Archive for the ‘malware’ Category


1. Secure your WIFI connection

secure your digital life from hackersHome users are particularly prone to leaving their routers open without passwords, in order to make sure that you’re protected check your router settings to verify whether encryption is turned on or not. leaving access unencrypted can be just a minor issue of bandwidth being stolen by unauthorized users freeloading off your connection to more serious cybercrimes like credit card fraud or hacking taking place using your internet connection, which may be traced back to you.

The majority of routers support encrypted connections, support either WEP or WPA/WPA2, always opt for WPA/WPA2 as it’s far more secure. If you have the option hide SSID broadcast, turn that on as well, it basically allows you to make your wireless router invisible to outsiders and they need to know your SSID to access the network.

2. Encrypt your hard drive

secure your digital life from hackersIt’s important to keep your data secure in case of loss of hardware or even theft. An encrypted hard drive basically prevents its contents from being access without the password. It is obviously more important to encrypt thumb drives and laptop drives. Windows 7 Ultimate and Business editions come with a built in hard drive functionality using a software called BitLocker which will encrypt your entire hard drive, but users with Home Premium or Basic users shouldn’t feel left out as there is a free way to encrypt your hard drive using trucrypt.

Mac users can use FileVault to encrypt their folders, and OSX Lion will allow you to encrypt your entire hard drive as well.You can also get hardware encryption which will use fingerprint recognition to unlock data inside the drive like the Lacie Rugged Safe.

3. Keep your software updated

secure your digital life from hackersIt’s a given that you need to keep your operating system, antivirus and web browser up to date in order to protect yourself from exploits, and if you haven’t got automatic update turned on for them, you should do it now.

However a lot of users often overlook other software such as Acrobat Reader, Flash, Java and iTunes when it comes to keeping software updated. It’s important to realize that many of these applications have direct access to the operating system, and an exploit in these applications can be used as a gateway into your system files. Flash and Acrobat are used heavily with web browsers which is the number one source of malware infections.

4. Upgrade your antivirus suite.

secure your digital life from hackersIt’s as important to keep your virus suite updated as much as it is to keep your virus definitions updated. The reason for this is because antivirus software evolve in the way they deal with malware, such as introducing heuristic technologies which identify common traits of viruses, the way they interact with the system and actively block these scripts. This is why having an outdated antivirus software, despite updated virus definitions may not provide the best possible protection. If you’re using an older version of antivirus software you may entitled to discounted upgrades to newer versions.

5. Secure your smartphones

secure your digital life from hackersMany people completely overlook this fact, but smartphones are essentially mini computers which hold swathes of personal information about you. They often hold logins to your facebook/twitter accounts which are set on auto login, online banking and other financial information as well as access to email. If someone gets hold of all these details it can cause a lot of stress and havoc to your life.

It’s vital to keep your devices with password lock activated, additionally you should take some precautionary measures in case you lose your device.

Apple has a very cool security software called Find my iPhone which is a free app by Apple, which lets you track your phone by GPS, lock and remotely delete data from it. You can even use it just to locate your iPhone if you misplace it, causing it to sound an alarm.

For Android users it’s important to stay protected, smartphones are just as vulnerable to viruses as a PC, although the android platform is more prone to them than apple due to the open platform nature of the former. Android phones require antivirus protection, all the popular desktop antivirus brands offer android support as well.

The app store is less prone to malware due to the fact that all apps are vetted by Apple before publishing, although if you’ve jail broken your iPhone, antivirus protection may be something you need to look at.

6. Vet web page links using a link checker

Cyber criminals are using sophisticated strategies to drive users onto their web pages, increasingly innocent websites are being targeted using exploits to find security holes to hack and implant code on them which can launch JavaScript applications and infect computers when users visit the infected site. Link checkers scan links on your search results and optionally other websites and indicate whether links are safe, websites are scanned by their own servers so it does not impair your computer performance. Link checkers are available with most anti malware security suites such as with AVG, McAfee and Symantec.

7. Laptop Security for mobile workers

secure your digital life from hackersLaptops thefts are common, and are easy targets due to their transportable nature. If you work away from your office it’s important to invest in a Kensington Lock. While a lock won’t prevent trained thieves armed with cable cutters, it will prevent opportunistic thieves which is the overwhelming majority of laptop thefts.

It’s also important to keep prying eyes away from your data, always password protect your login, and when leaving your laptop unattended, using the screen lock feature in Windows to prevent unauthorized users from looking at or accessing your information.

If you work with particularly sensitive data a privacy screen may provide an added level of protection, the screen is only viewable to the person sitting directly in front, so people sitting around you cannot look at your screen. Targus and 3M are well known for producing privacy screens for all manner of monitor sizes.

