Despite the fact that on the basis of January caused the most damage to computers Trojans, and significantly increased the number of infections caused by worms kraduschimi information. Creating threats to online fraud, theft of personal data, etc. - this is one of the constituent parts of the dynamics of the new malware.
This year began with the proceeds alarming data: in addition to increasing the number of Trojans, also has been a growing use of worms to steal confidential data users. According to the data collected using online antivredonosnogo decision Panda ActiveScan, the Trojans have led to 24.41% infection and worms - 15.01%. These figures differ significantly from those of 2007, when the worms cause less than 10% of infections.
According to PandaLabs - Panda Security Laboratory, which is the analysis and detection of malicious software, this situation is due to the increasing activity of a family of worms Nuwar, also known as Storm Worms or literally Storm worms. Computer worm can spread very quickly on their own. But unlike those worms, which used to cause epidemics were widely reported in the media, today's worms do not seek to harm or destroy data computers. Quite the contrary, their purpose - unnoticeable theft of confidential information for online fraud.
Such worms usually get into the computer as an e-mail message that use social engineering technology related to the current events. These messages contain links to pages which are pre-loaded with other malicious codes to steal personal information or forged pages used to attack harmless.
"While we were and assumptions about these developments, we do not think that cyber criminals as quickly turn to the worm. This is very dangerous because, in spite of the fact that the worms more evident than Trojans, and the same is much easier to neutralize worms, but they in a position to commit indiscriminate 'storm' attack to quickly assemble an enormous amount of confidential information, "said Luis Corrons, director of PandaLabs technical, and adds:" In order to increase the efficiency of hackers in a very short period of time withdraw treatment in a large number of worms, thereby increasing the likelihood of contamination.
It also causes infections in January were: advertising software (21.21%), the backdoor Trojans (4.03%), spyware software (3.13%) and the bot (2.65%). Identity theft report.
Most active malicious codes
The most active malicious code, by the end of January, was Troyan Downloader.MDW designed for loading into other malicious code. Bagle.HX Perlovga.A and took second and third places.
Place Name
1 Trj / Downloader.MDW
2 Bagle.HX.worm
3 Perlovga.A.worm
4 Puce.E.worm
5 Trj / Spammer.ADX.
6 Brontok.H.worm
7 Bagle.QV.worm
8 Trj / Downloader.RWJ
Adware 9 / VideoAddon
10 Lineage.GYE.worm
Then comes Puce.E worm, Trojan and worm Spammer.ADX for email Brontok.H. Zamykayut QV-list version of Bagle worms, Trojans Downloader.RWJ, ad code VideoAddon and Lineage.GYE worm, designed to steal passwords to online game Lineage.
Panda Security offers several free utilities for checking PC: http://www.infectedornot.com
About PandaLabs
Since 1990, its mission has been as much as possible the rapid analysis of new threats to protect customers. Several teams, each of which specializes in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.), working around the clock, providing continuous technical support. In achieving this, they come to the aid of technology TruPrevent ™ acting as a global early warning system made up of strategically distributed sensors, neutralizing new threats and send them to PandaLabs for analysis.
According to Av.Test.org, currently PandaLabs is speedy laboratory to provide updates to users throughout the industry.
10 March 2008
In 2008, the worms have become increasingly used to steal confidential information
Cyber earn their deaths actor
As soon as the world learned of the tragic death of actor Heath Ledger, which played in the films "Brokeback Mountain," "History knight", "The Brothers Grimm" and the other, his name has been used as an instrument of social engineering and abused for selfish purposes. After hours after the first news, research group Trend Micro recorded appearance of malicious Web pages found by search engines for queries on Hite Ledzhere.
For example: After moving to any of the extradition resource user first turns on such "optimized" page, which will most likely not see in a browser.
A then redirected to another site, which offers download "new version of ActiveX Object." As a result of a series of redirects you download malicious software such as troj_renos.lz or worm_nucrp.gen.
Moreover, there is reason to assume that these sites are dangerous for hosting one of the Czech compromised providers. Some servers located at its sites contain malicious JavaScript, defined as js_dloader.dat which runs the same series of redirects that contained links and issuance of Ledzhere Hite.
"The speed with which this attack was carried out after the death of actor shows that the attackers planned in advance all their actions and they were ready all of harmful components - commented Michael Kondrashin, head of Trend Micro competence centre in Russia and the CIS. - This clearly proves for the attack that mature faces criminal groups calling itself the same goal - getting money. It is not important what exactly will "hook" for trusting users: loud political scandal, a terrorist act or a natural disaster. Clearly, the loudest events in the future will be accompanied by a similar web attacks. "
Network "special purpose", such as SCADA (Supervisory Control and Data Acquisition), always a high level of protection, which is achieved mainly at the expense of their total isolation from public networks.
Among the experts on security "old school" went jokes that "to truly provide the only reliable protection cutters, speaking eloquently that if the network is an indefinite number of persons, the protection of sound do not have to speak.
That was always the case. First, such networks under no circumstances should in no way be connected to the Internet. Unacceptable even connect via VPN, and other infrastructure organization virtual networks. The idea runs counter to the spirit of that connectivity security.
Unfortunately, the result of specific policy decisions made over the past 15 years had led to a dangerous convergence of "public" and "private" networks to "minimize costs and optimize operations, which have gone on this convergence company responsible for the operation of vital networks for the world's population.
One case - password theft, fraud and other economic offences committed by the virtual world of the Internet. Just another - switching off electricity in a particular region. It's no secret that in today's world there are forces that are interested in chaos and tensions causing severe damage to the masses population. The work of these forces have the same technology that suited to steal passwords from the bank accounts have not mean anything suspect users.
