Archive for the ‘Malware for beginners’ Category

Articles

How naive are you?

In Malware,Malware for beginners,Security on January 11, 2012 by tecnologyantivirus Tagged: , , , , ,

Posted by Leyre Velasco

I have always thought that my mother was anything but naive. She has lived enriching experiences, has had a very intense working life with a high degree of responsibility and is practical, astute and witty. Let us say that she is not easy to rip off. At least, that’s what I thought.

Last Christmas, over one of many family get-togethers, she candidly announced:

“I have won an IPhone online”.

Somewhat stunned I asked:  “Win? IPhone? Online?”

Calmly, she replied:  “Yes, I won it over the Internet. I got a message on screen saying I had been selected over thousands of visitors and that the IPhone will be delivered to my address”.

At this point, my 12 year old daughter could not help the giggles.

I (rhetorically) asked: “Did you believe that?”

“Sure, – she replied -, why shouldn’t I?”

Getting seriously frightened, I asked:  “Which data did you provide?”

“Oh,  – my mother said – nothing much, just my email address and my postal address.”

So far, she has been getting emails requesting her participation on further contests but no mention of the IPhone, of course.

My mother was not at all conscious of the implications of her naivity. Because fraud through pop-ups is probably one of the oldest frauds there is on the Internet. Behind the so-called prizes there might be professional fraudsters, well able to spoof your identity or, without any scruples, make use of your personal data, all for economic benefit.

My mother is a regular Internet user. Her naivity is fruit of her lack of knowledge regarding the dangers of the Internet. That is why I believe it is so important to spread good Internet practises in order to raise awareness among different types of users. We teach our daughter security guidelines and therefore, she is cautious. My mother – up until now – has always browsed alone, no Jiminy Cricket around 🙂

How can you protect yourself?

  • It is very important to have an antivirus program that includes a spam filter installed and up-to-date. Any of Panda Security’s solutions will protect you against these kind of threats.
  • Check the source of information received. Ignore any pop-up that asks for your personal or financial information.
  • Scan you computer for free.
  • Inform yourself. We recommend pages on security, for instance, this blog or the Security Info page.

Luckily, my mother never provided her credit card details. Otherwise, she could have been in serious trouble. She has now installed the antivirus, scanned the computer and hopefully, from now onwards, she will be more cautious when browsing the net.

How about you? Have you ever been ripped off online? Tell us your experiences!

Articles

The Malware Invasion: Fight the enemy in this online game and win a Panda Antivirus

In Malware for beginners,Uncategorized on June 22, 2011 by tecnologyantivirus Tagged: ,

Posted by Blanca Carton, June 2011

Have fun with ‘The Malware Invasion’ online game while learning more about hackers and fighting off the virus attacks launched by cyber-criminals.

Play the game, pass the tests and win a Panda Antivirus free.


Enjoy the game recruit! 🙂

The Malware Invasion is available on:

And let us remind you that you can find the answer to any queries you might have about your product in the articles posted on the Panda Security support website, or by contacting our expert technicians in the Tech Support forum.

Articles

Malware for beginners: those apocalyptic emails…

In Malware,Malware for beginners on February 2, 2011 by tecnologyantivirus Tagged: , ,

Published by Javier Guerrero, February 2011

Even though the protagonist of this new chapter in the Malware for Beginners series is no malware specimen, it does share a couple of features with viruses, Trojans and other threats: You can easily find them in your email inbox and they can be really annoying. Yes, we are referring to those scary, apocalyptic email messages…

Yes, you know, those messages that friends and colleagues forward to you -with the best of intentions- to let you know about the latest virus, or a threat so deadly that can blow up your computer, kill your dog with some mysterious radiation and turn your granny into a blood-craving zombie… And for which there is no cure, of course.

Well, seriously now, this type of email is quite frequent. Even though these emails are not dangerous in themselves and are not aimed at defrauding anybody, they alarm people by taking advantage of their lack of knowledge and fear, as they don’t really know the reality and limitations of malware.

