Owner: Panda Security USA Technology Blog URL:http://pandasecurityus.wordpress.com Join Date: Fri, 31 Aug 2007 23:49:45 -0500 Rating:0 Site Description: Panda Security USA Technology Blog. Site statistics:Click here
Uncloaking Malware 2007-08-27 01:20:46
I was talking to a risk analyst at a large health insurance company about what she did not want in security solutions.
She didn’t want just another signature file based solution.
She didn’t want another traditional anti-virus solution.
She didn’t want to just give a vaccine to a corpse one more time.
She was concerned that there are attacks that use cloaking techniques that hide the presence of malware so that they can slip by her existing defenses. She was more concerned about what she doesn’t know about than what she does know about.
Panda tackles this problem by utilizing uncloaking technologies such as deep code inspection, rootkit heuristics and generic unpacking routines. The purpose of these technologies is to remove the cloaking that is hiding malicious code from the signature based detection or engineers that would normally identify it. The end goal is to reveal the presence of malicious code to detection technology.
In deep code inspection, the engine Read more:Malware
Hype or The Matrix Reloaded: Perception VS Reality 2007-08-26 20:06:48
I was at a government agency recently doing an on-line audit of a portion of their network – almost 655 pcs. They had quite a bit of security measures in place including updated resident software, multiple firewalls, limited user privileges and did regular anti-spyware scans with a program that was specialized for this.
Needless to say, they were pretty shocked when I found keyloggers, screenloggers, a rootkit and downloader Trojans. They were also saturated with high danger level adware that made their network vulnerable to additional malware downloads. Almost 100 workstations out of the 655 scanned were infected.
While I was there doing the malware audit, they were hit by a massive spam attack. The email offered a free Microsoft product download. About a quarter of their 6000 pcs received the spam. Some of the users on the network were savvy enough to think “maybe this is suspicious” and reported it to their help desk but, unfortunately, over a dozen Read more:Matrix
, Reloaded
, Perception
Hype or the Matrix Reloaded Part II: The Government Hacked! 2007-09-10 15:50:45 Recently there has been a lot of buzz concerning the latest reports on Government
entities being hacked and in some cases their web sites are being defaced. With the increase in sophistication and change in motivation I would not be surprised if some of these attacks were successful.
Web mafias and other foreign organized crime syndicates are of prime concern for businesses alike. With the advancement in malicious code and the increase in vulnerabilities discovered, targeted Trojans are being designed to penetrate defenses.
In fact there is such a high volume of new and unique malware released on a daily basis that it creates a sustained denial of service.
The result is more and more attacks that go unnoticed by the authorities until its too late and confidential information of our nation’s secrets have been stolen.
At Panda Security we call this the Silent Epidemic (which is referring to hidden attacks).
So how do we solve this problem? Partly by changing how security solutio Read more:Matrix
, Reloaded
, Hacked
Distribution of new threats 2007-09-02 00:09:14 Have you ever wondered what type of malware is more predominant in the wild then others and which ones are going extinct?
I thought I would shed some light on this subject since I have been getting quite a few questions lately.
It seems in the last year that several categories of malware seem to be on the verge of extinction, while others are on the rise.
Trojans make up for more then 80% of what PandaLabs detected this quarter. Mainly due to the change in behavior oriented towards carrying out ’silent’ attacks to gain profit.
Another interesting point is the commercialization of Malware to be sold through the Internet and to other hackers. Today one can rent DDoS services at a price of $10 - $20 per hour.
Pretty astonishing isn’t it? This makes it easy for anyone to commit financial fraud on the basis of malware for sale.
With all of this taken into consideration and seen with the company mentioned in the post - “Hype or the Matrix Reloaded: Perception vs Read more:threats
Panda Security USA on the road 2007-09-01 23:29:42 For those who are interested in further information concerning what I talked about in the post - ”Hype or the Matrix Reloaded: Perception vs. Reality”; Panda
Security will be giving a presentation at the Rochester Security Summit (www.rochestersecurity.org) in Rochester, NY on Oct 3rd from 10:30am to 11:30am.
