A new wave of extortion viruses in the most popular social network in Russia, VKontakte, uses browser vulnerabilities as well as typical social engineering methods to distribute itself.

As “bait” the user is promised higher ratings in the social network or a certain amount of money in the network’s internal currency.

The user is directed to a phishing website which imitates the social network’s interface and asked to enter their password. The password is then stolen and used to send this offer to the user’s friends, while the user will receive an executable file which copies the contents of the operating system host file.

Then, when the user tries to enter almost any popular russian social network (Vkontakte, Odnoklassniki, Mail.ru), they land on the fraudster’s website, which asks them to send a paid SMS message.

The easiest way to remove such an infection is to manually clean the contents of the file “C:\WINDOWS\system32\drivers\etc\hosts” and check the computer drives with a good quality antivirus program.

Antivirus companies have recently discovered a virus aimed at infecting QIWI payment system terminals. Analysis of the virus’s code showed that it was intended to penetrate the terminal’s operating system (Windows) and change the account number to where money is being transferred.

The virus has been given the name Trojan.PWS.OSMP.

It was not discovered in the terminals themselves but openly on the internet (only their owners have access to the terminals), so it is impossible to describe the level of danger posed. All that can be confirmed is that the virus exists and it can only infect terminals manually, through physical access to the device.

Shortly afterwards a modification to the virus was discovered, also aimed at payment terminals. However, it works differently. It tries to steal the terminal’s configuration files, which would theoretically give criminals the possibility to take money by imitating the terminal on their own computer.

The company that runs QIWI announced that this is already the 20th version of this virus and nothing particularly new. It was discovered and neutralised by the terminals internal antivirus system on 20 February and does not pose any danger at all.

Payment system representatives explained that their terminals use an effective multilevel defence system, which stops viruses from causing serious damage. Any account which receives a large number of transfers from different sources is checked by specialists and can be blocked. In addition, the terminals defence system would not allow anyone to imitate their signal, even if configuration files and encryption keys were obtained.

According to Germany’s Interior Minister Thomas de Maiziere, in the first half of this year a new department for protecting internet resources, The National Cyber Defence Centre will be created.

This centre will be run by the Department for IT Security (BSI), which already carries out similar functions.

This project was first discussed in the summer of 2010, when the Stuxnet virus was discovered. The virus’s attack on Iran did not affect Germany, but this was enough for the authorities to realise that the country’s infrastructure was not prepared for such a threat.

It is proposed that the National Cyber Defence Centre will be invested with authority by the intelligence agencies and the police, which will give it the greatest ability to combat hacker attacks. By the way, such power has already caused a large number of political arguments. For example, the Free Democratic Party of Germany argues that the creation of a body with such a range of powers is contrary to the law.

January is the time to look back at the previous year and study predictions from experts for the coming year. The field of information security is not an exception.

A large developer of solutions in this field. the company Stonesoft (Helsinki, Finland), has prepared a report on upcoming threats based on data analysis for several recent years.

Stonesoft experts, who have 20 years experience in information security, have compiled a list of the most likely trends for this year:

• Viruses are expected to appear for Apple systems.
• The number of attacks on social networks will increase, including attempts to hack user accounts.
• «Information wars» are expected, attacks aimed at government bodies for political and financial reasons.
• There will be an increase in the number of attacks on companies for financial benefit, including using social engineering methods.
• There is also a possible increase in the number of Stuxnet like attacks on important sites.
• A possible target may become mobile and smart phones.
• Viruses will become more complex in the search and use of system vulnerabilities, and carry out the task to «infect everything at any price».
• Developers of security systems will have to unite their efforts to search for methods to prevent attacks which use the recently discovered AET mechanism.

The Stonesoft Director for information security Joona Airamo believes that in 2011 the greatest threats will be logical extensions of the most important themes of 2010. These were the intellectual worm Stuxnet, advanced evasion techniques (AET) and, traditionally, social engineering.

The year of 2010 became a year of rapid growth of online fraud. Millions of computers were infected, dozens of new fraud schemes were used for the first time and millions of dollars were stolen.

The only decline in fraudulent activities could be observed among spammers: after a number of large botnets were shut down, spam traffic dwindled by around 10%.

The past year also demonstrated an entirely new term in information security – cyber wars – in action. Key government agencies experienced the consequences of intricate and highly complex massive attacks twice in 2010: a worm called Stuxnet attacked a nuclear power plant in Iran and “Operation Aurora” enabled its initiators to steal confidential data from the databases of major international companies.

