NanoScan Blog

72% of companies and 23% of home users with an up-to-date security solution installed are infected

nanoadmin — Mon, 12 May 2008 14:55:00 GMT

A study carried out by PandaLabs of more than 1.5 million users revealed that 72% of companies with an up-to-date security solution installed had malware on their networks. In end-user environments, the study confirmed that 23% of home computers were infected. Current data indicates that the situation has not improved.

The underlying reason is that traditional security solutions are no longer enough to protect users' computers from the increasing number of malware samples that appear every day. This means that many users are infected without realizing.

In order to make people aware of this problem, Panda Security has launched the Infected or Not campaign (http://www.infectedornot.com). Through this initiative, both users and companies will have the possibility to run free security assessment on their PCs and networks, using the largest analyzed programs database in the world with more than 11 million malware samples and, as a result, improve the security of their computers. The first ten companies that demonstrate that they are not infected will win €5.000.

"Many users and IT managers believe that all security solutions are the same, and that simply having a traditional antivirus installed provides sufficient protection, yet the truth is quite different. Due to the evolution of malware, a user of a traditional antivirus solution is still significantly exposed", explains Matthieu Brignone, CMO at Panda Security. "This could result in confidential data being stolen, identity theft and ultimately, people's credit cards, bank accounts, etc. being raided."

The reason why Panda can detect malware that has evaded other solutions is "Collective Intelligence". Through the Infected or Not campaign, Panda Security aims to prove that this innovative technology is providing much better protection than the competition and that it therefore represents a significant advantage over other security solutions.

"Collective Intelligence" is an innovative security model based on the collection of information concerning malware from the Internet community and the automated processing of this data in new data centers. As the knowledge is accumulated on Panda servers and not on customers' computers, "Collective Intelligence" maximizes the detection capacity of Panda Security solutions while reducing clients' bandwidth usage and resource consumption. This not only provides far greater security but also simplifies the protection process.

Currently, Panda Security's Collective Intelligence network comprises 4 million computers. The knowledge accumulated in the system is composed of more than 11 million malware samples, and over 100 million analyzed programs. In 2007, more than 94% of all new threats that reached PandaLabs were detected through Collective Intelligence. At present, the system has a malware knowledge base of more than 100 million bytes.

"This model ensures that Panda solutions detect more than other security products, and if we fail to find a threat on a user's computer they could win an iPod Nano, or €5,000 in the case of companies" says Matthieu Brignone.

Weekly report on viruses and intruders

nanoadmin — Thu, 27 Mar 2008 11:00:00 GMT

According to data gathered at the Infected or Not website (http://www.infectedornot.com) this week, 25.41% of computers with a security solution installed were infected.

Among the thousands of malicious codes that have appeared this week, the present PandaLabs report focuses on the Bankolimb.AF Trojan and the Autorun.RS worm.

When it is run, Autorun.RS releases two files on the computer designed to steal passwords for online games. The use of worms that can steal passwords, a feature more often associated with Trojans, is a growing trend.

The reason is that worms, unlike Trojans, can spread by themselves, which represents a real advantage for cyber-crooks. Theft of passwords for online games is motivated by the potential financial returns that this can generate. In these games, there are levels and items that can only be achieved through skill and experience.

However, many users are willing to pay for them on forums, web pages, etc. Cyber-crooks readily profit from this situation. The Bankolimb.AF Trojan drops several libraries on the computer, one of which is registered as a BHO (Browser Helper Object). This allows it to monitor the Internet activity of the user, monitoring when they access online bank pages, and adding fields to forms that users see on these pages, in order to collect additional information. The Trojan captures keystrokes to steal passwords entered into these pages. It then sends the information to its creator, uploading a file with the data to a server.

Cyber-crooks develop tools to test malware before distributing it

nanoadmin — Fri, 29 Feb 2008 16:17:00 GMT

Cyber-crooks are looking for ways to test their creations before distributing them. An investigation conducted by the malware analysis and detection laboratory at Panda Security, has shown that cyber-crooks are collaborating on different forums and pages to develop test-tools that replicate the scans of some of the leading security solutions. This allows hackers to check their creations will be undetected before launching them.