The slides from this presentation should be made available on-line shortly after.
Furthermore; we are considering the idea of a breakout session by special invitation only at Interop NYC this year concerning “Cloud” based anti-malware technologies for the financial sector (send me an email if you are attending Interop and would be interested in this special one-time only presentation).
Presentation at ISACA Geek-Week 2007-09-26 23:58:39 Panda Security will be presenting at the ISACA Geek
-Week conference in Atlanta, GA in November. The conference will include a number of interesting presentations on IT audit and security.
http://www.isaca-atlanta.org/geekweek.htm
I will be speaking about a global research study we have recently concluded that indicates users are more infected then ever with hidden malware.
So if you live in the Atlanta area be sure to check out our presentation on the 15th.
Rochester Security Summit Conclusions 2007-10-15 19:21:43 Our presentation to the Rochester
Security Summit
was a very interesting one indeed. As we speculated IT Security professionals from major corporations were not aware of the level of infections on protected machines. Our audience found the subject of hidden infections and insidous banking Trojans to be really interesting.
During the course of my presentation I recieved several questions on solutions and techniques to mitigate such risks as banking Trojans, targeted attacks, etc. Some attendees proposed several ideas for resolving these issues such as: white-listing, sand-boxing, multi-factor authentication and technologies for detecting change on a user’s system.
These technologies are all well and good, but it boils down to the effectiveness of anti-malware and security solutions in terms of keeping up with the large volume of new malware released on a daily basis (over 3000).
Generally speaking, the traditional security model used to provide protection to customers ha
Panda Security at Interop 2007 2007-10-14 16:01:38 Panda Security US will be at Interop 2007 this year. I will be giving a presentation on a recent study we completed within PandaLabs that indicates a significant population of PCs, more then 20% were infected with active running malcious code while having up-to-date security solutions.
http://www.interop.com/newyork/education/security.php
My session will be at 11:45 - 12:30PM Thursday October 25th.
This leaves the industry with one big question: Are you sure your not infected? Find out at this presentation.
Read more:Panda
Think You are Protected? Think again. Briefings across the USA 2007-10-22 07:47:18 During the last part of this year I will be giving briefings to IT security professionals across the country regarding an antonishing new study conducted by PandaLabs. This study focuses on the level of infections in protected machines even despite having up-to-date anti-malware protection.
We will be present at the following locations:
Atlanta, Ga (ISACA) - Nov 15th
Seattle, Wa (ISACA) - Nov 20th
Ontario, Ca (ISSA) - Nov 27th
Get your free risk assessments! 2007-10-28 20:13:38 Our education session at Interop 2007 was a huge success in raising awareness regarding the real malware situation. We educated many IT professionals on the real situation behind today’s protection models employed by thousands of companies.
Companies simply are not feeling as secure as they should be with the current protection model they are using. In fact our research says that networks with over 100 PCs tend to be more infected then others. Furthermore; the conclusion of our corporate study indicates that 72% of networks are infected out of a sample population of 2000+ tested.
All of these companies tested had up-to-date protection in place. Therefore; we encourage IT professionals from around the country to contact me for a free risk assessment.
Unintentional Betrayal of CIOs 2008-03-13 16:21:26 Currently, buying decisions for security solutions are heavily influenced by the reviews and certifications they receive that measure product quality and effectiveness. These ratings, published by independent third parties, are oftentimes used as a barometer for how CIOs make buying decisions and whether they decide to go with one product over another.