8. HTTPS encryption for websites

secure your digital life from hackersMost people are well informed with the necessity of using https secure connections with online shopping when entering sensitive personal information. However, it can be argued that websites like facebook, twitter, gmail and others hold equally sensitive information about you.

Did you know you can elect to use https secure connections on these websites? For case by case uses, you can insert a ‘s’ after the http on the web address, if there isn’t one already to access the site securely. However if you want to access the sites securely every time you visit, you can login select the option to always use https in the profile settings.

9. Use online backup to keep an offsite storage of your files.

secure your digital life from hackersA great way for mobile workers to keep data kept safe and secure while on the move is to use online backup, this provides great peace of mind if your computer gets lost, as it allows you to recover your files from the cloud. Online backup services like Sugar Sync also provide users with high level synchronization features which can be used as a great time management tool as well, as it keeps data across all your computers consistent and up to date. You can look up various online backup reviews here to compare their features and read up user reviews.

10. Avoid public wifi and public computers.

Using public computers can be incredibly risky as malware and key loggers can be installed to track your keystrokes and cached files in order to gain access to your private information.

secure your digital life from hackersAdditionally, public wifi connections can be risky as the servers can be breached with malware additionally phantom hotspots can be set up which appear like legitimate hotspots, but are actually other ordinary laptops which act as a middleman eavesdropping into the connection.

An example on how cached data can be hijacked to login to your web accounts can be demonstrated using FireSheep.

Thankfully mobile 3G internet connections are becoming more affordable, and are often faster than public wifi hotspots. 3G connections are far more secure, additionally you may be able to tether your Smartphone internet connection to work on your laptop. I hope this article helped you all for sure. And do follow these above 10 steps and secure your digital life from hackers.


Stats › February 2010

click map for a larger version

Published: March 1, 2010

The statistics on this page are for February 1, 2010 through February 28, 2010.

Total Submissions: 17,855

The total number of suspected phishes submitted by the PhishTank community.

Valid Phishes: 9,946

The total number of submissions verified as valid by the PhishTank community.

Invalid Phishes: 526

The total number of submissions verified as invalid by the PhishTank community.

Note: Many phishing emails were offline at the time of submission to PhishTank. Offline phishes cannot be voted on, and therefore cannot be verified.

Total Votes: 69,430

The total number of “is a phish,” “is not a phish,” and “I don’t know” votes made by the PhishTank community.

Median Time To Verify: 08 hours, 08 minutes

The median time it took the PhishTank community to verify submissions as valid or invalid.

Most Active Users

Out of the more than 20,000 members of the PhishTank community, these members were the most active in February 2010.

Note: One member account (PhishReporter) represents an organization, not an individual.

Top 10 Submitters (submissions)
1 PhishReporter (8,209)
2 cleanmx (2,403)
3 propriome (1,381)
4 balomish (721)
5 joewein (459)
6 zender (417)
7 mxlab (360)
8 buaya (217)
9 phishir (188)
10 zender2 (135)
Top 10 Verifiers (votes)
1 stuartgrant (15,029)
2 buaya (12,070)
3 NotBuyingIt (8,069)
4 marcoadfox (7,613)
5 cybercrime (5,166)
6 Aminof (4,477)
7 tetak (4,250)
8 theGeezer (3,040)
9 Jdunnivan (717)
10 mgeide (717)

Phishing URLs

In February, 475 phishes (5% of valid phishes that month) used an IP address (i.e. http://12.34.56.78) and 9,471 (or 95%) used a domain name (i.e. http://example.com).

Top 10 Domains (valid phishes)
1 t35.com (559)
2 altervista.org (522)
3 slaenmex.com (501)
4 express-order.ru (421)
5 udaswy.cz (215)
6 webhosting-solutions.co.uk (134)
7 justfree.com (114)
8 pochta.ru (73)
9 nob2o.com (67)
10 radiosportfm.tg (62)
Top 10 IPs (valid phishes)
1 201.130.79.54 (505)
2 69.10.48.106 (458)
3 66.45.237.212 (438)
4 89.111.176.21 (421)
5 194.67.36.117 (149)
6 206.251.130.233 (135)
7 77.92.91.153 (134)
8 205.134.162.147 (115)
9 67.220.228.213 (113)
10 78.129.205.116 (92)

Networks That Host Phishes

The servers hosting verified phishes are under the responsibility of these networks. PhishTank knows this because it traces phishing Web sites to an IP address. These are the organizations responsible for those IP addresses.

