Over 50% of computers in China are infected with malware, while Sweden is the country with the lowest number in computer infections.

Panda Labs, the antimalware laboratory of Panda Security, announced recently the results of their first quarterly report for 2012, which analyzes all the events in the security of information systems between January and March 2012. The first quarter of 2012 recorded a high increase in malware, with six million new malware created.

Trojans are in records high, with 80% among all the new malware, since it seems that they are the most popular category for cyber-crooks to steal information from potential victims. Note that in 2011, they accounted for 73% of all malware.

Second place in malware categories is occupied by the “Worms” with 9.3% followed by “viruses” with a 6.43%. It is interesting that these two categories of malicious software have exchanged places with their rates compared to the annual report of 2011, where viruses reached a rate of 14.25% while the worms was third with 8% of total malware.

Regarding the number of new infections caused by each category of malware, the classification coincides with that of the categories we have described above. The Trojans, worms and viruses again occupied the first three positions. Interestingly, the worms caused only 8% of all infections despite representing more than 9% of new malware. This is quite remarkable, as the worms usually cause many more infections on computers, thanks to their ability to propagate in an automated manner. In any case, the data simply confirm what is already known: Massive attacks by worms is now a thing of the past and has been replaced by a growing avalanche of “silent” Trojans.

China on top of contaminated countries
The average number of infected computers around the world amounts to 35.51%, almost three percentage points lower compared with 2011, according to figures obtained by the technology of Collective Intelligence of Panda Security. China is again leader in this ranking (54.25% of infected computers), followed by Taiwan and Turkey. The list of countries with the lowest number of malware infected computers is dominated by European countries, since nine out of ten first places are occupied by them. Japan is the only non-European country among the top ten countries with less than 30% of infected computers. The first three positions of the least infected countries are occupied by Sweden, Switzerland and Norway.

The first quarter at a glance
PandaLabs have singled out several top security incidents during the first quarter of 2012. According to their report, there was a significant increase in “ransomware” attacks in the first quarter of 2012, mainly due to the so-called “Police virus”. This virus displays messages that contain the logos of international law enforcement agencies (police, organizations, etc.) to trick users into believing that their computers have been blocked by police because of visits to inappropriate websites, or because they make illegal downloads of software . For users to unlock their computers, they must pay a fine, usually in the order of 100 dollars or pounds (depending on the target of the attack). However, these messages do not come from the police, but by the “ransomware” Trojan itself. Check this category here for more tips on removing ransomware.

The report also includes all attacks on mobile phones running Android, the spread of malware through Facebook, the Megaupload case, cyber-wars and the latest attacks by Anonymous groups and LulzSec.

According to Luis Corrons, technical director of PandaLabs, “Although still at the beginning of the year, so far what we have seen in 2012 is a continuation of past trends. The cyber-criminals are still trying to steal information and money from users in every possible way. ”

As always PandaLabs advises all users to effectively protect their computers with current updates and antivirus. For this purpose, Panda Security offers a free protection tool called Panda Cloud Antivirus.

According to the findings of a global survey from Online Security Brand Tracker, conducted on behalf of ESET (April-May 2011), nearly 50% of Internet users are using portable devices as their primary connection. The most popular devices used for Internet connectivity are notebooks (41%), followed by netbooks (3%), smartphones (2%) and tablets (1%).

When you’re in an airport, you open your laptop to read or send e-mails, looking for a free Wi-Fi hotspot. And there it is! You almost always find one and connect to send and read your e-mails etc. What you do not take into consideration is that the free Wi-Fi may have a privacy cost associated with it: the data of your connection, your personal details and other important information can be stolen when you send your message, without having any idea that such a thing could happen. Before you know it, you’re calling Lifelock for identity theft protection because your personal information has been stolen, and soon, your identity.

What should make you suspicious is when there is a Wi-Fi hotspot with a name that is not recognized or resembles an official or even a celebrity name. Also, the user must be particularly cautious in hotspots that do not need password protection for access. The ‘magic’ of the data theft happens through a proxy technology, which monitors the Wi-Fi communication and captures and stores a copy of all your data on the hacker’s laptop. This process will slow down the traffic speed of your connection but in cases of networks with many users it is difficult to say with certainty whether the slow traffic is due to the theft of your data or because there are many users connected simultaneously.

Each time the user performs a task on the internet, whether buying staff online, checking your bank account or checking of email, the computer must send the login to the network, which is a goldmine for fraudsters on the internet. Under normal conditions the connection to a secure site (such as your bank site) must start with “https” instead of “http“, which means that traffic is encrypted. Some sophisticated hackers can even steal your encrypted communication (by proxying your connections through their own computer). For this reason, extreme caution is required when giving personal information and passwords in a public WiFi hotspot.

