Panda Security USA Technology BlogPanda Security USA Technology BlogTechnology insights from Panda Security USA on today's most common Internet threats.
Articles:
1, 2
Articles
Content Migration
2008-09-25 19:57:00 Everyone, The content of this blog will be moving to http://pandalabs.pandasecurity.com. Therefore, you can find new and interesting posts at http://pandalabs.pandasecurity.com or www.pandalabs.com for this point on. More About: Content
Fake YouTube Page Creator - The Risk
2008-09-15 19:52:00 Last week PandaLabs discovered a new tool for creating fake YouTube video pages as a way of deceiving users into installing malware. The vector for infection is similar to many fake codec based malware attacks seen in recent weeks (CNN, MSNBC, etc). The flexibility of this tool allows anyone to direct the fake Adobe Flash update error to any malicious ... More About: Youtube , Page , Creator , Fake , Risk
Banks are not the only target for phishing
2008-09-12 19:30:00 It’s not just banks that hackers deploy phishing attacks against; it has been seen that hackers also deploy attacks against other payment processing services such as MoneyGram, Equifax, Western Union, etc as a way of gaining profit through harvesting personal details. More About: Banks , Phishing , Target
New Statement of Fees Malspam
2008-09-11 21:22:00 The Statement of Fees malspam campaign continues today with additional messages containing new Trojans. This round is distributing the W32/Autorun.AFC.worm malware which connects and downloads a file called lspr.exe.
Attack of the Southwest Airlines Malware
2008-09-11 21:01:00 There is another round of spam messages claiming to be a ticket receipt for Southwest Airlines . The message attempts to entice the user into opening an attachment containing the electronic ticket which is actually malware classified as W32/Autorun.AEL.worm. The ploy here is the note that the ticket reservation system has changed and that an account has ... More About: Malware , Southwest Airlines , Attack
Lloyds TSB Scam: Updated Terms and Conditions
2008-09-09 19:48:00 Recently we have noticed several email messages claiming to come from Lloyds TSB a London, UK based financial entity informing customers that they are required to login and accept an updated terms and conditions, otherwise their account will be suspended. The messages appear to be coming from noreply@illoydstsb.com; however, when further analysis is done on ... More About: Terms
Fake Antimalware Applications
2008-09-08 22:28:00 As we have been monitoring the threat landscape during the last couple of weeks we have noticed an increase in fake anti-malware applications being used to defraud users. While these applications themselves do not provide any level of security for the user in terms of detecting and removing malware; the application itself is designed to trick the user into ... More About: Applications , Fake
New Celebrity Spam ? Fake Security Product Installed (AV XP 2008)
2008-08-28 18:27:00 This morning the Celebrity spam campaign continued with a few new fake video codec sites delivering a downloader Trojan designed to install a fake security product known as AntiVirus XP 2008. It’s apparent now that a number of these spam campaigns are only interested solely in distributing this one particular fake security product. The file downloaded is called video99.exe ... More About: Security , Spam , Product , Fake
Fake Windows XP Vista Update ? Installs AV XP 2008
2008-08-28 18:20:00 This morning the AV XP 2008 spammers were at it again with another round of spam messages claiming to offer an update to Microsoft Windows Vista (we have seen similar attacks before offering false updates). However, when the user clicks the link he/she is directed to a malicious .swf that will download the file install.exe which essentially ... More About: Update , Fake
Statement of Fees Malspam Campaign (AV XP 2008)
2008-08-27 22:58:00 A couple of minutes ago another round of spam messages appeared claiming to provide information concerning a statement of fees recently posted (inferring to banking account fees). The message contained an attachment with a fake Microsoft Word Document which actually is an executable (Fees -2008_2009.doc.exe) that installs a Trojan Downloader. Further analysis indicates that the Trojan when ... More About: Campaign
New Fake Video Site distributing AV XP 2008
2008-08-27 19:05:00 Spammers continue their efforts today with another round of celebrity oriented spam designed to entice users into watching a non-existent video. The fake video site exhibits the same behavior found in the CNN and MSNBC spam attacks covered earlier this month (i.e. a popup message indicates that the ActiveX movie control is out of date and the user is ... More About: Video , Site , Fake