Mac Users will be helpful to learn about the recently discovered MacSweeper program. While it is not harmful, it removed after installation extremely difficult.
Program MacSweeper claims that it scans the system and informs the user about holes in the security system. She finds many "holes", but to address them offers to buy the full version of the program.
There is an official program Mac Sweeper (two words with a space).
Doubly suspicious that the visit to the site of this programme leads to a user's computer scanning and publishing a report on security in folders, which exist only in the Mac - even if the site is open from your computer working under Windows.
The website published general information about the company, which in general are quite credibly, if not one but: until recently, they were a true copy text from the site similar to Symantec.
Trend Micro detects this program, and classifies it as osx_macsweer.a.
Almost five years ago SQL Slammer worm was to make people understand that providing access to critical resources via the Internet infrastructure - highly unsuccessful idea.
But not all learn from the mistakes of the past. Most recently, several thousand pages on the Internet suffered from the attack (presumably) SQL Injection, as a result of endangering the personal data of hundreds of thousands of Internet users.
The most terrible is that in the hands of intruders can enter data on credit cards, identity and the identities of other key documents users who do not have any relation to those pages.
And today we learned of the new "underground" instrument - sqlmap: it is an instrument automatically unauthorized SQL code, developed entirely in Python. He is able to carry out a comprehensive analysis of database management systems, access to remote databases of names of users, tables, columns, the full content of a database, as well as system files and read much other information using the security holes in systems applications to the Internet, opportunities Forced to perform unauthorized SQL code.
This is very unpleasant news for many sites where SQL operating systems are still available via the Internet.
A preliminary analysis tool SQL Injection looking for a vulnerability in SQL systems in the public pages on the Internet. It does not require direct access to SQL Server; enough intermediate interface, such as CGI form.
The theft of sensitive data - the main danger trojan virus
According to the press service of anti-virus company Panda Software, now due to the new dynamics of malicious software majority "trojans" is used to steal passwords to financial services. The next group of malicious code, the most frequently detected by specialists, this boat (from the word "robot"), which are followed by "backdoor Trojans, which may allow attackers to use the infected system as a fraud.
"The growth of the number of" Trojans "shows that the main purpose of the creators of malicious code now is the financial gain, rather than searching for glory, as in the past" - said Luis Corrons, director of the laboratory "PandaLabs." Thus, "Trojans" have strengthened their position most common malicious code, while other categories - classical viruses are now less common.
Hunters for the password to the online games attacked about 100 thousand sites
Tens of thousands of web sites of companies from Fortune 500, government agencies and public schools were infected with malicious code aimed at stealing passwords for online games.
More than 94 thousand virus infected URL that redirects users to a domain uc8010.com. IB-infected resources from Computer Associates, as well as sites owned by Virginia authorities, the city of Cleveland and Boston University.
"The range of objects that were infected, a very large - said Lendsmen Mary (Mary Landesman), a researcher from ScanSafe, a company that provides information on the malicious sites. - This is a real example of what we see every day. And it shows companies interested in a web presence, to take a hard look at the state of its security system. "
"Hackers were able to infect sites using SQL Injection" - tells Johannes Ullrich (Johannes Ullrich), the chief technologist Internet Storm Center. In injections included javascript that redirects users to other sites, says The Register. Vulnerabilities of these sites allow for malicious software to steal passwords from various online games.
Encrypting files offline
For Windows 2000 has been possible autonomous cache files (also known as the cache on the client side). For this purpose, the technology of managing Microsoft IntelliMirror ™, which gives users the opportunity to work with the files located in file shares, even at a time when the client computers disconnected from the network.
For example, when mobile users viewing public folders on the computer, disconnected from the network, they may see, read and edit files because these files were keshirovany on their client computers. When mobile users connect to the server at a later date, the system produces alignment changed files with files stored on the server.
In Windows XP client is now capable of autonomous encryption of files and folders using EFS encrypted file system. This is especially attractive to traveling professionals who regularly required to work without the network, while ensuring the security of data.
All files are stored on a local computer in a common database, which also limits access to these files through access control tables defined explicitly. The database displays the files to the user in such a way that the structure and format of the database remain hidden and the user is dealing with the usual folder. Files and folders other users are shown, and there is no access to them. If autonomous encrypted files, the entire database is encrypted using EFS certificate for a computer. Selecting individual files and folders for decryption is not met. Thus, if this option is used, then the entire database offline files by default protected from attacks with the use of its own system EFS. However, encrypted database files autonomous there is one limitation: the user when working offline its files and folders will not appear alternate color. When working online, a remote server can selectively apply the encryption of files and folders, so that the mapping of encrypted files while working in interactive and standalone modes may seem contradictory user.
Ways to reduce the risk of disclosure of residual fragments of files containing encrypted text
In the EFS system has a pattern of recovery after the accident, preventing data loss in case of unavoidable mistakes, such as a system error, overflow disk or a hardware failure. This scheme provides for the establishment of unencrypted archived copy of the original file encryption or decryption that is. After successfully encrypt or decrypt the original file is deleted, the archival copy. Creating archival copy is a side-effect - nezashifrovannaya version of the file can exist on the disk until the appropriate disk blocks will be used NTFS file system for some other file.
In the process of encryption available file system EFS always creates an archived copy of encrypted file. When encrypting critical data using EFS system should first create a folder, subject to attribute encryption, and only after that create files in it. In this approach, the files will be encrypted from the start. EFS system will not create an archive with the encrypted text, and this is a guarantee that will not appear on the disk residual fragments of files containing the encrypted text.
Removing unencrypted data
For more information about the system NTFS, and the features of its work, please Microsoft Developer Network (MSDN)