The threats to be aware while using public Wi-Fi:

• Evil twin login interception: networks set up by hackers to resemble legitimate Wi-Fi hotspots.
• 0-day OS / app attack attempts: attacking your computer and applications in order to get access to it using unknown and unpatched vulnerabilities.
• Sniffing: software or hardware that can capture and record the traffic passing over a network.
• Data leakage (man-in-the-middle attack): Cyber-criminals who can modify network traffic, leaving the impression that the user navigates the website of a bank for instance, while, in reality, traffic is passed first through the attacker’s computer.

The latest cyber attacks have now hit Sega, another gaming company after Sony and Nintendo.

As BBC, Reuters and AFP reported, Sega announced that data for their users was compromised from their online network, Sega Pass. Confidential information such as names, birth dates, email addresses, passwords etc were stolen, while stating that the credit card numbers remained unaffected. The company admitted that data information were stolen from the database for approximately 1.3 million customers.

The Sega Pass network was shut down in order to mitigate the attack and reinforce the level of security, Sega said, and apologized to customers for the problem. Remains unknown when the network will operate again.

The violation in security was found last Thursday by the European Sega subsidiary company and was not revealed until recently. The hacker group Lulz Security, which has claimed responsibility for many of the recent major cyber-attacks, but not for the last one, voluntarily offered to help Sega to discover the culprit and punish him.

In monetary terms, the value of the data in a computer often exceeds the actual cost of the hardware and software of the machine. Therefore, encrypting the information data in our computer system is of utmost importance.

Encryption plays an important role in protecting data, not only for maintaining confidentiality of information but also to protect data from damage, destruction or alteration. An important part of the encryption process is that it allows verification of the source of information, just like an electronic signature, where the decryption key is available, while the secret encryption key guarantees the authenticity and integrity of a file.

The encryption technologies and algorithms are not limited by the properties of the storage media used. This means that data is modified to the extent that no useful information can be extracted from them, while the resources remain unaffected. It does not matter if the encryption algorithm is known to the public, because confidentiality is guaranteed by the secrecy of the unique key used for decryption.

Just because the encryption is independent of the characteristics of a storage or communication medium, it can be used for secure transfer of data through open communication channels and to protect data in portable storage devices that have been lost or the user has chosen to reject. Even if an offender has access to a file, he will not be able to decrypt the contents nor read them without the secret key.

So I decided to have a look at the latest Backtrack release (Backtrack 4 R1) which is claimed to be the best version released so far from the backtrack community. With the new Linux kernel version 2.6.34 and with significant overall improvements, this release is worth checking out. I always use the virtual machine option so that to play with it and then install the image on a hard disk by its own. Let us see below how I installed Backtrack 4 R1 on a VMWare virtual machine:

The specifications of my hardware and software are the following:

• Laptop DELL (core i3 with 4GB RAM)
• Win7 64-bit Professional
• VMWARE Workstation version 6.5.4

STEPS:

1. Download file from http://www.backtrack-linux.org/downloads/

File downloaded is bt4-r1-vm.tar.bz2 (around 2.5 GBytes)

2. Check the file with md5.exe tool to verify that MD5 is correct. This is important because such big files sometimes get corrupted when downloaded and also to verify the integrity of the file.

3. Uncompress the image with WinRAR (it took some time for winrar to open the archive – Be patient here.)

4. In VMWARE go to File>Open and select the virtual machine (BT4-R1) which you extracted above.

5. I then selected “Edit Virtual machine settings” and increased the memory from 768MB to 1024MB.

6. Then click on “Power on the virtual machine”
If you get a message that “This virtual machine may have been moved or copied” I selected “I copied it”.

7. After the Virtual machine boots up, you will get a prompt:

bt login:

Use root/toor as initial username/password

You will get the root prompt:

root@bt:~#

Now we must change the root password to something really strong.

root@bt:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

8. Now do the fix-splash as advised by the backtrack website:

root@bt:~# fix-splash

And then reboot

root@bt:~# reboot now

9. After the machine boots up, start the graphical interface:

root@bt:~# startx

DONE

Some other notes:

I like to have my virtual machine with direct access to the network interface of my host computer, so I always go to the virtual machine settings (“Edit Virtual machine settings”) and change the network adapter from “NAT” to “Bridged Mode“. With that, the LAN interface of the Backtrack in the virtual machine will have direct access to the network. If you have a DHCP server in the network, the Backtrack system will receive IP from the network, or otherwise you can configure static IP. Let’s see how to do both options below:

IP address from DHCP Server

ifconfig eth0 up
dhclient eth0

Static IP

ifconfig eth0 100.100.100.1 netmask 255.255.255.0 up
route add default gw 100.100.100.2 eth0

Also, you need to edit the /etc/resolv.conf file and change the nameserver line to add your DNS IP address.