Not so long ago I myself received one of these messages, which you can see below loosely translated:

Let’s take a look at sentences like “This is a virus that burns your entire hard disk”. They could have used the term “delete” or “format”, but obviously “burn” is far more spectacular. Of course, no virus can damage a hard disk like that. And do not forget that recommendation, This is the reason why you must send this email to all your contacts. Is there any email user who doesn’t hate this sentence? 🙂

Anyway, the scariest bit comes in the second paragraph, where you are prompted to “Shut down your computer immediately” without even opening the message, or you are said there is no fix for this threat. Finally, they even mention CNN’s coverage of the story, and Microsoft, which classifies this virus as the most dangerous ever.

To sum up: One thing is to inform users about the dangers of malware, and another one is to raise confusion and scare people for no reason with the sole purpose of achieving notoriety.

Finally, keep an antivirus installed and update it frequently. This is your barrier against spam and phishing.If you are not sure about something during the installation or update processes, don’t leave it for later. Look for the appropriate solution in the support forums available to you for any queries you might have.

Javier Guerrero Díaz
. R+D – Development Dept.
Panda Security

==============================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer, etc. He currently works in the Interception Unit and is responsible for various Cloud AV components.

Articles

Malware for beginners: Viruses

In Malware for beginners,Uncategorized on December 22, 2010 by tecnologyantivirus Tagged: , ,

Published by Javier Guerrero, December 2010

The protagonist of this new chapter in the “Malware for Beginners” series is very significant as, even though this type of malware was not the first one to appear, it was the reason for the ‘boom’ of the viral phenomenon and became the epitome of what is today known as malware.

In fact, we still use today the term “virus” to refer to any type of malware in general, when reality shows that, except for the occasional surge, the number of viruses in circulation is much lower than that of Trojans, for example.

But, what is a virus?

Well, just as any other type of malware, a virus is a small program that “infects” other files. The infection process consists of introducing its code in the target file (normally an executable file) so that, from then on, the infected file will carry the virus and become a new source of infection.

It is due to this parasitic behavior that this type of file was compared to biological viruses. Computer viruses differ from other malware specimens like Trojans or worms in that the latter do not need a host to spread. Also, this characteristic makes them more complex to develop as a computer virus must know the internal structure of the file it tries to infect in order to be able to install on it.

These two aspects may explain why there are so few viruses currently in circulation compared to other malware strains. Also:

  • Any error in the infection process could lead to file corruption and lack of usability.
  • Finally, given that viruses affect all executable files on the system and any computer with the Windows operating system and the most popular applications installed may contain thousands of executable files, virus infections can be really spectacular and visible.

Obviously, this goes against the current strategy followed by malware writers, who now focus on silent attacks in order to profit financially from their creations.

And as always, don’t forget that to protect yourself it is essential to have an antivirus program installed and up-to-date with an anti-spam filter. Any Panda Security solution will keep your computer free from viruses and other malware.

Javier Guerrero Díaz
R+D – Development Dept.
Panda Security

===========================================================================

Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer. He currently works in the Interception Unit and is responsible for the Cloud AV file and process interceptors.

Articles

Malware for beginners: fake antivirus programs

In Malware,Malware for beginners on November 3, 2010 by tecnologyantivirus Tagged: , ,

Published by Javier Guerrero, November 2010

Many people think that when antivirus companies talk about the vast number of malware threats that exist, they are exaggerating in order to sell their software. In other words, they are scaremongering to frighten users into buying their products. That’s why when I write articles about malware, I like to refer to first-hand experiences, as I am going to do in this post.

Some time ago a friend called me, concerned because his computer displayed a window notifying him that it had been infected by malware; specifically 42 examples of all types of malware: viruses, spyware, adware, Trojans… This was a bit of a shock, as his anti-malware solution had only detected a couple of threats, which in theory it had deleted. What’s more, these warnings did not come from the antivirus, and neither would they let him eliminate the infection.

As I guessed his antivirus might’ve been out of date, I suggested he looked for a second opinion, and used our Panda ActiveScan free online scanner.