These tools represent another piece of the new malware dynamic, in which cyber-crooks no longer seek to cause widespread alerts and make the headlines, but to go unnoticed. They therefore want to check their creations are undetected by companies before launching them.

But we have the solution: collective intelligence.

AV-Test.org shows the effectiveness of Panda’s proactive and anti-rootkit technologies

nanoadmin — Wed, 06 Feb 2008 17:22:00 GMT

According to the results obtained in the Q1/2008 comparison test of anti-malware solutions conducted by the prestigious organization AV-Test.org (http://www.av-test.org/), Panda Security’s proactive and anti-rootkit protection technologies are among the best in the market.

It is worth pointing out that this test has considered aspects other comparative reviews don’t look at. Firstly, it analyzed the capacity to provide proactive detection not only through heuristic scans and generic signature files, but also through behavioral analysis. This feature is especially important for detecting unknown threats and is not incorporated in all the security solutions available in the market. However, the Panda products have included it for many years as part of their TruPrevent Technologies.

Secondly, the assessment of the various solutions’ anti-rootkit capabilities did not limit to rootkit detection through signature files, but also evaluated the products’ capacity to detect and remove these dangerous threats once they are active and hidden on the system.

In both cases, the Panda Security solutions proved extremely effective, getting the maximum score when it came to detecting unknown threats and rootkits.

Dangerous love

nanoadmin — Fri, 01 Feb 2008 09:15:00 GMT

PandaLabs has detected two new worms, Nuwar.OL and Valentin.E, which use the topic of St Valentine’s Day to spread.

Nuwar.OL, reaches computers by email with subjects like “I Love You Soo Much”, “Inside My Heart” or ” You… In My Dreams”. The text of the email includes a link to a website that downloads the malicious code. The page is very simple and looks like a romantic greeting card, with a large pink heart.

Once it has infected a computer, the worm sends out a large amount of emails to the infected user’s contacts, in order to spread. This also creates a heavy load on networks and slows down the computer.

Valentin.E is very similar to this. Like the Nuwar worm, it spreads by email in messages with subjects like “Searching for true Love” or “True Love” and an attached file called “friends4u”. If the targeted user opens the file, a copy of the worm will be downloaded. The malicious code installs on the computer as a file with the .scr extension. If the user runs it, Valentin.E shows a new desktop background to trick them, while it makes several copies of itself on the computer.

Then, the worm sends out emails with copies of itself from the infected computer to spread and infect more users.

So be careful. If you think you've opened a malicious file disguised as a St. Valentin's greeting card, you should check your PC with NanoScan.

A study by AV-Test.org confirms Panda Security's proactive technologies as the most effective

nanoadmin — Tue, 15 Jan 2008 15:37:00 GMT

The anti-malware solutions from Panda Security offered the most effective proactive protection in a study carried out by the prestigious AV-Test.org (http://www.av-test.org/) organization. The study tested a number of security solutions from a range of vendors against threats from the “In-The-Wild” list, during July, August and September 2007. The detection rates were measured using the recommended settings for the e-mail and web protection of the products (as the infiltration vector for most malware is the internet).

Panda Security solutions proactively detected 91% of threats. This was way above the percentages recorded by companies such as Sophos (86%), Kaspersky (69%), Trend Micro (68%), F-Secure (67%), Symantec (66%), McAfee (55%) or Microsoft (48%).

“It is important to bear in mind that this analysis only evaluated heuristic and signature-based technologies. Panda Security products actually include additional pro-active protection layers such as HIPS and a behavioral analysis module. This further increases the protection that we offer our clients”, confirms Luis Corrons, Technical Director of PandaLabs.

Similarly, and according to the same study, PandaLabs, Panda Security’s anti-malware laboratory, is once again confirmed as one of the fastest in the industry in providing protection against new threats through virus signature files. It is able to provide updates to its clients considerably quicker than its most direct competitors.

