Category Archives: Antivirus Vendors

Antivirus Vendors

Panda Security

Smart Cities and Open Data

Leave a comment

With the constant advancement of technology, we are already witnessing the phenomenon of smarter cities.

According to Anthony Mullen, research director at Gartner, the next couple of years will be crucial for smart cities and open data as people will continue to “increasingly use personal technology and social networks to organize their lives, and governments and businesses are growing their investments in technology infrastructure and governance.” Even though the term ‘smart city’ means different things to different people, generally cities are considered ‘smart’ when its citizens are benefiting from open data sources converted into solutions that ease people’s lives. The solutions are developed by government and private companies.

How do smart cities work?

There are all sorts of reporting devices placed around every town, as well as IoT devices, which communicate with each other. The information is then converted into a solution such as the ones that ease traffic or control traffic lights. To some extent, smart cities also rely on people who voluntarily share their data. To experience the benefits of a smart city, you may need to have a subscription or rely on data democracy, i.e. sharing your data with third party grants you access to the solutions they are offering.

Smart city examples

Have you noticed all the people texting or looking at their phones on your last trip to Europe? Yes, people are surely checking their Facebook feeds but what they also do is informing themselves when the next bus or train is going to arrive. Buses and trains are now connected to make public transport more predictable and decrease traffic congestion. London’s TFL, in particular, encourages app developers to integrate the open data that TFL is sharing to help the city circulate better.

The situation is similar in New York – imagine how helpful it would be if we knew when and where there would be parking slots available. Smart city perks are saving time and money to millions of folks every day, and the trend will continue to grow. Research firm Gartner claims that by 2019, fifty percent of citizens in million-people cities will benefit from smart city programs by knowingly sharing their personal data.

How to stay safe in a smart city?

Regular cities are going ‘smart’ because governments are making an effort to make your life easier. It surely helps knowing when your bus is going to arrive, and how to get from point A to point B avoiding traffic saving yourself some time and money. However, all these connected devices and the mass sharing of both usable and unusable data could be dangerous. Hackers are getting creative, and the safety of millions of connected devices has been compromised already.

Panda Antivirus software protects you from sharing more than you have to. In a recent report by a tech giant Hitachi, a staggering 95% of respondents rated the role of technology in ensuring public safety as ‘important’ or ‘very important.’ A smart city wouldn’t be smart if it is not safe.
Panda Security offers various solutions that will help you stay protected and remain smart even when you are not in a smart city. The more protected you are, the better.

The post Smart Cities and Open Data appeared first on Panda Security Mediacenter.

Panda Security

If You Use Autofill, You Might As Well Give Away Your Info For Free

Leave a comment

 

The autofill feature that many browsers offer is a useful time-saving tool that saves you from having to manually fill out forms with the same information every time. Programs include all the necessary information without the user having to go from one field to another to write information that is often repeated in most forms. However, what at first seems to have nothing but upsides for workers and individuals, does in fact carry with it some security risks.

Autofill can be used by cybercriminals to perpetrate phishing attacks in order to collect user data through hidden fields. When the Internet user allows the browser to fill in the form information, it would also fill in a number of spaces that the screen does not display. In this way, when the individual sends the document, she would also be sending her personal information to cybercriminals without realizing it.

Finnish developer Viljami Kuosmanen has revealed how such attacks work with a practical demonstration. He created a form in which only the fields “name” and “email” can be seen, along with a “send” button. However, the source code of the web page harbors some hidden secrets from the user: there are six other fields (phone, organization, address, postal code, city and country), which the browser also automatically populates if the user has activated the autofill function.

The method is a simple strategy to get all sorts of personal information that, according to Kuosmanen tests, can be used in both Chrome and Safari. Other browsers like Opera also offer the autofill feature and Mozilla Firefox is currently working to implement it.

Fortunately for users, it is possible to disable this option in the program settings without too much difficulty. Browsers have it activated by default without asking permission first, so the only way to turn it off is by taking a moment to change the setting manually.

This is a serious threat to the security of personal and corporate information and is difficult to detect because, unlike other types of attacks, the user does not see any links or other types of samples that might lead her to suspect anything is amiss.

It is therefore advisable to disable the option in your browser, even though this means that you’ll be spending a little more time filling out those pesky forms.

The post If You Use Autofill, You Might As Well Give Away Your Info For Free appeared first on Panda Security Mediacenter.

