Despite the fact that on the basis of January caused the most damage to computers Trojans, and significantly increased the number of infections caused by worms kraduschimi information. Creating threats to online fraud, theft of personal data, etc. - this is one of the constituent parts of the dynamics of the new malware.
This year began with the proceeds alarming data: in addition to increasing the number of Trojans, also has been a growing use of worms to steal confidential data users. According to the data collected using online antivredonosnogo decision Panda ActiveScan, the Trojans have led to 24.41% infection and worms - 15.01%. These figures differ significantly from those of 2007, when the worms cause less than 10% of infections.
According to PandaLabs - Panda Security Laboratory, which is the analysis and detection of malicious software, this situation is due to the increasing activity of a family of worms Nuwar, also known as Storm Worms or literally Storm worms. Computer worm can spread very quickly on their own. But unlike those worms, which used to cause epidemics were widely reported in the media, today's worms do not seek to harm or destroy data computers. Quite the contrary, their purpose - unnoticeable theft of confidential information for online fraud.
Such worms usually get into the computer as an e-mail message that use social engineering technology related to the current events. These messages contain links to pages which are pre-loaded with other malicious codes to steal personal information or forged pages used to attack harmless.
"While we were and assumptions about these developments, we do not think that cyber criminals as quickly turn to the worm. This is very dangerous because, in spite of the fact that the worms more evident than Trojans, and the same is much easier to neutralize worms, but they in a position to commit indiscriminate 'storm' attack to quickly assemble an enormous amount of confidential information, "said Luis Corrons, director of PandaLabs technical, and adds:" In order to increase the efficiency of hackers in a very short period of time withdraw treatment in a large number of worms, thereby increasing the likelihood of contamination.
It also causes infections in January were: advertising software (21.21%), the backdoor Trojans (4.03%), spyware software (3.13%) and the bot (2.65%). Identity theft report.
Most active malicious codes
The most active malicious code, by the end of January, was Troyan Downloader.MDW designed for loading into other malicious code. Bagle.HX Perlovga.A and took second and third places.
Place Name
1 Trj / Downloader.MDW
2 Bagle.HX.worm
3 Perlovga.A.worm
4 Puce.E.worm
5 Trj / Spammer.ADX.
6 Brontok.H.worm
7 Bagle.QV.worm
8 Trj / Downloader.RWJ
Adware 9 / VideoAddon
10 Lineage.GYE.worm
Then comes Puce.E worm, Trojan and worm Spammer.ADX for email Brontok.H. Zamykayut QV-list version of Bagle worms, Trojans Downloader.RWJ, ad code VideoAddon and Lineage.GYE worm, designed to steal passwords to online game Lineage.
Panda Security offers several free utilities for checking PC: http://www.infectedornot.com
About PandaLabs
Since 1990, its mission has been as much as possible the rapid analysis of new threats to protect customers. Several teams, each of which specializes in a specific type of malware (viruses, worms, Trojans, spyware, phishing, spam, etc.), working around the clock, providing continuous technical support. In achieving this, they come to the aid of technology TruPrevent ™ acting as a global early warning system made up of strategically distributed sensors, neutralizing new threats and send them to PandaLabs for analysis.
According to Av.Test.org, currently PandaLabs is speedy laboratory to provide updates to users throughout the industry.
10 March 2008
In 2008, the worms have become increasingly used to steal confidential information
Cyber earn their deaths actor
As soon as the world learned of the tragic death of actor Heath Ledger, which played in the films "Brokeback Mountain," "History knight", "The Brothers Grimm" and the other, his name has been used as an instrument of social engineering and abused for selfish purposes. After hours after the first news, research group Trend Micro recorded appearance of malicious Web pages found by search engines for queries on Hite Ledzhere.
For example: After moving to any of the extradition resource user first turns on such "optimized" page, which will most likely not see in a browser.
A then redirected to another site, which offers download "new version of ActiveX Object." As a result of a series of redirects you download malicious software such as troj_renos.lz or worm_nucrp.gen.
Moreover, there is reason to assume that these sites are dangerous for hosting one of the Czech compromised providers. Some servers located at its sites contain malicious JavaScript, defined as js_dloader.dat which runs the same series of redirects that contained links and issuance of Ledzhere Hite.
"The speed with which this attack was carried out after the death of actor shows that the attackers planned in advance all their actions and they were ready all of harmful components - commented Michael Kondrashin, head of Trend Micro competence centre in Russia and the CIS. - This clearly proves for the attack that mature faces criminal groups calling itself the same goal - getting money. It is not important what exactly will "hook" for trusting users: loud political scandal, a terrorist act or a natural disaster. Clearly, the loudest events in the future will be accompanied by a similar web attacks. "
Network "special purpose", such as SCADA (Supervisory Control and Data Acquisition), always a high level of protection, which is achieved mainly at the expense of their total isolation from public networks.
