PandaLabs Blog

RSS Feed Homepage

Articles: 1, 2, 3, 4, 5, 6, 7

January Spyware List
2007-02-07 20:22:01
Today we are going to review our top spyware list.1: Adware/Gator(=) 2: Adware/Lop (Up from 8th)3: Application/MyWebSearch (Up from 5th) 4: Application/Winantivirus2006 (Down from 2nd) 5: Adware/Wupd (Down from 4th) So not many changes this month, but there are some interesting things to comment.Adware/Lop This adware creates different executable files on the PC when it is run, in order to avoid detection. Also, It creates some images on the desktop which look like shortcuts, but they are links to external web sites or programs, the usual casino stuff, etc. It uses quite a lot of effort to disguise itself on the pc, changing the executable that it is run each time. It belongs to C2Media LTD.Adware/VideoActiveXObject One of the last versions of the fake codecs, which are so active lately. Hiding spyware on fake codecs is getting huge revenues, as users continue to download them confused with the idea of watching an exiting video for free. Adware/SecurityError (Up from 46th to 12th)It...
More About: Spyware , War , Ware , January , List

Windows Vista
2007-02-07 08:21:02
So finally Vista has arrived, we have started to see ads on the newspapers, and even on TV.There is one question regarding Vista that is still unanswered. Are you ready for Vista? A couple of days ago I was wondering if I was ready for Vista. So I decided to download and test the new tool delivered by Microsoft which helps users decide which Vista version is good for you. I was a bit dissapointed to realize that I was only going to be able to upgrade to Vista Home. Also, I found some problems regarding drivers support.So if I need to change my hardware, basically buying a new computer, and if you add the Vista's price, which doesn't come cheap, it might be an expensive upgrade. So I don't think I will be an early adopter.But let's talk about Vista Features, I want to focus on security. For a full detailed description visit the Vista security Guide.So the question might be if I am going to be more secure with Vista. Microsoft claims so, and there is a lot of...
More About: Windows , Windows Vista , Wind , Indo

Nurech.A.worm Alert II
2007-02-07 08:21:02
We have compiled more information on this alert. Here you have a graph of the continuous arrival of messages to the lab related to this specific variant in the last 90 hours. Today it reached the second place on the ranking of total number of infections registered through our online tool Activescan. Feel free to use it, because it is free.At the moment we are still getting 20% of incidents related to this, but it seems to be fading.
More About: Worm , Alert

Nurech.A.worm Alert ( UPDATE )
2007-02-06 08:20:02
This weekend we have seen a lot of activity from a new worm. It is called Nurech.A.worm. In the last 48 hours it gets more than 60% of all the messages received in PandaLabs. At some points it was massively spammed.Here is a graph of the evolution in the last 60 hours. We will keep you updatedUPDATE Here are some of the subjects it is using to fool users into opening it: Tender Whispers With This Ring      & nbsp;          Til the End of Time Heart of Mine      & nbsp;      If I Knew      & nbsp;               ;      &nbs p;      &nb sp;   Touched by Love Most Beautiful Girl Wrapped UpEvening Romance Doing It for You      &n bsp;      .. .
More About: Worm , Update , Alert

Spam in PHP forums (II)
2007-02-02 20:17:01
One reader has pointed that although requiring a user to register is a good idea, some bots are able to do so, and has sent some "tricks" that administrators should use to prevent bots from registering in the forums.First you should use security plugins. We have gotten accustomed to see them when applying for a new email account. An obfuscated key is shown to the user. You need to type this key to proceed. This is quite useful.As an example, there is also a mod called "The Humanizer" which simply adds another question to the registration process. In particular "Are you a human being?" and two possibilities yes and no. Although this may sound quite obvious, it works. A general purpouse bot, will not be prepared for these small modifications. So the lesson is that there is no need for complex solutions, but smart ones. Making small changes once in a while can bring benefits. It is also advisable to spend a couple of hours performi...
More About: Spam , Php , Forums , Forum