More information about the study is available at the AV-Test.org website, at: http://www.av-test.org/

New malware detected by PandaLabs

nanoadmin — Fri, 28 Dec 2007 12:45:00 GMT

As for the new samples that appeared this week, PandaLabs report about the MsnChristmas.A worm, and the Yahmail.A and Banbra.FEM Trojans.

The MsnChristmas.A worm spreads to Messenger contacts in messages like "Christmas photo! :D", "vengo de fi este foto" or "Hey i que hace el"

which contain an infected attachment called "img2007-12.JPEG.scr". If the recipient of the message runs the file, the worm will install on the system.

Yahmail.A is a Trojan that can either be dropped on the system by other malware or sent in a spam message. This malicious code is designed to steal user names and passwords for the Yahoo! instant messaging application and send them to a certain Internet address.

Once installed on the target computer, Yahmail.A creates several copies of itself on the system and inserts a series of entries in the Windows registry. This way, it ensures it is run every time the system is started up.

Finally, Banbra.FEM is a banker Trojan, designed to steal login data for certain online banking services and Internet payment platforms.

To check if your PC is infected, you can use NanoScan.

Banker Trojans and online shopping

nanoadmin — Fri, 14 Dec 2007 13:14:00 GMT

Banker Trojans are one of the main threats online shoppers will face this Christmas. These malicious codes are designed to steal passwords for accessing online banking services, payment platforms like PayPal, etc. Banker Trojans accounted for 18.59% of malware infections in 2007 and 24.10% of the infections caused by Trojans.

This type of malware works in various ways, from capturing keystrokes to redirecting users to spoofed banking sites in order to get their money. Online shoppers must make sure their computers are free from malicious code before carrying out online transactions.

Online shoppers must be cautious as, according to estimates, the average amount of money stolen from victims through phishing and Trojans in 2006 was €6,383.

We recommend to check the PC with NanoScan before buying online to be sure that there are no Trojans in the system.

Trojans accounted for 75% of new malware in the third quarter of 2007

nanoadmin — Mon, 26 Nov 2007 16:52:00 GMT

Some 75 percent of all new malware that appeared in the third quarter of 2007 were Trojans, according to data from the PandaLabs Q3 2007 report, available at: http://pandalabs.pandasecurity.com/archive/Pandalabs-Quarterly-Report-July_2D00_September-2007.aspx

Adware (12%) and worms (11%) were the other categories of malicious code with a significant number of new strains over the last three months.

In terms of the number of infections, Trojans also headed the list. During the third quarter they accounted for 32 percent of malware detected on computers of users of the Panda ActiveScan online scanner. Adware was in second place with an infection ratio of 24 percent.

The PandaLabs report on malware activity in the third quarter of 2007 also offers a comparative review of kits for installing malware using exploits. These malicious tools allow cyber-crooks to exploit vulnerabilities on computers and servers to infect users.

The report also looks at the most serious vulnerabilities in Q3 as well as other news related to criminal activity on the Web.

14% of computers are infected by active malware

nanoadmin — Thu, 08 Nov 2007 18:26:00 GMT

Some 14% of computers scanned last week at the Infected or Not website (http://www.infectedornot.com) with the NanoScan and TotalScan online scanners were infected with active malware, that is, threats that were performing some kind of malicious action at the time of the scan.

25% of computers scanned had latent malwate, that is, malicious code installed on the system.

Of all the computers scanned, 72% had some kind of antivirus protection installed. However, this doesn’t guarantee total protection, as almost 30% of protected computers were infected by malware.

“Traditional, signature-based protection is no longer enough. It is necessary to complement it with proactive technologies that can detect threats by analyzing their behavior, and periodic audits with tools that can detect much more malware”, confirms Luis Corrons, Technical Director of PandaLabs. He adds: “NanoScan and TotalScan are examples of these tools, which work according to a collective intelligence approach. This system does not just check a single signature file, but uses an extensive knowledge base on Panda’s servers that allows these tools to detect much more malware”.

Perhaps you should check your PC with NanoScan...