Among the experts on security "old school" went jokes that "to truly provide the only reliable protection cutters, speaking eloquently that if the network is an indefinite number of persons, the protection of sound do not have to speak.
That was always the case. First, such networks under no circumstances should in no way be connected to the Internet. Unacceptable even connect via VPN, and other infrastructure organization virtual networks. The idea runs counter to the spirit of that connectivity security.
Unfortunately, the result of specific policy decisions made over the past 15 years had led to a dangerous convergence of "public" and "private" networks to "minimize costs and optimize operations, which have gone on this convergence company responsible for the operation of vital networks for the world's population.
One case - password theft, fraud and other economic offences committed by the virtual world of the Internet. Just another - switching off electricity in a particular region. It's no secret that in today's world there are forces that are interested in chaos and tensions causing severe damage to the masses population. The work of these forces have the same technology that suited to steal passwords from the bank accounts have not mean anything suspect users.
Mac Users will be helpful to learn about the recently discovered MacSweeper program. While it is not harmful, it removed after installation extremely difficult.
Program MacSweeper claims that it scans the system and informs the user about holes in the security system. She finds many "holes", but to address them offers to buy the full version of the program.
There is an official program Mac Sweeper (two words with a space).
Doubly suspicious that the visit to the site of this programme leads to a user's computer scanning and publishing a report on security in folders, which exist only in the Mac - even if the site is open from your computer working under Windows.
The website published general information about the company, which in general are quite credibly, if not one but: until recently, they were a true copy text from the site similar to Symantec.
Trend Micro detects this program, and classifies it as osx_macsweer.a.
Almost five years ago SQL Slammer worm was to make people understand that providing access to critical resources via the Internet infrastructure - highly unsuccessful idea.
But not all learn from the mistakes of the past. Most recently, several thousand pages on the Internet suffered from the attack (presumably) SQL Injection, as a result of endangering the personal data of hundreds of thousands of Internet users.
The most terrible is that in the hands of intruders can enter data on credit cards, identity and the identities of other key documents users who do not have any relation to those pages.
And today we learned of the new "underground" instrument - sqlmap: it is an instrument automatically unauthorized SQL code, developed entirely in Python. He is able to carry out a comprehensive analysis of database management systems, access to remote databases of names of users, tables, columns, the full content of a database, as well as system files and read much other information using the security holes in systems applications to the Internet, opportunities Forced to perform unauthorized SQL code.
This is very unpleasant news for many sites where SQL operating systems are still available via the Internet.
A preliminary analysis tool SQL Injection looking for a vulnerability in SQL systems in the public pages on the Internet. It does not require direct access to SQL Server; enough intermediate interface, such as CGI form.
The theft of sensitive data - the main danger trojan virus
According to the press service of anti-virus company Panda Software, now due to the new dynamics of malicious software majority "trojans" is used to steal passwords to financial services. The next group of malicious code, the most frequently detected by specialists, this boat (from the word "robot"), which are followed by "backdoor Trojans, which may allow attackers to use the infected system as a fraud.
"The growth of the number of" Trojans "shows that the main purpose of the creators of malicious code now is the financial gain, rather than searching for glory, as in the past" - said Luis Corrons, director of the laboratory "PandaLabs." Thus, "Trojans" have strengthened their position most common malicious code, while other categories - classical viruses are now less common.
Hunters for the password to the online games attacked about 100 thousand sites
Tens of thousands of web sites of companies from Fortune 500, government agencies and public schools were infected with malicious code aimed at stealing passwords for online games.
More than 94 thousand virus infected URL that redirects users to a domain uc8010.com. IB-infected resources from Computer Associates, as well as sites owned by Virginia authorities, the city of Cleveland and Boston University.
"The range of objects that were infected, a very large - said Lendsmen Mary (Mary Landesman), a researcher from ScanSafe, a company that provides information on the malicious sites. - This is a real example of what we see every day. And it shows companies interested in a web presence, to take a hard look at the state of its security system. "
"Hackers were able to infect sites using SQL Injection" - tells Johannes Ullrich (Johannes Ullrich), the chief technologist Internet Storm Center. In injections included javascript that redirects users to other sites, says The Register. Vulnerabilities of these sites allow for malicious software to steal passwords from various online games.
Encrypting files offline
For Windows 2000 has been possible autonomous cache files (also known as the cache on the client side). For this purpose, the technology of managing Microsoft IntelliMirror ™, which gives users the opportunity to work with the files located in file shares, even at a time when the client computers disconnected from the network.