In the majority of cases, users’ computers were infected in one of the following ways:

• Through social networks
• Through phishing sites
• Using 0-day exploits

Let’s take a look at the rating of the Top 10 most popular fraud methods used online in the past year (according to the data provided by antivirus companies):

1. Viruses designed for stealing account details in online banking systems.

Nearly all banks these days provide online banking services that are quickly gaining popularity. This is why users’ authorization details are a lucrative target for hackers and virus makers. So far, they have mostly targeted individuals, but it’s businesses that are threatened the most now, since their accounts usually contain considerably larger amounts. More »

Entensys and Commtouch have released a detailed report on the most serious Internet threats in Q3 2010.

Entensys develops a line of traffic monitoring and Internet access products and is mostly known for its flagship product, UserGate. Commtouch (Israel) specializes in the study of emerging spam activities and development of anti-spam solutions.

The report covers the following trends:

• Along with regular spam messages with links to malware, users started receiving messages with infected attachments.
• Spammers are now using fake social network (LinkedIn, etc) invitations and notifications to distribute links to malware and illegal drugstores.
• The companies have identified that some malware is now distributed using a new complex multi-step infection scheme.
• PayPal fraud has focused on the South African Telescope Shop.
• Links to illegal drugs are more and more often disguised as letters of support for various politicians.

You can read the full version of the report on the Entensys website.

Microsoft corporation has published research results which reveal that in the first half of this year over 2 million US computers inadvertently had become a part of botnets. The latter are distributed hacker networks intended for DDoS attacks, password stealing, SPAM and malware distribution.

Number of infected computers was based on data from 88 countries. USA takes the first place with a total of 2.2 millions infected home computers. Second place goes to Brazil with 550 thousands. Russia has 4.3 out of each 1000 computers infected, which is slightly higher than global average value — 3.2 out of each 1000.

A single malware named Win32/Rimecud is responsible for 37% of infected computers in Russia.

The research resulted in over 6.5 millions home computers got rid of malware. Also one of the biggest spam botnets called Waledac got shut down.

Arrest of a criminal group accused of major fraud has been reported by UK and US authorities. Criminals supposedly had stolen over 10 million US dollars from bank accounts using viruses that capture user data.

The crime was committed using a ZeuS bot-net management tool which is popular among cyber-fraudsters. Also a Zbot phishing trojan was used, which steals bank account passwords and various private data.

Stolen data had been used to transfer funds of fraud victims to criminals’ accounts and then specially recruited persons (called “mules” or “drops”) would withdraw the money. Such “mules” make up majority of captured suspects, but the scam leader has been arrested as well. A total of 20 people has been captured, 17 are yet to be located and over a hundred are in the suspects list.

Most of the suspects have Russian and ex USSR origins. But general Russian council in New Your has been notified by FBI about only 4 Russian citizens being captured. It is most likely that the rest of criminals with russian names did not have Russian citizenship or were using fake documents.

Symantec has release Ubiquity — a brand new technology against evolving malware.

Traditional threat detection approaches (semantic analysis and matching against virus signatures) proved to be ineffective against self-changing polymorphic or less spread viruses. Such viruses present a considerable security threat: in 2009, Symantec had detected over 240 millions unique instances of malware, many of which were represented with only a single copy.

New technology is an attempt to solve two issues with modern algorithms at once:
inability to fight against kind of threats mentioned above, and low performance speed. The core of new solution is Global Intelligence Network (GIN), which stores data about all applications launched by Ubiquity technology users. Based on this data, the system creates software ratings — a white list for trusted software and a black list for suspicious software. By now, the system already has ratings for 1.5 billion files and this number increases by 22 million per week. Symantec claims that the solution outperforms any other antivirus scanners since it excludes files trusted according to GIN.

Symantec researches cloud computing services for over 2 years and Ubiquity technology is most likely to become a way to incorporate long developed Quorum technology into Norton 2011 and Hosted Endpoint protection products. Furthermore, it’s planned to extend applications of this technology by using it in Symantec Web Gateway and other Symantec corporate solutions.

It’s worth noting that similar cloud computing logic is used in Kaspersky Software since 2009. It’s called “Kaspersky Security Network” and it has proved to be effective.