Top 10 Networks Valid Phishes
1 NEW JERSEY INTERNATIONAL INTERNET EXCHANGE LLC 562
2 MetroRED Telecom Services 505
3 RAPIDSWITCH-AS RapidSwitch 457
4 CENTROHOST-AS JSC Centrohost 431
5 ThePlanet.com Internet Services, Inc. 315
6 iWeb Technologies Inc. 239
7 SoftLayer Technologies Inc. 203
8 OVH OVH 198
9 Limestone Networks, Inc. 176
10 SOVAM-AS Golden Telecom, Moscow, Russia 159

Popular Targets

These are the brands that were fraudulently represented in phishing emails. Targets are identified by the submitter at the time of submission, or determined by PhishTank’s software to the best of its ability. The majority of phishes are not categorized with a target.

Top 10 Identified Targets Valid Phishes
1 PayPal 8,488
2 Internal Revenue Service 772
3 Facebook 715
4 HSBC Group 458
5 Bank of America Corporation 134
6 Tibia 130
7 eBay, Inc. 124
8 World of Warcraft 111
9 HSBC 103
10 Amazon.com 86


PandaLabs, the antimalware laboratory of Panda Security – The Cloud Security Company – has released its 2010 Annual Security Report, which details an extremely interesting year of cyber-crime, cyber-war and cyber-activism. The full report is available at: http://press.pandasecurity.com/press-room/panda-white-paper/.

In 2010, cyber-criminals created and distributed one-third of all existing viruses, creating 34 percent of all malware that has ever existed and been classified by the company. Panda Security’s proprietary Collective Intelligence system, which automatically detects, analyzes and classifies 99.4 percent of all malware received, currently stores 134 million unique files, out of which 60 million are malware (viruses, worms, Trojans and other computer threats).

Despite these dramatic numbers, the report highlights some good news. PandaLabs discovered that the speed at which the number of new threats is growing has actually decreased when compared to 2009. Every year since 2003, new threats grew by at least 100 percent every year, but in 2010, the increase was approximately 50 percent.

Banker Trojans still dominate the ranking of new malware that appeared in 2010 (56 percent of all samples), followed by viruses and worms. In addition, a fairly recent newcomer to the malware landscape, rogueware (fake antivirus software) already comprised 11.6 of all the malware gathered in the Collective Intelligence database, and has become a category, that despite appearing only four years ago, has created great havoc among users. For a visual representation of the breakdown of malware categories, please visit: http://www.flickr.com/photos/panda_security/5299741783/.

The countries leading the list of most infections are Thailand, China and Taiwan, with 60 to 70 percent of infected computers (data gathered from the free scanning tool Panda ActiveScan in 2010). To see a graph of how other countries ranked, please visit: http://www.flickr.com/photos/panda_security/5299741647/.

2010 witnessed hackers exploit social media, the positioning of fake websites (BlackHat SEO techniques) and zero-day vulnerabilities as its primary methods of infection. Spam also kept its position as one of the main threats in 2010, despite the fact that the dismantling of certain botnets (like the famous Operation Mariposa or Bredolab) prevented many computers from being used as zombies to send spam. This created a positive effect in spam traffic worldwide. Last year, approximately 95 percent of all email traffic globally was spam, but this dropped to an average of 85 percent in 2010.

2010: Cyber-crime, Cyber-war and Cyber-activism

2010 was truly the year of cyber-crime, cyber-war and cyber-activism. Although cyber-crime has existed for many years, cyber-war became a much more active and aggressive part of the malware landscape. The most notorious was Stuxnet, a new worm that targeted nuclear power plants and managed to infect the Bushehr plant, as confirmed by the Iranian authorities. Simultaneously, a new worm appeared called “Here you have,” that was created by a terrorist organization known as “Brigades of Tariq ibn Ziyad.” According to this group, their intention was to remind the United States of the 9/11 attacks and call for respect for the Islamic religion as a response to Pastor Terry Jones’ threat of burning the Quran.

And even though some aspects are still to be clarified, Operation Aurora was also in the spotlight. The attack, allegedly launched from China, targeted employees of large multinationals by installing a Trojan on their PCs that could access all their confidential information.

2010 also witnessed the emergence of new phenomenon called cyber-protests or hacktivism. This phenomenon, made famous by the Anonymous group, is not actually new, but grabbed the headlines in 2010 for the coordinated DDoS attacks launched on copyright societies and their defense of WikiLeaks’ founder Julian Assange.

Social Networks in the Spotlight

Besides offering information about the main security holes in Windows and Mac, the 2010 Annual Security Report also covers the most important security incidents affecting the most popular social networking sites. Facebook and Twitter were the most affected, but there were also attacks on other sites including LinkedIn and Fotolog. There were several techniques used for tricking users on these sites, such as hijacking Facebook’s “Like” button, stealing identities to send out messages from trusted sources, exploiting vulnerabilities in Twitter to run Javascript code and distributing fake apps that redirect users to infected sites.

The full report is available at http://press.pandasecurity.com/press-room/panda-white-paper/. Visit the PandaLabs blog for more information about these and other threats.

Source:[Panda Security]