Fake Nero Anti-Virus Pro 2009 (AV XP 2008)
2008-08-24 23:13:00 This morning we detected another spam campaign with the aim of enticing users into downloading and executing a file they believe is a 6 month trial of a product called “Anti-Virus Nero Advanced Pro 2009“. When analyzed further the file is actually a variation of the rouge antivirus application known as AV XP 2008 which has been ... More About: Anti Virus , Anti-Virus , Fake
Celebrity Spam out of control
2008-08-22 19:01:00 We have been tracking a number of spam messages over the last couple of days pertaining to celebrities involved in a number of odd and unexplained activities. The binary file being delivered in this latest spam run involving Paris Hilton is stream.exe which is meant to lure a user into executing the file hidden behind ... More About: Spam , Celebrity , Control , Out Of Control
Fake Anti-Virus Spam
2008-08-21 17:48:00 This morning we detected another malspam campaign this time focusing on delivering the rouge anti-virus application XP AntiVirus 2008. This particular application has been used numerous times before as the malspam payload to infect users and has been seen in some of the CNN alerts, MSNBC, IE 7.0 attack, etc. The idea here is to trick users ... More About: Anti Virus , Spam , Anti-Virus , Fake
Scientific America Industry Panel
2008-08-21 03:15:00 This past May I sat on an industry panel regarding digital privacy along with Whitfield Diffie (Sun Micro), Patrick Heim (Kaiser), Art Gilliland (Symantec), Rahul Abhyankar (McAfee), Martin Sadler (HP), John Landwehr (Adobe) and Steve Lipner (Microsoft). The panel discussed many interesting topics around technology and today’s need for digital privacy. The full edited transcript is available on-line at ... More About: America , Industry , Panel
SQL Injection Attacks: The future of mass hacking campaigns
2008-05-28 19:32:00 SQL injection attacks are evolving as a prime mode of transportation for malicious scripts that hackers wish to insert into legitimate web-sites. Typically the web-site is a vehicle for distributing Trojans through scripts crafted to exploit specific vulnerabilities on visiting PCs; i.e. the recent Adobe Flash vulnerability annouced today that could use SQL injection as a form ... More About: General , Future , The Future , Campaigns , Mass
LayerOne Security Conference Video Available
2008-05-23 17:39:00 Last weekend we participated in a smaller regional security conference in Pasadena California called LayerOne which occurs yearly at the Pasadena Hilton. There was a number of great talks and I provided one on the evolution of cyber-crime and it’s prevalence. I am making the video available here. More About: Video , Security , Conference
Yesterday?s Webinar Available!
2008-05-22 18:49:00 Yesterday’s webinar on Customer Privacy, Malware and Government Regulations is now available for your viewing pleasure. Enjoy! http://www.itsecurity.com/webinar/enterpr ise-malware/?tfso=1409 More About: Yesterday , Webinar
Why Security-as-a-Service reduces total cost of ownership (TCO)
2008-05-22 18:23:00 Recently I have been getting a number of questions concerning the cost savings of a security service (SaaS) model versus a traditional on-premise solution. While there are certainly a number of direct benefits to the end-user, I thought for the purpose of this article to elaborate on the most important one: “reducing the total cost of ownership (TCO) via ... More About: Security , Service , Cost , Total
Anatomy of a data breach part 2
2008-05-22 10:48:00 In this second part I am going to talk about utilizing different methods of protecting sensitive data-at-rest by using system hardening. The overall goal is to obviously implement an effective strategy to reduce the potential of a data breach (keeping in mind it’s all about best efforts when meeting compliancy). First of all we have to understand how a data breach is ... More About: Anatomy , Data , Part , Breach
Eleven months of writing for the Information Security Systems Association J
2008-05-21 01:57:00 I have been writing now for eleven months in the Information Security Systems Association Journal (ISSA). These articles have been primarly focused along the lines of sharing information concerning the emerging threat-landscape and what we are seeing from a Panda Security perspective. Therefore; I thought I would share a little history with you by making these articles ... More About: Virus , Writing , Information Security
Webinar on Privacy and Security - Win a Garmin GPS!
