Malware

Main

Security

Anti-Malware
Malware
MSNBC Security
Security Fix
Security World News
Random Feeds

Archives

| Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 |

Fri, 21 Aug 09
Keep Your Identity Safe
http://pandalabs.pandasecurity.com/archive/Keep-safe-your-ID.aspx

Today, we issued a release on the proliferation of identity theft malware during times of economic crisis. Our research found that the number of users affected by malware designed for identity theft has increased 600 percent this year compared to the same time in 2008.

PandaLabs receives nearly 37,000 samples of new viruses, worms, Trojans and other types of Internet threats each day. Of these, 71 percent are Trojans, mostly aimed at stealing bank details or credit card numbers, as well as passwords for other commercial services. Between January and July 2009, PandaLabs received 11 million new threats, approximately 8 million of which were Trojans. This is in clear contrast, for example, to the average of 51 percent of new Trojans that PandaLabs received in 2007.

PandaLabs estimates that approximately three percent of all users have fallen victim to these techniques. The problem with these types of threats, unlike traditional viruses of the past, is that they are designed to go undetected, and therefore users do not realize they have become victims until it is too late. To avoid falling victim to identity theft, we recommend consumers follow these preventive measures:

1. Be aware of any kind of message that requests personal data from you. It is extremely improbable that online banks, payment platforms or social networks will ever send messages (emails, texts, etc.) to users asking for their login credentials, and much less for their credit card details.

2. Whenever you access an online bank, store, etc. always type the address directly in your browser. It is never advisable to enter these sites through links received through any channel or links returned by search engine results.

3. After having written the address in the browser, double check that the URL is really the one you have entered, and that the address has not changed into something unusual when you have clicked 'Enter.'

4. Check that the page contains the corresponding security certificates (these are generally displayed with a 'locked padlock' icon in the browser).

5. Always have a good security solution installed on your computer.

This will help detect if you are entering a spoof Web page. It is always good to have a second opinion to ensure that you have not been infected by Trojans or the like. You can get this through any reliable free online application, such as Panda ActiveScan (available at http://www.pandasecurity.com/).

6. Above all, if you have any suspicions don't enter your details and contact the corresponding bank, store or service provider that you are trying to access. Any established organization will have a customer service line you can reach directly.

7. If you are someone that frequently uses online services for shopping, banking, etc., you can also get insurance for your online activity, which will cover you in the case of fraud.

Fri, 14 Aug 09
Koobface: The saga continues
http://pandalabs.pandasecurity.com/archive/Koobface_3A00_-The-saga-continues.aspx

The gang behind the Koobface worm has been hard at work in releasing their next iteration of their worm. We've already identified over 60 active domains spreading the content through the usual method of posting a message linking to a "CooooL Video" on Facebook.

Sample malspam:

After clicking the link, the victims are automatically redirected to a Koobface controlled server, which then routes the them off to a fake codec site specifically designed for the social network they came from.

Fake codec site:

The Koobface gang uses the same old "Flash Player upgrade required" tactic to trick users into opening the executable, which then ultimately transforms their machine into a distribution point for the infection to further propagate.

Koobface connection log:

On infection, the Koobface worm immediately attempts to download three additional exectuable files.

Koobface on infection

After turning the victims computer into its next distribution point, it also attempts to monetize by installing "Total Security" Rogueware.