March 26, 2008
Recently Panda Security was notified regarding an on-line scam currently in production claiming to offer Panda Security, McAfee, Symantec and Adobe products in addition to a product known as error mechanic.
The site www.pandasecuritysoftware.com and the following associated domains are part of this scam:
Some words of caution: This site and the domains are not supported or in anyways affiliated with Panda Security and may contain hidden infections, therefore; we strongly advise to refrain from visiting any of these domains.
Fortunely our testing indicates that the potential malware reported to reside on these pages has been removed, thus, it is still recommended to perform a scan at www.nanoscan.com to be 100% you are not infected.
Furthermore; when making software purchases it is advisable to purchase from the recognized vendor’s web-site or from an authorized partner. Otherewise you may become a victim of ID Theft.
March 25, 2008
Behavioral blocking (a.k.a kernel rules / system rules) can provide the first layer of defense against emerging threats exploiting 0-day vulnerabilities. Exploits commonly take advantage of mistakes made by programmers and thus good applications can turn bad in an instant.
Malformed documents have accounted for a good number of these attacks (PDF, MDB, DOC, etc) recently. Take for example the new vulnerability discovered in Microsoft Access reported by Ismael Briones from PandaLabs (http://pandalabs.pandasecurity.com/archive/New-MS-Access-exploit.aspx).
All in all a bit of clever social engineering can result in successful exploitation, thus, resulting in confidential information being stolen from a user’s system.
An effective use of behavioral blocking can mitigate the risks of a 0-day threat. This works by monitoring the behavior of applications and applying such rules as: “Adobe Acrobat shouldn’t spawn a command shell“, or “Internet Explorer should not inject threads into other processes.”
This way one can proactively block new exploits (including the one for MS Access) without the actual need to analyze the threat and produce detection for it. However; it is still crucial that other protection layers exist (behavioral analysis, system hardening, IPS firewall, etc) as behavioral blocking alone is not 100%.
October 29, 2007
Our education session at Interop 2007 was a huge success in raising awareness regarding the real malware situation. We educated many IT professionals on the real situation behind today’s protection models employed by thousands of companies.
Companies simply are not feeling as secure as they should be with the current protection model they are using. In fact our research says that networks with over 100 PCs tend to be more infected then others. Furthermore; the conclusion of our corporate study indicates that 72% of networks are infected out of a sample population of 2000+ tested.
All of these companies tested had up-to-date protection in place. Therefore; we encourage IT professionals from around the country to contact me for a free risk assessment.
October 22, 2007
During the last part of this year I will be giving briefings to IT security professionals across the country regarding an antonishing new study conducted by PandaLabs. This study focuses on the level of infections in protected machines even despite having up-to-date anti-malware protection.
We will be present at the following locations:
Atlanta, Ga (ISACA) – Nov 15th
Seattle, Wa (ISACA) – Nov 20th
Ontario, Ca (ISSA) – Nov 27th
October 16, 2007
Our presentation to the Rochester Security Summit was a very interesting one indeed. As we speculated IT Security professionals from major corporations were not aware of the level of infections on protected machines. Our audience found the subject of hidden infections and insidous banking Trojans to be really interesting.
During the course of my presentation I recieved several questions on solutions and techniques to mitigate such risks as banking Trojans, targeted attacks, etc. Some attendees proposed several ideas for resolving these issues such as: white-listing, sand-boxing, multi-factor authentication and technologies for detecting change on a user’s system.
These technologies are all well and good, but it boils down to the effectiveness of anti-malware and security solutions in terms of keeping up with the large volume of new malware released on a daily basis (over 3000).
Generally speaking, the traditional security model used to provide protection to customers has it’s issues mainly along the lines of manually processing new malware (this gets very time consuming when dealing with large numbers). Therefore; signature files normal represent a small fraction of what is affecting users in the wild.
This results in many users becoming infected even with up-to-date anti-malware products.
Panda Security for instance has developed an innovative approach to dealing with new and sophisticated malware (including the large volume of malware we see daily) such as targeted attacks through a system called Collective Intelligence.
This system automates the processing of malware giving us the ability to detect 10x more then we currently do with 10x less effort.
October 14, 2007
Panda Security US will be at Interop 2007 this year. I will be giving a presentation on a recent study we completed within PandaLabs that indicates a significant population of PCs, more then 20% were infected with active running malcious code while having up-to-date security solutions.
My session will be at 11:45 – 12:30PM Thursday October 25th.
This leaves the industry with one big question: Are you sure your not infected? Find out at this presentation.
September 27, 2007
Panda Security will be presenting at the ISACA Geek-Week conference in Atlanta, GA in November. The conference will include a number of interesting presentations on IT audit and security.
I will be speaking about a global research study we have recently concluded that indicates users are more infected then ever with hidden malware.
So if you live in the Atlanta area be sure to check out our presentation on the 15th.