For further information, visit http://www.kaspersky.com.

The enterprise sector in the Philippines has been seeing an alarming number of malicious attacks in their networks. However, many do not report this due to fears or repercussions from business partners and customers that they are not entirely secure against hackers and creators of malware.

Statistics on malicious attacks in the Philippines are hard to come by, largely because many victims do not report these attacks to authorities. Even more alarming is that some victims do not know that they are already being attacked, with their valuable company information being passed on undetected to cybercriminals.

Concerns of cybercrime in the Philippines
Suk Ling Gun, Corporate Sales Director for Kaspersky Lab Asia says that any country in Asia that has a population of Internet users will always be targets for cybercriminals. The Philippines is no exception and Filipino companies are always under threat of having their most important data stolen.

Citing their previous reports, Gun says there is at least one malicious program appearing every 1.2 seconds compared to just five malicious programs every 2 minutes. Citing another Kaspersky Lab survey, she says 96% of companies were faced by external cyber threats, 45% of companies reported a growth in the number of threats. Of this survey, 46% of companies have lost critical data due to these attacks.

“These problems are real and they could get worse especially when businesses expand their operations. They become more enticing targets to hackers,” says Gun.

A report by the Philippine National Police-Anti-Transnational and Cyber Crime Division (PNP-ATCCD) showed an alarming number of cyberattacks on individuals, corporations and even government offices. These attacks vary from simple website defacement, to fraud using Facebook and Twitter, identity theft of credit cards, and even harassment through email or mobile phones.

According to PNP-ATCCD Police Inspector Felizardo Eubra, Jr., there were 109 cases of various forms of digital attacks as of the end of November 2011, up from just 72 in 2010. He stresses that these numbers are only the ones that have been reported either because the victims fail to do so or are not even aware that they are being victimized.

“There are still that go unreported. This is just the tip of the iceberg. No one is safe from these types of attacks, more so if you’re a company because attackers will target those that they see as more lucrative especially because of the information they keep,” according to Eubra.

With the scope of security problems, the company is bringing its Kaspersky Endpoint Security version 8.0 in the Philippines, the first time that Kaspersky Lab is bringing this particular enterprise level product and service to the country.

Kaspersky Lab Senior Product Marketing Manager Peter Beardmore highlights the key components of Kaspersky Endpoint Security 8. He points to Kaspersky’s exclusive Four-Point Approach that can classify, control, enforce and inspect applications that are running on a corporate network. This ensures that all activities in different applications remain safe.

Among its notable features are its Application Activity Monitor that classifies software as trusted, low restriction, high restriction and un-trusted. Application Startup Control sets the policies on allowing application to run during startup. Application Privilege Control enforces rules on specific functions of applications installed in the network, which ensures that certain software cannot be exploited by infection of malware.

Kaspersky Endpoint Security 8 also has Vulnerability Monitoring that checks for applications for potential exploits and alert the IT manager of potential threats. It also has a deep, granular Device Control that expands the protection of IT infrastructure from outside threats launched through USB drives and other attached devices.

Finally, the Kaspersky Endpoint Security 8 also has an effective Web Control function wherein certain websites can be restricted from being accessed during certain periods or even permanently. This allows the company to lessen the consumption of bandwidth in their corporate network. It also uses the cloud-based Kaspersky Security Network that provides 24/7 protection through monitoring and reporting of security concerns by a global network of monitoring facilities.

For further information, visit http://www.kaspersky.com.

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces today the release of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center.   The new endpoint protection solution and comprehensive management console are designed to keep businesses ahead of emerging threats with intelligent security solutions from the leading anti-malware experts at Kaspersky Lab.   “With this new release we deliver a comprehensive Endpoint Protection Platform that consists of seamlessly integrated security modules. We have merged real-time, cloud-assisted protection with intelligent proactive endpoint protection, and have created a compelling security center that will help companies of all sizes protect themselves against emerging IT threats, including targeted attacks, and thus improve their productivity,” said Suk Ling Gun, corporate sales director for Asia Pacific of Kaspersky Lab.   Deep anti-malware protection, based on Kaspersky Lab’s strong expertise and balanced global footprint, is supplemented with a broad set of IT security features, including Application Control, Web Filtering, and Device Control. Kaspersky Endpoint Security 8 for Windows integrates with a cloud-based security intelligence system, which provides real-time updates for new and unknown threats and support for application whitelisting.   The efficiency of Kaspersky Endpoint Security 8 for Windows has been proven in the first independent testing, conducted by AV-Test.org, the reputable German independent research center.   A total of seven corporate security solutions from different vendors were evaluated in the testing, and Kaspersky Endpoint Security 8 for Windows was awarded the highest number of points. Specifically, Kaspersky Lab’s corporate solution successfully detected 100% of widespread malware samples, blocked all zero-day malware attacks, and returned the best result in the detection and removal of active malware from an infected machine. Detailed results of Kaspersky Endpoint Security 8 for Windows in the independent testing can be found at AV-Test.org.   Kaspersky Endpoint Security 8 for Windows is managed by a newly designed Kaspersky Security Center, which succeeds the Kaspersky Administration Kit. This new management console presents many new features for comprehensive control and manageability, supports physical as well as virtual environments, and is scalable to fit the needs growing businesses. 