However, my friend was unable to install the ActiveScan scan module, neither with Internet Explorer nor with Firefox; something was stopping it. In fact, it had become virtually impossible to use the computer, so he couldn’t browse the Web, install or uninstall applications. It seemed that his computer had been hijacked by this application.

My suspicions were confirmed when (on going round to his house) I could see the window in question. It belonged to a (supposed) security product called “Personal Security”:

However, the problems I mentioned before suggested there was something dubious about this software. Also, my friend was quite sure he had not installed this product, at least not in the way one normally installs a product in Windows. It was also highly suspicious that his antivirus had not detected all the malware displayed in the window.

The conclusion was obvious: This was a fake or rogue antivirus.

What is a Rogue Antivirus?

This is a malicious application which, in the guise of a trial version of a normal antivirus, tries to trick users into believing that their computers have been infected by numerous examples of malware.

What’s the aim?

Money, of course. Users are then forced to buy a ‘full version’ of the application if they want to ‘disinfect’ their computers. Many people fall for this, either unwittingly, or because they want the system to return to normal.

The rogue antivirus we are talking about today displays the following window:

And obviously, there is a form in which victims are prompted to enter their personal and bank details.

This type of malware is now widespread, largely because it is successful in tricking many people, as the graphic interfaces used (windows, buttons, etc.) are often very professionally crafted.

For example, this particular fake antivirus displays a warning which is similar in appearance to the Windows Security Center:

How to avoid them

The careful and professional design of many of these programs make them particularly dangerous, as they will fool many users with little knowledge of IT security.

Although much of the usual advice we offer (use a good up-to-date antivirus, don’t download unknown programs, take care with USB devices, etc.) is just as valid in these cases, it is particularly important to be careful with the websites you visit.

One of the most common techniques used for spreading these fake programs is known as “Blackhat SEO” (we will talk about this in the next post), which basically manipulates Web search results, including links to malicious pages used to infect users. These pages provoke false infection warnings, prompting the user to click a button to download or install the product.

You should never click on any part of these windows, as this will start installation. In these cases try closing all windows using the ALT-F4 key combination, although the infection may have already taken place.

So, What happened to my friend?

We managed to resolve the problem by starting up in safe mode and manually deleting all files and registry entries corresponding to the fake antivirus. Of course we had to get this information through another computer, as the system had been completely hijacked by the intruder.

To end this post, I would just like to answer the question set out at the beginning: Yes, the threat of malware is real. We are not exaggerating it in the slightest.

===============================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer, etc. He is currently part of the interception unit and is responsible for the file and process interceptors in Panda Cloud Antivirus.

Articles

Malware for beginners: fake antivirus programs

In Malware,Malware for beginners on November 3, 2010 by tecnologyantivirus Tagged: , ,

Published by Javier Guerrero, November 2010

Many people think that when antivirus companies talk about the vast number of malware threats that exist, they are exaggerating in order to sell their software. In other words, they are scaremongering to frighten users into buying their products. That’s why when I write articles about malware, I like to refer to first-hand experiences, as I am going to do in this post.

Some time ago a friend called me, concerned because his computer displayed a window notifying him that it had been infected by malware; specifically 42 examples of all types of malware: viruses, spyware, adware, Trojans… This was a bit of a shock, as his anti-malware solution had only detected a couple of threats, which in theory it had deleted. What’s more, these warnings did not come from the antivirus, and neither would they let him eliminate the infection.

As I guessed his antivirus might’ve been out of date, I suggested he looked for a second opinion, and used our Panda ActiveScan free online scanner.

However, my friend was unable to install the ActiveScan scan module, neither with Internet Explorer nor with Firefox; something was stopping it. In fact, it had become virtually impossible to use the computer, so he couldn’t browse the Web, install or uninstall applications. It seemed that his computer had been hijacked by this application.

My suspicions were confirmed when (on going round to his house) I could see the window in question. It belonged to a (supposed) security product called “Personal Security”:

However, the problems I mentioned before suggested there was something dubious about this software. Also, my friend was quite sure he had not installed this product, at least not in the way one normally installs a product in Windows. It was also highly suspicious that his antivirus had not detected all the malware displayed in the window.

