en

‫ Panda Labs Quarterly Security Report for q3 2011

IRCRE201112084
Panda Labs has issued its quarterly report for q3 of 2011, here are the most important points of this report:
Malwares
Viruses came in second place (12.08%), followed by worms (6.26%) and adware (3.53%), a category which includes fake antivirus software and has increased significantly compared to last quarter.
In any event, these figures reflect the number and type of malware strains created, which does not always correlate directly with the number of infections, as a single malware strain can be responsible for many infections. Let’s analyze the data collected by our Collective Intelligence sensor network in order to get a clearer picture of the global malware situation.
Trojans were once again the dominant malware category during this quarter, causing 63.22% of all infections. Surprisingly, despite there have been major changes in new malware development (Trojans have surged significantly), the data collected by PandaLabs during this period shows that the distribution of malware infections by type is mostly the same as last quarter.
Countries' infection
Now we’ll take a look at the infection rankings by country according to Collective Intelligence. The graph below shows the 20 countries with the highest rates of malware infection in Q3 2011:
The average infection ratio was 37.87%, 2 percentage points lower than in Q2. China once again had the most infected PCs, with a 62.47 % corruption, followed by Taiwan (50.93 %), Turkey (46.68 %) and Russia (45.73 %).
The country with the least infections is Sweden (23.36 %), followed by the United Kingdom (26.53 %), Switzerland (26.57 %) and Germany (28.20 %). The graph below shows the countries with the lowest infection rates. It is interesting to note that all of them are European with the exception of Japan and Australia:
Social networks
The biggest news story in this area was the launch in June of Google+, as a direct competitor to Facebook. While Google+ is far simpler and less sophisticated than Facebook, it has nevertheless achieved millions of users in just three months.
Despite this, criminals have not targeted it as much as Facebook. However, right after its launch, as invitations were not open to everyone and there was huge expectation and interest in getting one, it became the subject of a scam… on Facebook. Fraudsters created a page titled “Get Google Plus Invitation FREE” where users just had to click the ‘Like’ button to get an invitation. Obviously, you also had to provide your email address to receive the invitation which, unfortunately, never came.
These scams are actually quite frequent on Facebook, cyber-crooks’ favorite platform for launching social engineering attacks by exploiting real or fake news stories.
We cannot finish this section without mentioning Twitter which, although less exploited than Facebook, is also used by criminals to send spam and malicious links. One of cyber-crooks’ favorite activities is account hacking. Fox News’s Twitter account was hacked on July 4 and posted a series of alarming tweets reporting that U.S. President Barack Obama had been assassinated. The Twitter account of PayPal UK was also hacked and used to criticize its poor security in offensive language.
However, other attacks are far more serious. A group of attackers hacked the Twitter account of a financial institution and started sending Direct Messages ((DMs) to its followers instructing them to click on a link due to a security problem in their account. This link took users to a phishing page that imitated that of the bank and requested data that could then be used by attackers to impersonate the victims and steal their money.
Macs, cell phones
As previously explained in other reports, malware is becoming a very dangerous problem for Mac computers and cell phones’ operating systems, especially Android. This quarter has been no different. We have seen a significant growth in the amount of malware for Mac computers, with increasingly sophisticated attacks that combine vulnerability exploitation and backdoor installation.
In July, Zitmo, a variant of the famed Zeus banking Trojan, hit the Android platform. If a user’s cell phone was infected with the Trojan, the cyber-criminals could gain access to the victim’s bank account and intercept the one-time transaction password sent by the bank to the user. This way, cyber-criminals could perform any kind of online transaction from the victim’s account
If this was not enough, we learned that Android has some very basic security holes, as shown by the fact that it stores the passwords for email accounts on the phone’s file system in plain text, with no encryption. This makes it an easy target for criminals, who can easily extract all passwords once they have hacked into the device.
The appearance of new Android malware is becoming increasingly frequent, and the final objective is always the same: to steal users’ data. Finally, we have seen different variants of a new family of Android malware which not only copies data from the device and sends it to cyber-crooks, but also records phone conversations.
Anonymous
The quarter started in the worst possible fashion for Anonymous as 15 alleged members of the cyber-crime organization were arrested in Italy. It is worth mentioning that all detainees ranged in ages from 15 to 28, with 8 minors. Police raided more than 30 households, seizing various materials (computers, etc.). The leader of the cell was a 26-year-old man living in Switzerland.
Soon after these arrests, we learned that Anonymous had broken into Universal Music’s servers, stealing user data. This information included user names and passwords, and therefore Universal advised all users to change their login data. Events like this once again reveal that there are companies which do not take security seriously, as making the mistake of storing users’ passwords in plain text is absolutely unforgivable. Having said this, let’s not forget that the Anonymous collective acts like a group of vandals only looking to cause havoc; and what’s worse, they usually end up damaging the very same users they claim to defend, as they post the information they steal, making it available to anybody who wants to use it for malicious purposes.

The Wall

No comments
You need to sign in to comment