For example, when mobile users viewing public folders on the computer, disconnected from the network, they may see, read and edit files because these files were keshirovany on their client computers. When mobile users connect to the server at a later date, the system produces alignment changed files with files stored on the server.
In Windows XP client is now capable of autonomous encryption of files and folders using EFS encrypted file system. This is especially attractive to traveling professionals who regularly required to work without the network, while ensuring the security of data.
All files are stored on a local computer in a common database, which also limits access to these files through access control tables defined explicitly. The database displays the files to the user in such a way that the structure and format of the database remain hidden and the user is dealing with the usual folder. Files and folders other users are shown, and there is no access to them. If autonomous encrypted files, the entire database is encrypted using EFS certificate for a computer. Selecting individual files and folders for decryption is not met. Thus, if this option is used, then the entire database offline files by default protected from attacks with the use of its own system EFS. However, encrypted database files autonomous there is one limitation: the user when working offline its files and folders will not appear alternate color. When working online, a remote server can selectively apply the encryption of files and folders, so that the mapping of encrypted files while working in interactive and standalone modes may seem contradictory user.
Ways to reduce the risk of disclosure of residual fragments of files containing encrypted text
In the EFS system has a pattern of recovery after the accident, preventing data loss in case of unavoidable mistakes, such as a system error, overflow disk or a hardware failure. This scheme provides for the establishment of unencrypted archived copy of the original file encryption or decryption that is. After successfully encrypt or decrypt the original file is deleted, the archival copy. Creating archival copy is a side-effect - nezashifrovannaya version of the file can exist on the disk until the appropriate disk blocks will be used NTFS file system for some other file.
In the process of encryption available file system EFS always creates an archived copy of encrypted file. When encrypting critical data using EFS system should first create a folder, subject to attribute encryption, and only after that create files in it. In this approach, the files will be encrypted from the start. EFS system will not create an archive with the encrypted text, and this is a guarantee that will not appear on the disk residual fragments of files containing the encrypted text.
Removing unencrypted data
For more information about the system NTFS, and the features of its work, please Microsoft Developer Network (MSDN)
Data Protection: some suggestions
Recommendations organizations, in which importance is the protection of data available to mobile users (with the possibility of theft or loss of equipment), are as follows:
* Priority should be given to ensure the physical protection of the computer.
* Mobile computer must always be used as part of Windows 2000 domain.
* Keep user private keys separate from the mobile computer and perform their importation, as required.
* For ordinary folders used for storage, such as My Documents ( "My Documents") and temporary folders, folder encryption should perform in such a way that all new and temporary files zashifrovyvalis when they are established.
* If this is a very important information should always be to create new files and folders to copy encrypted in such a folder with the existing files encrypted text. These measures ensure that all of the files will never be stored on a computer in the form of text, unencrypted, and temporary data files will be impossible to restore the attack with the use of sophisticated methods for the analysis of the disk.
* Encrypted folders can be created in a domain using a combination of group policies, login scripts and templates security, enabling configuration is standard folders, such as My Documents ( "My Documents"), in the form of encrypted files.
* Windows XP operating system supports data encryption in the autonomous files. Stand-alone files and folders, which runs a local caching should unencrypted using politician cache on the client side.
* On a mobile computer should be used SYSKEY at 2 or 3 mode, the system load to prevent intruder.
Identity Theft Protection
Identity theft here to stay… Stealing learn about protecting your first line of defense. This is your identity and your life to your credit card. Close your eyes and going denies that the real problem is not going to help you, either. We are living in an age of information, and your information is there just waiting to be stolen.
Identity theft has become one of the dominant white-collar crime problems in the 21 st century. Every 3 seconds a different identity stolen.
For the seventh consecutive year, the Federal Trade Commission said identity theft is a major consumer complaints, and the rapid growth of crime in America. In 2007, the FBI reported that identity theft affected 9.91 million Americans. Here is 9,991,000. There are probably many more cases that went unreported. It amounts to $ 52600000000 (billion) in losses in 2007.
Most identity theft victims will never know their identity has been stolen until they receive phone calls and letters from collection agencies or even the IRS telling them of their duty of money - usually LOT.
Establishing your identity is a nightmare. It should be as easy and simple, but it's not. The average victim spent 300-600 hours simply to prove that they were not a thief.
It is sad but true - the victims of identity theft are guilty until proven innocent.
What can you do to protect your identity?