Data from the Infected or Not website reveals that 30% of computers with a security solution installed are infected

nanoadmin — Fri, 02 Nov 2007 14:00:00 GMT

Some 30% of computers with a security solution installed scanned last week at the Infected or Not website (http://www.infectedornot.com) with the NanoScan and TotalScan online scanners were infected with some kind of malware. In the case of computers without any kind of protection, the figure goes up to 44%.

“Malware creators are trying to put a large number of threats in circulation and install them silently to prevent security companies from detecting them and generating the necessary vaccines”, explains Luis Corrons, Technical Director of PandaLabs, who goes on to say, “As a consequence, traditional security solutions must be complemented with other types of online solutions, like NanoScan or TotalScan, which have access to the vast knowledge-base hosted on the Panda Security servers and can detect much more malware”.

Companies are infected with malware, even though they have protection

nanoadmin — Tue, 23 Oct 2007 15:56:00 GMT

Almost 72% percent of companies with more than 100 computers have active malware on their network. This data has been collected in a study conducted in the second quarter of this year by PandaLabs, the malware analysis and detection laboratory at Panda Security.

The data was collected between May and July, 2007, and consisted of more than 1,200 firms with security solutions installed. The aim of the study was to uncover the number of ‘protected’ computers infected (home and corporate).

The study also analyzed the type of protection installed on infected computers, revealing that 4.55% of systems protected by Computer Associates were infected, while this figure was 4.3% in the case of Trend Micro, 2.8% for Symantec, 2.28% for McAfee and finally, 0.73% in the case of Panda.

According to the data collected in the study, only 37.45% of users have up-to-date anti-malware software on their computers, the rest are unprotected or have outdated security solutions.

PandaLabs’ study revealed that 22.97% of home computers with an up-to-date security solution have malware, as opposed to 33.28% of unprotected computers.

Adware is the top malware both on corporate (63.04%) and home computers (54.50%). Trojans come second, accounting for 12.57% of malicious code on corporate PCs and 15.46% on home PCs. There has also been a significant increase in banker Trojans, mostly on corporate computers.

The number of rootkits (programs used by cyber-crooks to conceal the processes of malicious code and make their detection more difficult) has increased on home and corporate computers, becoming the third most detected malware type.

Are you really protected?

nanoadmin — Thu, 11 Oct 2007 15:40:00 GMT

Almost 26 percent of computers scanned last week at the Infected or Not website (http://www.infectedornot.com) with the NanoScan and TotalScan online scanners were infected with some kind of active malware. This implies not only that the computer was infected but also that the malware was operating maliciously at the moment of the scan.

Moreover, with respect to the total number of computers scanned, over 33 percent were infected even though they had an antivirus solution installed. The figure for those systems without protection was over 43 percent.

The distinction between active and latent malware is very important. Active threats are those that are actually causing damage to the user at the moment of the scan. These could be anything, from memory-resident banker Trojans stealing confidential passwords, to bots sending spam or attacking other computers without the user realizing.

Another good reason to check the PC with NanoScan.

NanoScan now detects more than two million threats.. and counting

nanoadmin — Thu, 04 Oct 2007 08:53:00 GMT

NanoScan now detects more than 2 million malicious codes. This is the result of the collective intelligence focus on which these two solutions are based, allowing them to continuously update with thousands of new signatures every day. In addition, they have the capacity to detect unknown malware, thanks to the intelligent TruPrevent technologies.

The number of malware strains detected by these tools has increased by one million over the last three months. This highlights the current false sense of security among many users, as the number of new malicious code in circulation is greater than ever.

Perhaps you should use NanoScan to check if your PC has been infected...

Many users are infected without knowing

nanoadmin — Wed, 26 Sep 2007 14:37:00 GMT

The amount of new threats that appear every day is increasing exponentially, and the creators of malicious code are now only after our money. That’s why they are now trying to infect computers silently. Panda Security is carrying out a macro-study online at http://www.infectedornot.com to assess accurately the security status of computers. The website lets Internet users scan their systems for free with the new NanoScan and TotalScan tools.

So far, and although the study has only just begun, we have seen that between 20 to 25 percent of computers have some kind of malicious code, even though most have a security solution installed. This means that many users are infected without knowing.