Avira

Delegated Recovery: Facebook gives its security a boost

Leave a comment

Facebook boosts up its security systems with Delegated Recovery feature

Traditional 2-factor authentication (2FA) is all about your phone or a physical token. But what happens when you lose your mobile phone or the physical token? Then you’ll have to contact Customer Service and the troubles will start as you work to get account access again. Now there is a new option. Facebook has a smart way to […]

The post Delegated Recovery: Facebook gives its security a boost appeared first on Avira Blog.

Panda Security

Compilation of PandaLabs Reports

Leave a comment

The following is a compilation of all past PandaLabs reports. It is a complete record of the cybersecurity lab’s highlights.

2016

Q1 Report Q2 Report Q3 Report Annual Report

2015

Q1 Report Q2 Report Q3 Report Annual Report

2014

Q1 Report Q2 Report Q3 Report Annual Report

2013

Q1 Report Q2 Report Q3 Report Annual Report

2012

Q1 Report Q2 Report Q3 Report Annual Report

2011

Q1 Report Q2 Report Q3 Report Annual Report

2010

Q1 Report Q2 Report Q3 Report Annual Report

 

The post Compilation of PandaLabs Reports appeared first on Panda Security Mediacenter.

Panda Security

The technical support scam and how to avoid it

Leave a comment

When talking about cybersecurity, we instantly think of viruses and malware. But advances in personal computer security have made it much harder for hackers to infect your PC through traditional channels like email.

As a result, they have developed new attack methods to get around your defences using a range of techniques, on and off-line. One of the most used and also successful is the “Technical Support Scam” that combines social engineering and technology to empty a victim’s bank account.

What is the Technical Support Scam?

Social engineering relies on building trust with a victim, before tricking them into doing something that gets around their security defences. In the case of the Support Scam, criminals telephone their victims pretending to be from a reputable business, like Microsoft or your security or telephone provider – a company name you recognize.

Posing as an engineer, the hacker informs their target that they have already fallen victim to criminals, and they must take urgent action to plug the security gap. The victim is asked to visit a webpage from their computer, and to download a remote control tool that will allow the engineer to access their system to perform “repair work”.

Once in control of the computer, the “engineer” may call up the computer’s event log and show a number of scary looking (but completely harmless) alerts. They will then suggest downloading further tools that allow them to fix these errors.

Unfortunately these tools are actually malware that will steal valuable information from the victim’s computer – particularly online banking details and passwords. The victim may feel that the engineer has done them a favor, but the reality is that they have invited the hacker to steal from them.

Avoiding the Technical Support Scam

There are several ways you can protect yourself from becoming a victim of this scam. These four tips will help keep you safe:

1. Use your common sense

Microsoft or Panda (for example) never ring customers to inform them of security problems. These companies may provide assistance by telephone, but they never call you first. In fact, unless you pay for a third party technical support service, no one should call you about problems with your computer or router.

No matter how urgent the issue sounds, anyone claiming to be calling about PC security problems is lying.

2.Protect your personal and sensitive information

Never give your account numbers or passwords to anyone over the phone or the Internet unless you are 100% sure who they are. If you are in any doubt at all, hang up. Keep in mind that fraudulent activities are profitable for the bad guys.
A good rule to follow for any incoming call: never hand over your credit card or bank details. Just don’t do it!

3. If you have a doubt: tell everyone about it

The Telephone Support Scam preys on people’s insecurity about their lack of tech knowledge. It is very easy to be a victim, and the best defence is sharing knowledge – telling other people about this scam, and what the criminals are doing. It is much easier to put the phone down if you know that the call is a scam.

You should also consider reporting the scam to the company being investigated. If you do, make sure you find the right details though.

4. Protect your PC in advance

Do not forget to use antivirus protection for all your devices. If your device is protected by an anti-malware toolkit, it will not be generating security errors online or anywhere else. So you know that someone claiming you have a problem is also lying.

If your computer does not have an up-to-date security toolkit installed, you must act now – download a free trial of Panda Security to get started.

Most social engineering attacks can be avoided by taking a second to think through the implications of what you are being told. You must not allow yourself to be bullied into making what could be a very costly mistake.

For more useful tips and advice about staying safe online, please check out the Panda Security knowledge base.

The post The technical support scam and how to avoid it appeared first on Panda Security Mediacenter.

Panda Security

RDPPatcher, the Attack that Sells Access to your Computer at a Low Price

Leave a comment

In recent months, there’s been a significant uptick in PandaLabs reports of malware that is installed using a Remote Desktop Protocol (RDP). Every day, we witness thousands of infection attempts using ransomware, hijacking systems for bitcoin mining, etc., which all have one thing in common: access via RDP after gaining entry with credentials obtained using the brute force method.