Some quick and easy things you can do to protect identity theft are:
* Check your credit reports from all three credit bureaus
* Waive unsolicited credit card
* Put prevent fraud at the credit report
* Buy now shredder and use it
A good solution for many people is to hire professionals to protect their identities. There is a lot of identity theft protection plans to choose from. The best of them will give you a guarantee of full service help if your identity is stolen.
Whatever you decide to do, be active in the protection of personal data and personal information. Just responding to identity theft more than enough. Too many thieves have found it is safe, easy money with the aim of committing crimes. They are to you.
Do not cross your fingers and hope that this does not happen to you. Identity theft protection can keep you from becoming a victim in the first place.
How to protect against Internet fraudsters
Typically, this is done is not difficult, you need to be guided only by common sense and use some protection.
Fraud on the Internet auctions
In the past few years to use auctions have become very popular among Internet users. Many through such auctions are not just selling unnecessary things, but also provide a stable income. With Sales on Internet auctions conducted numerous cash transactions, usually between people from different countries. Many online auctions entirely built on trust, and this is their main weakness.
Tips are simple. If the deal that you offer too good - likely to deceive you. Swindlers usually do so: placed at the auction proposal for the sale of goods at a price much lower than the real, and they leave your e-mail. Anyone who communicates with them, have become a victim of fraud.
Moshenniki asked to translate them appointed by half the cost of goods and the other half are asked to send after receiving the goods. Morning - money, in the evening - chairs. It is clear that the money has already been sent back to you, no one will return.
There are slightly more complex version of the auction fraud. There are services that will act as an intermediary in transactions between the two is not trusted each other parties. Such services undertake to acknowledge receipt of money or goods from each side. If one of the parties has failed to meet its terms of the transaction, the goods and the money returned to sender.
For fraudsters is not a front to organize labor service, and to propose to conduct transactions through it.
Another famous trick used by fraudsters - cheque for a large sum than the proposed value of the goods (sometimes amount to two or three times as much value). For you, "pieces" of history that the cheque you opravit imaginary debtor fraudsters. Check will be drawn in the amount of the debt. "The extra money you will be asked to send back, for example, using Western Union.
Check with the bank, usually obnalichivayut, but after a thorough check found that he was fake. Ends that you should bank of the amount of money sent back con (if you do not spend money on the cheques issued).
Here are some tips to help avoid becoming a victim of fraud in the online-auctions:
-- do not use is not known to you mediation service;
-- not khefutso transactions with residents of countries in west Africa, Romania - they "specialize" in the auction frauds;
-- use well-known online-auction - the auction site with the power to make even the beginner fraudsters;
-- never let us on their credit card online merchants, and if you want to pay the card, you should insist on the use of the payment system like paypal.com;
-- do not accept bank cheques totalling more than you requested for the product; everyone who insists on payment via cheque, saying that the bank cheque will be checked for 6 weeks;
-- Do not leave feedback on dealers before the deal was made final, try to focus on dealers with a good reputation, although the good reviews may well be specially trained.
Fraud with banking systems
Banking systems operating through the Internet, it is very convenient. For the convenience of users pay this increased risk losing money.
Afuera called phishing - a relatively new phenomenon.
The whole scheme works like this: as a rule, by e-mail you send a letter, allegedly from the bank staff, which says that "to verify your password," you need to follow the link, a link leads to the site, which as two drops of water like a page to enter personal data on your bank.
Typed page on false data usually written to a file and sent to a hacker in the mail. This kind of scam is used not only with passwords to banking systems.
Upon receipt of your data to access the account through a bank site, hackers will begin to transfer small amounts of money from your account on its own. They know that transfers of large sums are always suspect. Hackers who earn their bread on these crafts are usually transferred money from hundreds and thousands of accounts (for which data are available) every week, usually this process automated using scripts.
Another way to get your confidential data - "Trojans" (a kind of malicious software, in this case, they are responsible for data transmission hacker) and to record key strokes on the keyboard. The only way to protect against this kind of threat - a good antivirus and firewall.
Here's how to protect themselves from hackers who want to be able to access your data in the banking system:
-- read the news regularly on the site of your bank, it reported fraud;
-- Bank will never ask for a password by e-mail;
-- keep anti-virus databases;
-- good firewall (firewall, firewall) blocks the transmission of data hacker, even if the antivirus can not find malicious software;
-- Most browsers are built into a tool to combat this type of fraud;
-- Keep an eye on small transactions from your account if you are not sure of a transaction - better communicate and deal with the bank.
Fraud with identity theft
Phishing fraud-are not only used to steal information on access to the banking system, but also for identity theft victims.
Hackers can steal personal data through a very complex programs that use the "hole" in the operating system, browser or mail client or through gross receptions.
