PandaLabs

Annual Report PandaLabs 2008

2008-12-31T11:24:00Z

We have just published the Annual report PandaLabs 2008. There, you can find statistics and information about the current situation of malware.

In advance, regarding malware in the end of last Quarterly in 2008, Trojans continue being the most relevant category of malware, at 77.49%.

Also you will find an other interesting article in this report like, rogue antimalware, spam levels, vulnerabilities, banking trojan, and others…

You can download it in English or in Spanish .

Enjoy it! And from all the team, we wish you a happy -and malware free ;-) new year!

The cybercriminals wish us a Merry Christmas, And a Happy New Year

2008-12-31T10:20:00Z

Today it is the last day of the year 2008 and all those cybercriminals who have a "great heart" want to wish us happy Christmas and a happy new year.

So they are sending us a funny Christmas postcard in flash, which you can to enjoy across the following video (~20 Mb). The file name is MerryChristmas.exe and once you run it, you only see the video... but the cybercriminals are taking the chance to steal your confidential information.

In order to do it, when you execute the file MerryChristmas.exe it will install two pieces of malware: Trj/PasswordStealer.BJ and Rootkit/HidePort.TO. These two work as a team so the rootkit is hiding the Trojan while it gets all your confidential information.

Thanks to Ulises for the video.

Sony's Home hacked

2008-12-19T12:37:00Z

It is not that someone has hacked Sony CEO's house, we are talking about the Sony Playstation Home:

Home is a virtual world for PlayStation 3 users, where they can interact with other gamers, create their own avatars, etc.

We've seen it here and this opens a totally new world for cybercrooks, as it could lead to identity theft and malware spreading. A user could even upload, download or delete any file within the Home server (!)

Critical updated of Microsoft Security Bulletin MS08-078

2008-12-18T11:01:00Z

Today is not the second Tuesday of December, so we didn’t expect that Microsoft was going to publish any security bulletins until 2009. But given the circumstances and the severity of this vulnerability, Microsoft had no choice but to release once again a bulletin, called MS08-078, out of the usual date.

If this vulnerability is exploited, it allows remote code to be executed without the user’s consent.

This vulnerability affects all the Internet Explorer versions from 5.01.

To sum up, it is a critical vulnerability as it is very easy to exploit and affects from Windows 2000 to Windows Server 2008 computers and all the versions of Internet Explorer. In fact, it can be stated that more than 6.000 URL are currently being used to exploit this vulnerability and distribute malware.

We strongly recommend you to install this patch immediately by following this link MS08-078.

In spite of the latest patches published out of the usual date, let’s hope that in the future these updates continue being released the second Tuesdays of the month.

Santa gets 0wned

2008-12-15T08:55:00Z

A couple of weeks ago, I was sent this screenshot, and it is something I want to share with you as Christmas time is so close. As you can see, Santa's Inbox is not so uncommon: you can see spam, scams, though the senders are somehow relevant people, going from God to Oprah:

AVAR 2008

2008-12-11T16:59:00Z

The anual conference organized by the Association of antiVirus Researchers (AVAR) is taking place this week in New Delhi, India. Even though some people cancelled the trip due to the recent terrorist attack in Mumbai, there are still a number of great professionals from all around the world. As this is the first time that AVAR takes place in India, it is also a pleasure to meet some really skilled people from this country that we do not usually have the chance to meet.

The presentations are being really great until now, which are mainly related to the fight against malware and cybercrime. These are some of which we have already enjoyed:

Fighting International Organized Online Crime
Understanding and teaching Bots and Botnets
Exploiting Anti-virtualization Techniques to Prevent Running of Malware
Propagation of Malware Through Compromised Websites: Attack Trends and Countermeasures

And we still have many of them to enjoy, those to which I'm specially looking forward are:

Darwin inside the machines: malware evolution and the consequences for computer security
Use of Statistic Methods for Fighting Malware
Cyber Terrorism

In the picture you can see our colleague Mikko during his keynote:

Microsoft Updates for December

2008-12-10T13:03:00Z

In this last month Microsoft have been published eight new security bulletins as part of the usual launch of Microsoft Updates, those security updates fixed different vulnerabilities affecting Windows, Office, Internet Explorer, Visual Basic Active Controls and Windows Media Player.

According to Microsoft's classification six of the bulletins are rated as "critical" and the other two as "important". So we recommend you to update your system as soon as possible.

You can find more information about those security bulletins by clicking the following links:

MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution.

MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution.

MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution.

MS08-073: Cumulative Security Update for Internet Explorer.

MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution.

MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution.

MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution.

MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege.

Prices are higher now!

2008-12-10T10:35:00Z

A new rogueware site by Pandora Software appeared today. For those of you who do not know, Pandora Software is one of the rogue affiliate systems that produce the software for resellers to distribute. You can see more information on how rogueware affiliate systems work in our related post entitled, “Anatomy of a Rogue Security Campaign.“ The domains involved are registered at INTERNET.BS and we have noticed that being the trend especially since ICANN yanked EstDomains in November. The MS AntiMalware rogue download is not available at the moment of our post but the merchant links are active and pointing to a shopping cart selling a “6 month license” for $37.95.

Payment Gateway whois

Site: vsoftstore.com

Registrar: INTERNET.BS CORP.

IP Address: 209.8.25.244

IP Location: - District Of Columbia - Washington - Beyond The Network America Inc

My friend was a worm

2008-12-09T16:24:00Z

Social networks have been an increasing way to distribute malware in 2008. And, according to our predictions, this will go on in 2009.

In recent days we have seen a case with a new sample, W32/Boface.J.worm, very similar to what we discovered a few months ago.

A colleague from work phoned us saying that he had received a very suspicious email from a friend in facebook.

When he contacted his friend to know if it has been him, he followed the link included in the e-mail and he discovered that it was the typical bait:The link makes you think you're going to watch a video, but before asked you to install a video codec. This complement is,
in fact, a copy of the worm.

At the same time, the friend of our colleague said that he did not send anything and moreover Facebook had blocked his account. He told us that he received this mail:

Facebook has been fast this time and has blocked his account and gives somes tips to him.

Thanks to Alberto for this information.

From Russia with Love

2008-12-04T10:22:00Z

This is not the plot of one of the famous films of the James Bond saga, although some scam attempts deserve an Oscar. J

You have probably heard of the saying “unlucky at cards, lucky in love” and as I have never won a miserable cent in the lottery, I must be destined to live through something special. It seems that now I have become a latin lover, as in less than one month 4 women wish to meet me.

Svetlana, Irina, Hasmik, Tatyana, all of them, come from countries of the former Soviet Union, but nobody said it was going to be easy. You may think that distance is a problem but neither they nor I see distance as a problem. Moreover, they are very interested in coming to my country to know each other in a “deeper” way.

Svetlana

Irina Hasmik Tatyana

After exchanging several emails, I’m starting to become fond of them, I’m looking forward to meeting them soon…but it seems that destiny hinders me again…Svetlana has financial difficulties to pay the trip.

990 USD??? Well, of course that I love you, but for that price I can buy a new laptop …Moreover, I was very disappointed when I discovered that she was flirting via email with a friend of mine, what a cheeky girl! So, I don’t trust her any more.

Definitely love in distance is not made for me, I must be cursed. Anyway, let’s see if I’m luckier in the lottery. Well, I’m having a look at my inbox and I’ve received an email saying that I’ve won the lottery! Don´t you know that every cloud has a silver lining?