What CIOs don’t realize [...] Read more:Betrayal
10,000 Web-Sites Hacked, Who’s Next? 2008-03-14 14:32:13 In the last few hours we have observed a high-profile hack in progress, which supposedly infected 10,000 web-sites with a script-based attack used to launch and execute malicious code. According to reports from several leading security firms the hack was orchestrated in a similar fashion to how the Miami Dolphins site was used to serve [...] Read more:Sites
, Hacked
Regulatory Compliance & the Real Risk of Undetected Malware 2008-03-19 21:41:17 With the emergence of regulatory laws borne out of experience from a variety of embarrassing security breaches, today’s corporate leaders face a myriad of repercussions. These range from serious fines to jail time when found not in compliance with regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley (GLB), and Payment [...] Read more:Malware
, Regulatory
Click-Fraud: The lesser known evil 2008-03-25 00:48:31 I came across this interesting article that talks about a Trojan; not any Trojan but a Trojan that automates PPC click-fraud that is currently targeting Google and Yahoo (-45-20080312Click
FraudTrojanTargetsGoogleYahoo.html).
What’s interesting about click-fraud is the little amount of attention that it receives in the media in comparison to Identity Theft and the other horrors of the Internet. [...]
Behavioral Blocking: An effective means of stopping 0-day 2008-03-24 19:26:11 Behavioral blocking (a.k.a kernel rules / system rules) can provide the first layer of defense against emerging threats exploiting 0-day vulnerabilities. Exploits commonly take advantage of mistakes made by programmers and thus good applications can turn bad in an instant.
Malformed documents have accounted for a good number of these attacks (PDF, MDB, DOC, etc) recently. Take for example the new [...] Read more:Blocking
, effective
Application Scam Sites 2008-03-26 16:33:24 Recently Panda Security was notified regarding an on-line scam currently in production claiming to offer Panda Security, McAfee, Symantec and Adobe products in addition to a product known as error mechanic.
The site www.pandasecuritysoftware.com and the following associated domains are part of this scam:
pandaantivirus2008.com
panda-antivirus-2008.com
pandasecurity2008.com
pandaantivirus-2008.com
panda-anti-virus.com
panda-2008.com
antivirus-panda-suite.com
panda-ib.com
panda-2008.com
panda-anti-virus.com
panda-antivirus-2007.com
panda-antivirus-2008.net
panda-bdl.com
panda-ib.com
panda-suite.com
pandaantivirus-2007.com
pandaantivirus-2008.com
pandaantivirus-ib.com
pandaantivirus2008.com
pandasecurity2008.com
pandashield.com
pandasuite2007.com
panda-bundle.com
pandabundle.com
pand Read more:Application
, Sites
Click-Fraud: The lesser known evil 2008-03-25 11:10:58 I came across this interesting article that talks about a Trojan; not any Trojan but a Trojan that automates PPC click-fraud that is currently targeting Google and Yahoo (-45-20080312Click
FraudTrojanTargetsGoogleYahoo.html).
What’s interesting about click-fraud is the little amount of attention that it receives in the media in comparison to Identity Theft and the other horrors of the Internet. [...]
Think Your Protected? Think Again. Study Reveals Hidden Cyber-Crime Breaches 2008-03-28 15:15:54 Over a five month period, Panda Security conducted several audits with a large state agency in the United States to assess the level of risk pertaining to hidden and undetected infection points. Due to the confidential nature of this customer, we cannot disclose the agency name. The information learned from this case is a great demonstration of [...] Read more:Again
, Study
, Hidden
, Cyber
, Think Again
Web-Site Defacements 2008-03-28 13:59:36 Recently I came across an interesting site (www.zoneh.com) that displays statistical information on web page defacement. It also shows information on the sites that were hacked and provides a mirror to them.
However; some of these “defacement” sites are questionable and some contain “iframe” exploits; in our case a malicious packer was included in one of the mirrored sites hacked. This [...]
Security Shouldn’t take a Backseat to Virtualization 2008-03-31 16:33:31 I will be presenting on the subject of why security shouldn’t take a back seat to virtualization on April 30th at the Wall Street Technology Association. This event is located at the Raddision Martinique in New York City.
Security Shouldn’t Take a Backseat to Virtualization
Ryan Sherstobitoff, Chief Corporate Evangelist
Companies are widely adopting server virtualization in an effort to improve operational [...]