Sample text of a letter in which the swindler quite blatantly trying to redirect the user to the front site to gather personal data is shown in the left vreze (letter gamblers, case 1). This example relates to the payment system paypal, but with the same success can be used in any other system.
In the address resource, which is a reference in the letter scam, not even the word paypal, instead, is ip address of a site unrelated to the system. Surprisingly, even at such grave placeholders many receptions.
Slightly more complex example with the same system results in vreze left - RECENT letter, sample 2. The letter used language HTML, in a previous letter was simple text. In this example, the user does not see the address of the resource, as in the previous example, instead it is a hyperlink. Where it is not clicking on it, you can see the actions it cursor or by reviewing the original text of the message (extract from it for the convenience of the results in the same vreze). In different mail clients to the other. Has a link to a site does not paypal, but on fabrication, similar to that site.
At such a letter "fall" far more users, because the majority does not have the look where the hyperlink.
To analyze the text of the letter useful knowledge of html, but without it you can find addresses, which leads to a reference in the letter: they are viewing the HTML code in the mail clients typically are displayed in different colors.
Another way to identity theft - malicious programs. Previously they were writing just for fun. Today, the authors of such programs (notably the "Troyanov) soon realized that their new creations (which are not intended for mass mailings and do not fall within the framework antivirus) will demand. Such programs often used equally for corporate espionage and theft of personal data of individual users.
One of the biggest frauds of this kind took place in Israel in June 2005.
Then the attackers used "Trojans" to get a wide range of information about several companies - their marketing plans, business plans, information on new products, and so on. Companies victims of the fraud have suffered great losses.
Malware hackers "tseplyali" to the CD-presentations, which were distributed to the offices of the victims. Anti-virus programs are not able to detect new malicious software, and network screens at this time have not helped.
Similar approaches are being used to steal users' personal data - credit card data, scanned images of passports and other important passwords. Gathering enough data on the victim, con artists can be your name to the transactions, or use the data to create false documents, and more. This is much more money than it appears at first glance.
Never store the scanned pages of passports, etc. on your hard drive or shifruyte them through special programmes (including free).
The defeat of the computer user in order to steal personal data is the usual way - with the help of exploiting vulnerabilities in programs. The most complex of "Troyanov allow fraudsters to obtain full control of the user's computer.
Protect themselves from identity theft can be so:
-- Never store personal data encrypted on the hard drive;
-- Use a reliable anti-virus program and firewall;
-- do not open the annex to the letters you unfamiliar senders and check before starting the letters attached to the files of your friends;
-- regularly install updates to the operating system, email client and the browser.
This will allow the system to protect against many malicious programs. Hackers are learning to use the new "hole" short time later, after the update, and sometimes use the vulnerability to correct that the upgrade has not yet emerged.
In Canada, the theft of personal data from computer theft equated to normal
The Canadian government plans to erect the theft of personal data via computer on the same level as ordinary theft under the Criminal Code. Thus, the Government wants to give police the opportunity to deal with the rapidly developing online fraud and theft by malicious utilities, said Minister of Justice of Canada Rob Nicholson (Rob Nicholson). Launched his amendment in the legislation affecting data on credit cards, bank information and personal data, which subsequently can be used to mislead. In Canada already operates responsibility for the theft of personal information via computer, but Nicholson is going to toughen penalties and add responsibility for the trade in stolen data. So the police would be able to prevent the sale of information.
The theme of identity theft particularly definitely this year. The trend refusal useless malicious hackers from utilities and is aimed at creating programs kraduschih data to obtain money, in particular Trojans, now occupying leading positions in the top anti-virus companies. From the creation of fake websites to obtain the required data only in the last few months suffered a series of large banks USA and the UK.
The theft of personal data - the most frequent type of fraud
With 380 thousand complaints of fraud filed in 2002, the Federal Trade Commission USA, 43% involved theft of personal data, 13% - deceptions on the Internet auctions, 6% - Internet service providers or computers. For comparison: only 4% of complaints related wagers and lotteries, 2% - of medical services. The total losses of fraud victims in 2002 amounted to 343 million U.S. In 2001, the percentage of complaints of identity theft fraud amounted to 42% share of fraud on the Internet auctions - 10%, the proportion of complaints relating to Internet services - 7%. In doing so, the total number of complaints related to the Internet in 2002 compared with 2001 - m has increased significantly; network gouging cost of 122 million victims U.S., and in 14 cases, the amount of damage amounted to 1 million U.S. or more. In 2001 the number of complaints of identity theft amounted to 86 thousand in 2002 - m - 162 thousand, the largest share - about 36% of cases - was the theft of credit cards.
