• Birthday greetings as well as messages sent at Christmas and other holidays may also appear to come from friends when in fact they are linked directly to sites that try to convince would-be victims to reveal personal information like passwords or bank numbers.

The number of viruses detected in recent years has exploded while the profile of cyber-criminals has changed. Before it was very savvy teenagers who wanted to show off their computer skills. Now you don’t really need to know much about information technology to be a hacker, all the tools have already been created.

Now, why not sharing with me some of your experiences?

Posted by Ana

Please, don’t feel offended! An Irish friend just sent it to me and I thought it was a funny way to say bye bye, I’m going on holiday! See you back in a few days! In the meantime, keep enjoying our forum.