The Hannaford hack: what we can learn from it 2008-04-04 19:05:44 Most people have heard of by now the recent high-profile data security breach with retail chain Hannaford Bros. According to an article published by SC Magazine (-tells-regulators-how-breach-happened/article/108569/) hackers placed hidden malware on nearly 300 servers to intercept transactions.
This malware was designed to locate and discover credit card information from consumers who interacted with the stores, thus, these hackers untimely harvested [...] Read more:learn
Server Side Polymorphism & Crime-Ware as a Service Model (CaaS) 2008-04-15 23:05:10 As the threat-landscape is evolving hackers are constantly changing technique in order to counter-act detection technologies that vendors develop. I remember a few years ago when polymorphism and metamorphism were used as a way to constantly generate new variants of worms.
Essentially the virus morphed itself into different variations and successfully evaded signature based technologies. Eventually [...] Read more:Service
Sever-Side Polymorphism or Crime-ware as a Service (CaaS) 2008-04-16 15:40:57 As the threat-landscape is evolving hackers are constantly changing technique in order to counter-act detection technologies that vendors develop. I remember a few years ago when polymorphism and metamorphism were used as a way to constantly generate new variants of worms.
Essentially the virus morphed itself into different variations and successfully evaded signature based technologies. Eventually [...] Read more:Sever
, Service
Regulatory Compliance & The Real Risk of Undetected Malware: Part 2 2008-04-18 12:33:51 I am working on a white-paper that covers the disconnect between formal audit process and the technical safeguards implemented to ensure internal controls are adequate. As you may have read part 1 of this article series and how I talked about the missing element, this is a continuation delving deeper into the problem. Thoughts? Comments?
“In the wake [...] Read more:Regulatory
, Malware
Massive iframe hack: The conclusions 2008-04-28 18:22:11 Perception vs. Reality
It may seem that things are getting better and cyber-crime may be diminishing, but the evolution of hacking for profit will remain constant through the remainder of this year.
Data breaches are becoming a commonplace and corporate CIOs are focusing their attention towards protection of critical assets, especially external facing applications that are [...]
Crimeware as a Service (CaaS) Updated 2008-04-28 11:00:46 As the malware threat landscape continues to evolve, hackers are constantly changing techniques to counteract detection technologies that vendors are developing. By using sophisticated methods to evade current antivirus technologies, hackers are relentless in their pursuit of damaging IT systems and oftentimes gaining access to personal information.
Several years ago, hackers used polymorphism and metamorphism [...] Read more:Service
Security Shouldn’t Take a Backseat to Virtualization 2008-04-28 10:57:09 There’s no question that advances in server virtualization technology are becoming popular among corporations that want to save money by consolidating resources and improving operational efficiency. Virtualization enables a dramatic increase in cost savings in ongoing maintenance and the cost required to keep physical assets afloat.
These benefits are often seen by CIOs and other information [...]
Virtualization: An emerging trend in the financial markets 2008-05-01 11:18:09 Yesterday we gave a presentation on virtualization at the Wall Street Technology Association (WSTA). Several major banks from the New York area were present at this forum (Bank of New York Mellon, CitiGroup, Merril Lynch, Morgan Stanley, Depository Trust and many more).
The forum really addressed the emergence of virtualization within the financial community and how security is much [...]
SC Magazine Pod-Cast on Massive SQL Injection Attack 2008-04-30 15:50:40 Yesterday Chuck Miller from SC Magazine
published a podcast in which I spoke about the details of the latest mass web hack covered earlier. PandaLabs had confirmed that there was no IIS vulnerability involved in this latest round of attacks, rather poorly written .ASP code was the culprit.
However; it’s extreamly important to understand that we are talking [...] Read more:SQL
, Injection
Anatomy of a data breach 2008-05-04 13:08:44 In 2007 and 2008 the industry has seen an upsurge in data breaches affecting millions of consumers and causing corporations to pay heavily in fines.
Data breaches can lead to exposure of consumer information through a number of different ways that vary in complexity. The common perception associated with a data breach is the difference between data being extracted from physical [...]
Recommend Site To A Friend
