Panda Security Insight

As I have already explained on some other occasion, at Panda we are making a significant effort to ‘listen to’ the market. This means actually having a more direct contact with you, the user community. Along these lines I have created an email address for you to contact me directly and send me your feedback about Panda’s solutions. I am very interested in knowing what you like, what you don’t like and any other suggestions you might have to help us develop solutions more suited to your needs.

The email address is: feedbackCEO[at]pandasecurity.com.

This initiative doesn’t intend to replace, but rather complement other ways to contact the company. Therefore, I’d like to ask you to keep using the usual contact channels for issues regarding analysts, the media, tech support, etc.

In order to encourage you to send us your feedback on our most recent solution, Panda Cloud Antivirus, the first 25 people that contact me with their opinion or any suggestion about the product will get a free license of Panda Cloud Antivirus PRO.

Tweet This Post 

Uncategorized

Last March 3, as I have already explained on this blog, Panda Security together with Defence Intelligence, the Spanish Guardia Civil , the FBI and other international institutions collaborated to bring down the largest botnet ever reported in an operation called ‘Mariposa’. This joint effort not only resulted in the dismantling of the botnet and retrieval of a considerable amount of compromised data from private and public organizations, home users, government bodies and universities from over 190 countries, but also led to the arrest of the criminal network’s alleged administrators. So far, nothing new; but…

We knew, however, that they hadn’t developed the software that allowed them to build their network. They had purchased the original bot from a website, and had configured it to suit their own purposes without really having much computer knowledge. During the investigation, and thanks to the information collected from the botnet itself as well as the material seized from the defendants, a lot of information was obtained indicating the relationships between them and other cyber-criminals. Among them there was the author of the software that they used to create the bot, the so-called Butterfly Kit. This information has let the Slovenian authorities arrest ‘Iserdo’, the 23-year-old hacker that developed the malware creation software.

The Butterfly Kit original software is behind Mariposa and many other botnets. As far as we know –bear in mind that the investigation is still under way- the kit was sold online for between €500 and €1,000 per unit. This software was designed to make cyber-crooks’ lives a lot easier, as it was very simple to configure and manage. This is clearly shown by the fact that the three cyber-criminals arrested in Spain had limited computer skills.

We estimate that the Butterfly Kit has been used to create almost 10,000 unique pieces of malicious software and over 700 botnets. Mariposa was just one of the hundreds of botnets created with it, and just one malware strain allowed its administrators to infect almost 13 million computers all over the world. So far, we are not sure about the dimensions of the other uncovered botnets, but the total number of affected computers could be alarming.

There is no doubt that this joint effort provides a great example of how to fight cyber-crime: coordinately; bringing together synergies and the knowledge of the different security industry players and public bodies; pushing for appropriate legislation and punishment; and sharing the necessary information and training for the different working groups –like the Mariposa Working Group– to develop prevention technologies and research strategies to arrest, prosecute, and sentence criminals effectively.

In this case, after a long investigation (we have been collaborating in the botnet shutdown for almost two years now), we have been able to track down the mastermind behind the cyber-criminal group. There is no need for me to say how proud we are of having been involved in such a successful operation from the start. As Jeffrey Troy, Deputy Assistant Director for the FBI’s cyber division says, “As opposed to arresting the guy who broke into your home, we’ve arrested the guy that gave him the crowbar, the map, and the best houses in the neighborhood. And that is a huge break in the investigation of cyber crimes.”

The fight against cyber-crime is still a priority for all of us. From Panda Security we will continue participating in investigation projects, taking as an example the excellent work done by all parties involved in the Mariposa case. And we’ll do it not only privately, but also as members of various associations, working groups and organizations (like www.cnccs.es) whose common goal is to improve Internet security for everyone.

Tweet This Post 

Uncategorized

A new 0-day vulnerability has recently been discovered in Windows (even though it is not strictly speaking a vulnerability, but a feature of the operating system) which allows  unauthorized execution of files through the desktop shortcut icons. Our laboratory urges users to apply the small application released by Microsoft as a workaround until the definitive patch is developed (despite its side effects).

Besides the clear threat that this issue might represent should a cyber-crook develop specific malware to exploit this feature massively (in which case we can expect some weeks of high-activity…), it turns out that somebody had already realized this possibility of infection and had already developed and distributed a malware specimen specifically designed to affect SCADA systems.

SCADA systems –for those not familiar with the term- are normally used to control public services like electricity, water, as well as other large-scale industries and infrastructures related to the stability and functioning of countries, such as nuclear plants.

Since we started the National Cyber-Security Advisory Council (www.cnccs.es) in May 2009, one of the initiatives we have most strongly pushed for is the need to tighten up security in critical infrastructures. When we talk about this, people usually react as if these arguments actually belong to the script of the latest Hollywood summer blockbuster rather than a real danger.

We always argue that it is not that these threats are not real, but they -fortunately enough- have not yet been exploited… Even though we don’t have to go too far back in time to find news about potential cyber-attacks between countries.

Now, this malware strain is capable of silently infecting a user simply by sharing a memory device, and letting cyber-crooks, cyber-activists or even cyber-terrorists take control of any of the aforementioned infrastructures.

You must also bear in mind that these infrastructures are considered more vulnerable. Why? For a number of reasons:

- SCADA systems connect and communicate over the Internet.

- All sectors are increasingly dependent on information and communication technologies

- The “bad guys” have gradually more access to tools and networks that let them conduct this type of attack.

Add to this the existence of vulnerabilities or features that make their job easier and you will have the perfect ingredients for a devastating attack.

What is clear is that what once seemed to be a science-fiction scenario is now seen as a real threat (even though this danger existed in the past…). We hope these types of attacks take a long time to arrive… And we are truly prepared to neutralize them should they eventually occur.

Tweet This Post 

Uncategorized