Annual Report PandaLabs 2008

Posted by Xabier Francisco at  31 December 08 12:24    

We have just published the Annual report PandaLabs 2008. There, you can find statistics and information about the current situation of malware.

In advance, regarding malware in the end of last Quarterly in 2008, Trojans continue being the most relevant category of malware, at 77.49%.

Q4

Also you will find an other interesting article in this report like, rogue antimalware, spam levels, vulnerabilities, banking trojan, and others…

You can download it in English or in Spanish .

ENG     ESP

Enjoy it! And from all the team, we wish you a happy -and malware free ;-) new year!

 

Category: ,


The cybercriminals wish us a Merry Christmas, And a Happy New Year

Posted by Oscar Cavada at  31 December 08 11:20    

Today it is the last day of the year 2008 and all those cybercriminals who have a "great heart" want to wish us happy Christmas and a happy new year.

So they are sending us a funny Christmas postcard in flash, which you can to enjoy across the following video (~20 Mb). The file name is MerryChristmas.exe and once you run it, you only see the video... but the cybercriminals are taking the chance to steal your confidential information.

In order to do it, when you execute the file MerryChristmas.exe it will install two pieces of malware: Trj/PasswordStealer.BJ and Rootkit/HidePort.TO. These two work as a team so the rootkit is hiding the Trojan while it gets all your confidential information.

Thanks to Ulises for the video.


Sony's Home hacked

Posted by Luis Corrons at  19 December 08 01:37    

It is not that someone has hacked Sony CEO's house, we are talking about the Sony Playstation Home:

Home is a virtual world for PlayStation 3 users, where they can interact with other gamers, create their own avatars, etc.

We've seen it here and this opens a totally new world for cybercrooks, as it could lead to identity theft and malware spreading. A user could even upload, download or delete any file within the Home server (!)

 

Category:


Critical updated of Microsoft Security Bulletin MS08-078

Posted by Oscar Cavada at  18 December 08 12:01    

Today is not the second Tuesday of December, so we didn’t expect that Microsoft was going to publish any security bulletins until 2009. But given the circumstances and the severity of this vulnerability, Microsoft had no choice but to release once again a bulletin, called MS08-078, out of the usual date.

 

If this vulnerability is exploited, it allows remote code to be executed without the user’s consent.

This vulnerability affects all the Internet Explorer versions from 5.01.

 

 

To sum up, it is a critical vulnerability as it is very easy to exploit and affects from Windows 2000 to Windows Server 2008 computers and all the versions of Internet Explorer. In fact, it can be stated that more than 6.000 URL are currently being used to exploit this vulnerability and distribute malware.

We strongly recommend you to install this patch immediately by following this link MS08-078.

In spite of the latest patches published out of the usual date, let’s hope that in the future these updates continue being released the second Tuesdays of the month.


Santa gets 0wned

Posted by Luis Corrons at  15 December 08 09:55    

A couple of weeks ago, I was sent this screenshot, and it is something I want to share with you as Christmas time is so close. As you can see, Santa's Inbox is not so uncommon: you can see spam, scams, though the senders are somehow relevant people, going from God to Oprah:

Santa's Inbox

Category:


AVAR 2008

Posted by Luis Corrons at  11 December 08 05:59    

The anual conference organized by the Association of antiVirus Researchers (AVAR) is taking place this week in New Delhi, India. Even though some people cancelled the trip due to the recent terrorist attack in Mumbai, there are still a number of great professionals from all around the world. As this is the first time that AVAR takes place in India, it is also a pleasure to meet some really skilled people from this country that we do not usually have the chance to meet.

The presentations are being really great until now, which are mainly related to the fight against malware and cybercrime. These are some of which we have already enjoyed:

  • Fighting International Organized Online Crime
  • Understanding and teaching Bots and Botnets
  • Exploiting Anti-virtualization Techniques to Prevent Running of Malware
  • Propagation of Malware Through Compromised Websites: Attack Trends and Countermeasures

And we still have many of them to enjoy, those to which I'm specially looking forward are:

  • Darwin inside the machines: malware evolution and the consequences for computer security
  • Use of Statistic Methods for Fighting Malware
  • Cyber Terrorism

In the picture you can see our colleague Mikko during his keynote:


Microsoft Updates for December

Posted by Xabier Francisco at  10 December 08 02:03    

In this last month Microsoft have been published eight new security bulletins as part of the usual launch of Microsoft Updates, those security updates fixed different vulnerabilities affecting Windows, Office, Internet Explorer, Visual Basic Active Controls and Windows Media Player.