2008-05-20 23:38:00 Free Live Webinar on May 21 @ 10AM PST / 1PM EST http://www.itsecurity.com/webinar/enterpr ise-malware/ New breeds of malware ? spyware, adware, Trojans, and viruses ? are rapidly infecting networks and exposing businesses and their customers to unprecedented security risks. The government is now mandating that corporations effectively protect the privacy of individuals and ensure the confidentiality and integrity ... More About: Security , Garmin , Privacy
How regulations affect small to mid-size companies
2008-05-20 21:16:00 It’s important to note that not only are large corporations affected by regulatory standards, but the small and mid-size companies are also equally affected; especially when their core business is dealing with protected classes of information by law (patient information, credit card information, financial data, etc). A very good example is a regional medicare facility that has less then 500 employees. Now one may think that they are ... More About: Companies , Small , Regulations , Size
From Traditional AV to Security-as-Service
2008-05-20 04:57:00 Over the past five years the anti-virus market has experienced tremendous growth with the advent of new technologies to adapt to current conditions. What was once a market consisting of a very few players has now evolved into a global enterprise consisting of dozens of companies with an assortment of anti-virus products varying in degrees ... More About: Security , Virus , Service , Traditional
Anatomy of a data breach part 2
2008-05-07 02:48:00 In this second part I am going to talk about utilizing different methods of hardening web-facing applications. The goal is to obviously implement an effective strategy to reduce the potential of a data breach. First of all we have to understand how a data breach is conducted and what methods are used to access internal protected information. The purpose behind such an ... More About: Anatomy , Data , Part , Breach
Anatomy of a data breach
2008-05-04 20:08:00 In 2007 and 2008 the industry has seen an upsurge in data breaches affecting millions of consumers and causing corporations to pay heavily in fines. Data breaches can lead to exposure of consumer information through a number of different ways that vary in complexity. The common perception associated with a data breach is the difference between data being extracted from physical ... More About: Anatomy , Breach
Virtualization: An emerging trend in the financial markets
2008-05-01 18:18:00 Yesterday we gave a presentation on virtualization at the Wall Street Technology Association (WSTA). Several major banks from the New York area were present at this forum (Bank of New York Mellon, CitiGroup, Merril Lynch, Morgan Stanley, Depository Trust and many more). The forum really addressed the emergence of virtualization within the financial community and how security is much ... More About: Markets , Financial , Virtualization , Trend
SC Magazine Pod-Cast on Massive SQL Injection Attack
2008-04-30 22:50:00 Yesterday Chuck Miller from SC Magazine published a podcast in which I spoke about the details of the latest mass web hack covered earlier. PandaLabs had confirmed that there was no IIS vulnerability involved in this latest round of attacks, rather poorly written .ASP code was the culprit. However; it’s extreamly important to understand that we are talking ... More About: Cast , Attack , Injection
Massive iframe hack: The conclusions
2008-04-29 01:22:00 Perception vs. Reality It may seem that things are getting better and cyber-crime may be diminishing, but the evolution of hacking for profit will remain constant through the remainder of this year. Data breaches are becoming a commonplace and corporate CIOs are focusing their attention towards protection of critical assets, especially external facing applications that are subject ... More About: Hack
Crimeware as a Service (CaaS) Updated
More articles from this author:2008-04-28 18:00:00 As the malware threat landscape continues to evolve, hackers are constantly changing techniques to counteract detection technologies that vendors are developing. By using sophisticated methods to evade current antivirus technologies, hackers are relentless in their pursuit of damaging IT systems and oftentimes gaining access to personal information. Several years ago, hackers used polymorphism and metamorphism as ... More About: Service 1, 2 |
 |
|
 |