There are plenty of useful purposes for an RDP, but unfortunately in the wrong hands it can become a weapon for cybercriminals. We’ve already spoken of a shared history between RDP and ransomware, especially in the corporate environment.

The new attack discovered uses the same technique of entry, but its goal is completely different from those analyzed previously. This time, after infiltrating the system, it focuses on finding Point of Sale Terminals (POS’s) and ATMs. The reason for this is that they are simple terminals to attack anonymously from the Internet, and the economic profit of selling stolen information is high.

RDPPatcher: Selling system access on the black market

In the present case, the brute force attack lasted a little over two months until, in January 2017, they hit upon the correct credentials and gained access to the system. Once the system was compromised, the cybercriminals attempted to infect it with malware. They found their attempts blocked by Adaptive Defense, at which point they modified the malware and tried again, without success. Since Panda’s advanced cybersecurity solution is not based on signatures and does not rely on previous knowledge of malware in order to block it, modifying the malware didn’t change the result.

It’s clear from the malware analysis what the purpose of the attack is. The hashes of the two file are the following:

MD5  d78be752e991ccbec16f11e4fc6b2115

SHA1  4cc9d2c98f22aefab50ee217c1a0d872e93ce541

MD5  950e8614db5c567f66d0900ad09e45ac

SHA1  9355a60dd51cfd02a921444e92e012e25d0a6be

Both were programmed on Delphi and packaged with Aspack. After unpacking them, we found that they were very similar to each other. We analyzed the most recent of them: (950e8614db5c567f66d0900ad09e45ac).

This Trojan, detected as Trj/RDPPatcher.A modifies the Windows records in order to change the type of RDP validation. These are the entries that the system modifies:

HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp /v UserAuthentication /t REG_DWORD /d 1
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp” /v UserAuthentication /t REG_DWORD /d 1

And deletes the following entries if they are present in the system:

“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem” /v legalnoticecaption /f
“HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem” /v legalnoticetext /f

Subsequently, it leaves another file (MD5: 78D4E9BA8F641970162260273722C887) in the %TEMP% directory. This file is a version of the application rdpwrap and is run via the runas command with the parameters “-i –s” in order to activate concurrent RDP sessions on the system.

It then proceeds to profile the machine and obtain its information:

  • Username
  • Device name
  • Amount of time the device has been turned on
  • Operating system version
  • Language
  • Virtual maching
  • Memory
  • Processor name
  • Number of processor cores
  • Processor speed
  • Antivirus

It then connects to the control server (C&C server) to access a list of services that measure the speed of connection to the Internet, and later saves the data related to upload and download speed. Next it checks which antivirus is installed on the computer. Contrary to what we are accustomed to seeing in most malware attacks, it does not do this to remove the installed antivirus or to change its behavior. It is simply gathering data.

This is the list that we have extracted from the binary with the processes that it searches:

See Table 1
Once this is done, it begins to search for different types of software to continue profiling the computer. It mainly looks for POS, ATM, and online gambling software. What follows is a small part of the list of software that it searches (in total there are several hundred):

See Table 2

It also combs through browsing history, where another list is contained, categorized by areas of interest:

See Table 3
These chains are searched for in the browser history by the malware itself. They’re used to “label” the computer based on software used and webpages visited.

Once it’s finished with the data gathering from the system, it makes a web petition to the C&C. In order to hide the sending of the information via web traffic from detection systems, it first encrypts it with AES128 using the password “8c@mj}||v*{hGqvYUG”, which is embedded in the sample analyzed. It then codifies it on base64.

Example of the encrypted petition.

The C&C server used for this malware sample is located in Gibraltar:

Conclusion

As we’ve seen, the first thing the attacker seeks to do is to inventory the computer, compiling all types of information (hardware, software, webpages visited, Internet connection speed), and install an application that allows multiple RDP sessions at once. At no point does credentials theft, or any other data theft, occur.

The explanation for this is very simple: the cybercriminals behind these attacks sell access to these computers for a very small fee. Being in possession of so much data from every system allows them to sell access to other groups of cybercriminals specializing in different fields. For example, groups that specialize in the theft of card data can acquire computers with POS software, and so on. Cybercrime has indeed become a profitable racket.

The post RDPPatcher, the Attack that Sells Access to your Computer at a Low Price appeared first on Panda Security Mediacenter.