According to Microsoft's classification six of the bulletins are rated as "critical" and the other two as "important". So we recommend you to update your system as soon as possible.

You can find more information about those security bulletins by clicking the following links:

MS08-070: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution.

MS08-071: Vulnerabilities in GDI Could Allow Remote Code Execution.

MS08-072: Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution.

MS08-073: Cumulative Security Update for Internet Explorer.

MS08-074: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution.

MS08-075: Vulnerabilities in Windows Search Could Allow Remote Code Execution.

MS08-076: Vulnerabilities in Windows Media Components Could Allow Remote Code Execution.

MS08-077: Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege.


Prices are higher now!

Posted by Sean-Paul Correll at  10 December 08 11:35    

 

 

 

A new rogueware site by Pandora Software appeared today. For those of you who do not know, Pandora Software is one of the rogue affiliate systems that produce the software for resellers to distribute.  You can see more information on how rogueware affiliate systems work in our related post entitled, “Anatomy of a Rogue Security Campaign.“  The domains involved are registered at INTERNET.BS and we have noticed that being the trend especially since ICANN yanked EstDomains in November. The MS AntiMalware rogue download is not available at the moment of our post but the merchant links are active and pointing to a shopping cart selling a “6 month license” for $37.95. 

 

Payment Gateway whois

Site: vsoftstore.com

Registrar: INTERNET.BS CORP.

IP Address: 209.8.25.244

IP Location: - District Of Columbia - Washington - Beyond The Network America Inc


My friend was a worm

Posted by Xabier Francisco at  09 December 08 05:24    

Social networks have been an increasing way to distribute malware in 2008. And, according to our predictions, this will go on in 2009.

In recent days we have seen a case with a new sample, W32/Boface.J.worm, very similar to what we discovered a few months ago.
 
A colleague from work phoned us saying that he had received a very suspicious email from a friend in facebook.

Email

When he contacted his friend to know if it has been him, he followed the link included in the e-mail and he discovered that it was the typical bait:The link makes you think you're going to watch a video, but before asked you to install a video codec. This complement is,
in fact, a copy of the worm. 

FakeYoutube 

At the same time, the friend of our colleague said that he did not send anything and moreover Facebook had blocked his account. He told us that he received this mail: 

Facebook 

Facebook has been fast this time and has blocked his account and gives somes tips to him.
 
Thanks to Alberto for this information.


From Russia with Love

Posted by Xabier Francisco at  04 December 08 11:22    

This is not the plot of one of the famous films of the James Bond saga, although some scam attempts deserve an Oscar. J

You have probably heard of the saying “unlucky at cards, lucky in love” and as I have never won a miserable cent in the lottery, I must be destined to live through something special. It seems that now I have become a latin lover, as in less than one month 4 women wish to meet me.

Svetlana, Irina, Hasmik, Tatyana, all of them, come from countries of the former Soviet Union, but nobody said it was going to be easy. You may think that distance is a problem but neither they nor I see distance as a problem. Moreover, they are very interested in coming to my country to know each other in a “deeper” way.

Svetlana

Svetlana

                Irina                              Hasmik                                       Tatyana

Irina_Hasmik_Tatyana

After exchanging several emails, I’m starting to become fond of them, I’m looking forward to meeting them soon…but it seems that destiny hinders me again…Svetlana has financial difficulties to pay the trip.

990 USD??? Well, of course that I love you, but for that price I can buy a new laptop …Moreover, I was very disappointed when I discovered that she was flirting via email with a friend of mine, what a cheeky girl! So, I don’t trust her any more.

Email

 DNI 

Definitely love in distance is not made for me, I must be cursed. Anyway, let’s see if I’m luckier in the lottery. Well, I’m having a look at my inbox and I’ve received an email saying that I’ve won the lottery! Don´t you know that every cloud has a silver lining?
 

Category:


More Posts Next page »