Over 50% of computers in China are infected with malware, while Sweden is the country with the lowest number in computer infections.

Panda Labs, the antimalware laboratory of Panda Security, announced recently the results of their first quarterly report for 2012, which analyzes all the events in the security of information systems between January and March 2012. The first quarter of 2012 recorded a high increase in malware, with six million new malware created.

Trojans are in records high, with 80% among all the new malware, since it seems that they are the most popular category for cyber-crooks to steal information from potential victims. Note that in 2011, they accounted for 73% of all malware.

Second place in malware categories is occupied by the “Worms” with 9.3% followed by “viruses” with a 6.43%. It is interesting that these two categories of malicious software have exchanged places with their rates compared to the annual report of 2011, where viruses reached a rate of 14.25% while the worms was third with 8% of total malware.

Regarding the number of new infections caused by each category of malware, the classification coincides with that of the categories we have described above. The Trojans, worms and viruses again occupied the first three positions. Interestingly, the worms caused only 8% of all infections despite representing more than 9% of new malware. This is quite remarkable, as the worms usually cause many more infections on computers, thanks to their ability to propagate in an automated manner. In any case, the data simply confirm what is already known: Massive attacks by worms is now a thing of the past and has been replaced by a growing avalanche of “silent” Trojans.

China on top of contaminated countries
The average number of infected computers around the world amounts to 35.51%, almost three percentage points lower compared with 2011, according to figures obtained by the technology of Collective Intelligence of Panda Security. China is again leader in this ranking (54.25% of infected computers), followed by Taiwan and Turkey. The list of countries with the lowest number of malware infected computers is dominated by European countries, since nine out of ten first places are occupied by them. Japan is the only non-European country among the top ten countries with less than 30% of infected computers. The first three positions of the least infected countries are occupied by Sweden, Switzerland and Norway.

The first quarter at a glance
PandaLabs have singled out several top security incidents during the first quarter of 2012. According to their report, there was a significant increase in “ransomware” attacks in the first quarter of 2012, mainly due to the so-called “Police virus”. This virus displays messages that contain the logos of international law enforcement agencies (police, organizations, etc.) to trick users into believing that their computers have been blocked by police because of visits to inappropriate websites, or because they make illegal downloads of software . For users to unlock their computers, they must pay a fine, usually in the order of 100 dollars or pounds (depending on the target of the attack). However, these messages do not come from the police, but by the “ransomware” Trojan itself. Check this category here for more tips on removing ransomware.

The report also includes all attacks on mobile phones running Android, the spread of malware through Facebook, the Megaupload case, cyber-wars and the latest attacks by Anonymous groups and LulzSec.

According to Luis Corrons, technical director of PandaLabs, “Although still at the beginning of the year, so far what we have seen in 2012 is a continuation of past trends. The cyber-criminals are still trying to steal information and money from users in every possible way. ”

As always PandaLabs advises all users to effectively protect their computers with current updates and antivirus. For this purpose, Panda Security offers a free protection tool called Panda Cloud Antivirus.

According to the findings of a global survey from Online Security Brand Tracker, conducted on behalf of ESET (April-May 2011), nearly 50% of Internet users are using portable devices as their primary connection. The most popular devices used for Internet connectivity are notebooks (41%), followed by netbooks (3%), smartphones (2%) and tablets (1%).

When you’re in an airport, you open your laptop to read or send e-mails, looking for a free Wi-Fi hotspot. And there it is! You almost always find one and connect to send and read your e-mails etc. What you do not take into consideration is that the free Wi-Fi may have a privacy cost associated with it: the data of your connection, your personal details and other important information can be stolen when you send your message, without having any idea that such a thing could happen. Before you know it, you’re calling Lifelock for identity theft protection because your personal information has been stolen, and soon, your identity.

What should make you suspicious is when there is a Wi-Fi hotspot with a name that is not recognized or resembles an official or even a celebrity name. Also, the user must be particularly cautious in hotspots that do not need password protection for access. The ‘magic’ of the data theft happens through a proxy technology, which monitors the Wi-Fi communication and captures and stores a copy of all your data on the hacker’s laptop. This process will slow down the traffic speed of your connection but in cases of networks with many users it is difficult to say with certainty whether the slow traffic is due to the theft of your data or because there are many users connected simultaneously.

Each time the user performs a task on the internet, whether buying staff online, checking your bank account or checking of email, the computer must send the login to the network, which is a goldmine for fraudsters on the internet. Under normal conditions the connection to a secure site (such as your bank site) must start with “https” instead of “http“, which means that traffic is encrypted. Some sophisticated hackers can even steal your encrypted communication (by proxying your connections through their own computer). For this reason, extreme caution is required when giving personal information and passwords in a public WiFi hotspot.