The conclusion was obvious: This was a fake or rogue antivirus.

What is a Rogue Antivirus?

This is a malicious application which, in the guise of a trial version of a normal antivirus, tries to trick users into believing that their computers have been infected by numerous examples of malware.

What’s the aim?

Money, of course. Users are then forced to buy a ‘full version’ of the application if they want to ‘disinfect’ their computers. Many people fall for this, either unwittingly, or because they want the system to return to normal.

The rogue antivirus we are talking about today displays the following window:

And obviously, there is a form in which victims are prompted to enter their personal and bank details.

This type of malware is now widespread, largely because it is successful in tricking many people, as the graphic interfaces used (windows, buttons, etc.) are often very professionally crafted.

For example, this particular fake antivirus displays a warning which is similar in appearance to the Windows Security Center:

How to avoid them

The careful and professional design of many of these programs make them particularly dangerous, as they will fool many users with little knowledge of IT security.

Although much of the usual advice we offer (use a good up-to-date antivirus, don’t download unknown programs, take care with USB devices, etc.) is just as valid in these cases, it is particularly important to be careful with the websites you visit.

One of the most common techniques used for spreading these fake programs is known as “Blackhat SEO” (we will talk about this in the next post), which basically manipulates Web search results, including links to malicious pages used to infect users. These pages provoke false infection warnings, prompting the user to click a button to download or install the product.

You should never click on any part of these windows, as this will start installation. In these cases try closing all windows using the ALT-F4 key combination, although the infection may have already taken place.

So, What happened to my friend?

We managed to resolve the problem by starting up in safe mode and manually deleting all files and registry entries corresponding to the fake antivirus. Of course we had to get this information through another computer, as the system had been completely hijacked by the intruder.

To end this post, I would just like to answer the question set out at the beginning: Yes, the threat of malware is real. We are not exaggerating it in the slightest.

===============================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: the first Panda Platinum, Panda Security and Panda Security for Networks, firewall and TruPrevent technologies, file permanent protection modules, Shield and the Cloud AV interception layer, etc. He is currently part of the interception unit and is responsible for the file and process interceptors in Panda Cloud Antivirus.

Articles

Malware for beginners: Keyloggers

In Malware,Malware for beginners,Uncategorized on October 13, 2010 by tecnologyantivirus Tagged: , , ,

Published by Javier Guerrero,  October 2010

We use the term malware to refer generically to the multiple threats to which IT systems are exposed every day. However, this word covers a whole range of concepts with which, on the whole, most users are unfamiliar.

Although this is perfectly understandable (one of my favorite maxims is that “you don’t need to be mechanic to drive a car”), it’s not a bad idea to have an understanding of the mechanisms used by the different types of malware. So let’s start with something simple: keyloggers.

A keylogger is simply a component (generally software, although hardware-based keyloggers also exist) that registers keystrokes on a keyboard without the user’s knowledge.

Not too nasty really, is it? Nothing could be further from the truth. Keyloggers are used to steal information entered by users, such as:

  • User names and passwords for starting OS sessions social network credentials.
  • Credit card numbers. Keyloggers are a crucial element of many banker Trojans that steal this type of data and send it to hackers, who profit financially at the expense of unwitting users.In fact, most banks now implement measures in their Web services to protect against this threat, such as virtual keyboards.

In any event, the advice that we generally give for other types of malware also applies for keyloggers:

  • Don’t download or run files from dubious sources
  • Only browse trusted sites
  • Use a good, up-to-date security suite.

And, of course, use your common sense. These are the best weapons in the fight against malware.

===================================================================================
Javier Guerrero works in Panda Security as a technical specialist and analyst/programmer. Since joining the company in 1998 he has taken part in numerous projects, almost always involved with kernel layer technology: The first Panda Platinum, Panda Security and Panda Security for Networks, involving firewall and TruPrevent technologies, file residents, Shield and the Cloud AV interception layer. He is currently part of the interception unit and it is responsible for the file and process interceptors in Cloud AV.