Phishers go one step further
2007-02-01 02:15:02
Today we are going to talk about phishing. We already know that financial institutions are a prime target for phishers. As malware evolves from an amateur hobby to a money making business, things have evolved a lot.The phishing we are going to talk about doesn't target a financial institution, nor an e-Commerce site. It directly goes against the Spanish Internal Revenue Service, called "Agencia Tributaria". The scam goes like this, you receive an email that informs you that some taxes have been wrongly charged and that you are elligible for a refund of 90 €. Here is part of the email. It is written in Spanish. Bad Spanish indeed. Of course to apply for it you have to enter your data in a web form, that for sure is located somewhere not related to real agency. So as always, be careful, and type the url of the site you want to visit. Do not follow links from emails, it is much safer.
More About: Phish , Phisher , Hers , Step

Another Spamta run
2007-01-27 20:10:02
We have seen that spamtas are rising quickly. Two days ago, we detected a variant, that has been quite silence. But a few hours ago, the last one started climbing, with the appearance of a new variant, which is also arriving in great numbers. Both are stopped with Truprevent ™.Here we can see the evolution in the last hours.
More About: Spam , Other , Another

Spam in PHP forums
2007-01-27 20:10:02
Today we have found that in a php forum, someone was posting spam messages. It was obvious in this particular case, because it was a Spanish forum, and the message was in English. Notice that it uses the "guest" account ("invitado").It sounded quite suspicious, so we tested the url and found that it was using web attacker exploits to install Trojan horses (Trj/Abwiz, Trj/Cimuz). Usually these are password stealers. But it could be other type of malware.It could be possible that they are using some program to try to post in non restricted forums. So once again be careful before you follow a link from an unknown source.If you are an administrator, it would be advisable, to check the configuration of your php application. If you allow anonymous posting, your forums could end filled with spam.Thanks to Vicen for the information.
More About: Spam , Php , Forums , Forum

Strange scanner
2007-01-27 20:10:02
Yesterday we came across a sample. It is dropper of a virus called W32/Rigel.A Once you execute it, it displays a windows(Shown below), that informs users that a scanning for a specific Trojan horse is being done. But, the truth is quite different. While the unsuspicious user stares at this window, it starts infecting exe files. We have seen different behaviours:- Useless files- Runnable infected files- Self copying file that starts processes until the machine hangs.
More About: Cann , Strange , Stra , Scan , Anne

Of course, we have all wondered when we will stop receiving
2007-01-17 02:05:02
Of course, we have all wondered when we will stop receiving spam. It is not an easy question. We have already started 2007 and all the figures show that it is increasing overtime.When I take a look at my inbox, all I see are emails like these:- Phishing, 419s, lottery, etc.- Pharma-related, pseudo-medicinal.- Software with suspicious discounts.- Online gambling.Some call this "virtual fraud". It’s amazing, as this fraud is not so virtual, or at least it becomes quite real when later you take a look at your bank account. Most of it relies on users’ own decision. Users decide whether the product/service is worth their money or not. I have never bought anything from these providers (honest to God), because I’m not interested in their products. But if the hit ratio, although minimal, is worth all the effort and resources the spammers are putting into this business, it is clear that a lot of users are willing to pay. And this means that these users don't s...
More About: Stop , Will , Course , Wonder

Today, we have detected an increase in the number of email i
2007-01-16 14:04:02
Today, we have detected an increase in the number of email incident reports. This is due to a new variant of the infamous Spamtaload. We have  called this variant Spamtaload.CS. In the last 12 hours we have seen a peak reached at 10:00 and although the figures show that it is decreasing, it has not ended yet.We have received 20 different MD5 aprox. All of them link to site located in New Jersey. The malware is prepared to download some more components from “www6.******************* ****.com”. Luckily it is not working at the moment.Stay alert, just in case it gets active...
More About: Mail , Email , Today , The N , Numb

What do you want to do for a living?
2007-01-11 14:01:01
Yesterday we found such an interesting job offer, that we felt compelled to explain it to you, in case you were interested.It consists in being paid 60$ every month, just for sending 1,000 emails a day. The deal works more or less like this. Once you agree, you receive a program that enables you to start sending emails from your computer. Though you must run it every day, it only takes 5 minutes of your time to send all those 1,000 emails. It doesn’t look as a hard job, does it?It seems the employer’s SMTP server imposes him a limit to the amount of emails he can send daily, so he needs more people to increase his ability to send more.Be it a legitimate job offer or not (most probably), the comments in the “Questions & Answers” section leave little to imagination:“As I understand it, you’ve got an application that only lets you send one thousand emails daily, don’t you? Well, we have developed an application to send emails, and you won&r...
More About: Living , What , Hat , Want , Ving