The threats to be aware while using public Wi-Fi:

• Evil twin login interception: networks set up by hackers to resemble legitimate Wi-Fi hotspots.
• 0-day OS / app attack attempts: attacking your computer and applications in order to get access to it using unknown and unpatched vulnerabilities.
• Sniffing: software or hardware that can capture and record the traffic passing over a network.
• Data leakage (man-in-the-middle attack): Cyber-criminals who can modify network traffic, leaving the impression that the user navigates the website of a bank for instance, while, in reality, traffic is passed first through the attacker’s computer.

There is a recent vulnerability affecting Microsoft Windows (XP, Server 2003, Vista, Server 2008 and Windows 7) and there is no patch available from Microsoft yet. See description of the vulnerability below. The famous Duqu worm has been silently exploiting this vulnerability in the wild. The Duqu Virus has been also named as “Son of Stuxnet”. As you might recall, Stuxnet virus was targeting Siemens industrial control systems (SCADA) last year (June 2010) and has created havoc in many systems.

The Duqu Virus is a clone of Stuxnet and attacks victims usually through a Microsoft Word attachment in emails. If the victim opens the Word Document, the PC is infected and the attacker can even take control of the computer.

Microsoft has been working to find a permanent patch for this vulnerability. Until then, they released a temporary fix here.

Description:

The Microsoft Windows Kernel is susceptible to a vulnerability due to improper handling of TrueType fonts. This vulnerability is being actively exploited in the wild by the Duqu worm.By enticing the target to view a document with a malicious font, the attacker can exploit this vulnerability in order to execute arbitrary code on the target machine with SYSTEM-level permissions.

Status:

vendor confirmed, updates not available

References:

Microsoft Security Advisory

http://technet.microsoft.com/en-us/security/advisory/2639658

Common Vulnerabilities and Exposures

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3402

The latest cyber attacks have now hit Sega, another gaming company after Sony and Nintendo.

As BBC, Reuters and AFP reported, Sega announced that data for their users was compromised from their online network, Sega Pass. Confidential information such as names, birth dates, email addresses, passwords etc were stolen, while stating that the credit card numbers remained unaffected. The company admitted that data information were stolen from the database for approximately 1.3 million customers.

The Sega Pass network was shut down in order to mitigate the attack and reinforce the level of security, Sega said, and apologized to customers for the problem. Remains unknown when the network will operate again.

The violation in security was found last Thursday by the European Sega subsidiary company and was not revealed until recently. The hacker group Lulz Security, which has claimed responsibility for many of the recent major cyber-attacks, but not for the last one, voluntarily offered to help Sega to discover the culprit and punish him.

Recently, many worms have threatened users of Facebook, including Win32/Yimfoca.AA and Win32/Fbphotofake, which followed the older virus (which is still active in Facebook) called Koobface.

Specifically, Win32/Yimfoca.AA is located in the top ten list of ThreatSense.Net in many European countries such as Austria, Italy, the Czech Republic and Slovakia in recent weeks.

According to Marek Polesensky, Malware Researcher of ESET, the Yimfoca worm uses Facebook chat to attack users, while Fbphotofake is a social engineering worm, which attacks victims by itself but also in combination with other malicious software through spam messages on Facebook. “The Yimfoca worm acts as a backdoor and can be controlled remotely, transmitting the virus through IM software such as Skype, MSN or Yahoo Messenger».

Moreover, Yimfoca can download and put into operation other malware programs circulating on the Internet – including rogue anti-virus software, by changing security settings or turning off the firewall in Windows. The Fbphotofake worm appears mainly as spam on Facebook. Users are advised to be careful not to open suspicious and unknown attachments or click on dubious links.

About the recent malware attacks, David Harley, Senior Research Fellow of ESET, noted the spread of the Nigerian letter scam on Facebook. “It is a typical case of Advance Fee Fraud (AFF), with an extra emotional blackmail,” says Harley. Moreover, he advises users to “Be always sure of the identity of the sender of instant messages or the content of messages on Facebook”. Also, Randy Abrams, Director of Technical Education of ESET North America, notes that “Part of the problem is that the philosophy of Facebook does not include security and this is a very difficult hurdle for specialists in the field of antivirus and security”.

Recent threats on Facebook include the following:

• The Win32/Yimfoca.AA worm has reached the Top Ten list of ThreatSense.Net in several European countries in recent months.
• Fbphotofake spreads spam on Facebook. For the case of the two worms mentioned above, users must be careful not to open suspicious and unknown attachments or click on dubious links.
• The Nigerian letter scam is spreading through the messages in Facebook, too.
• Koobface worm which is one year old but can be found sometimes nowadays as well.

Information about safety in Facebook can be found here: http://www.facebook.com/security.

If you are infected from any of the above viruses (especially Koobface), download Spyware Doctor 2011 below to clean up your computer. I suggest you to Download the trial version of the software and run it on your PC. If the tool finds any of the Facebook viruses, you can purchase the full version to clean up the infection.