According to a recent Kaspersky Lab survey, in the past 12 months at least one IT Security incident was experienced by 91% of the companies surveyed. Almost a third of company representatives questioned admitted that they had incurred sensitive data loss as a result of malware infection.   Though malware attacks are the most common type of business security threat, only 70% of the companies surveyed have fully implemented anti-malware protection; 3% have no anti-malware protection at all.   The list of the most immediate current threats also includes potentially dangerous software vulnerabilities, network attacks (including targeted and DDos attacks), phishing, and spam. Large companies in developing markets are those most frequently targeted by cyber criminals.   Besides protection from malware, most companies also actively use client firewalls as well as tools for vulnerability checks and updating software.   But for protection of corporate infrastructure to be fully effective a security policy covering all endpoint devices needs to be enforced too. Control over programs used, network activity, and external devices can reduce the risk of unauthorized access to sensitive data and thus prevent possible financial losses.
The new versions of Kaspersky Endpoint Security 8 for Windows and Kaspersky Security Center provide intelligent protection by seamlessly harnessing new and improved features.

For further information about the company, visit http://www.kaspersky.com

September 06, 2011

July 30, 2011
Barely one month old, all eyes, including those from cybercriminals, are on Google’s latest foray into the social network community, Google+, as predicted by experts from security software company Kaspersky Lab.

Kaspersky Lab expert Maria Namestnikova said in their June 2011 Kaspersky Lab Spam Report that there could be a surge of spam in the coming days that are linked to Google+ as indicated by spammers trying to exploit growing interest in the new social networking service.

Targeting Google+ is an obvious move considering that two social networks, Facebook and Habbo, have seen increases in phishing attacks for the month of June.

“We expect an increase in unsolicited emails exploiting the new Google social network. They will most likely contain both phishing links and malicious code,” says Maria Namestnikova, senior spam analyst at Kaspersky Lab.

Namestnikova said that in June, phishers again tuned in on Google, which posted a 2.5 percent share in all phishing emails. Google’s Orkut social networking service accounts for about 0.08 percent of all phishing traffic for this month. While this is a small figure, it already shows the potential of Google+ as a target for phishers.

Google+ integrates several existing Google services, as well as new ones. Since its creation last June 28 on a limited basis, the service has already reached 20 million users, according to comScore. [1]

Meanwhile, Kaspersky Lab reports that the rank among the targets of phishing emails for June remains unchanged. Among the top targets are PayPal (44.73%), eBay (9.54%), Habbo (8.54%), and Facebook (6.67%).

The most common type of phishing spam being sent is related to computer fraud, which accounts for 29% of all phishing traffic. Namestnikova warns that this means that the intention is to extort money from would-be victims. Some of these phishing emails also contained malicious codes.

Apart from computer fraud, phishing emails related to health-related services and products are the second leading cause of phishing traffic. This is followed by personal finances (12.1%), other goods and services (9.6%), and fake designer goods (5.3%).

Russia and the USA remained as countries where malicious software such as fake antivirus was detected most frequently in mail traffic. Russia was at the top with the amount of blocked emails with malicious attachments (14.16%), though this decreased slightly from the previous month. USA, which ranked second, reported 10.56% in mail traffic with fake antivirus. It also reported a very slight decrease of just 0.3 percentage points from the previous month.

Meanwhile, the top five malicious programs distributed via mail traffic in June 2011 were Trojan-Spy.HTML.Fraud.gen (7.6%), Email-Worm.Win32.Mydoom.m (6.21%), Trojan.HTML.Fraud.fc (3.62%), Email-Worm.Win32.Bagle.gt (2.99%), Packed.Multi.MultiPacked.gen (2.66%).

“As we have already mentioned in previous reports, Mydoom.m andNetSky.q are malicious programs whose only functions are to harvest email addresses and to send copies of themselves to these addresses. Bagle.gt is yet another mail worm, but with more sophisticated functionality: it not only collects email addresses and sends a copy of itself to all email addresses harvested from the victim’s machine but downloads malicious programs itself from Internet resources,” Namestnikova says.

Among the highlights of the Kaspersky Lab June 2011 Spam Report are news related to anti-spam campaigns and legislation. For instance, in June, the Japanese parliament passed an important law that makes the creation, distribution, purchase and storage of malicious programs as well as the distribution of pornographic spam a criminal offence. In Russia, notorious spammer Leonid Kuvayev attended a hearing on June 7 in which he was accused of sexual crimes against minors.

On June 23, pharmaceutical spammer Pavel Vrubelevsky, was arrested on 23 June at Sheremetyevo airport. Vrubelevsky is known as the one who ordered a distributed denial-of-service (DDOS) attack on the Russian e-payment system Assist in July 2010.

[1] From CNet. “Google+ hits 20 million mark in three weeks,” http://news.cnet.com/8301-1023_3-20081650-93/google-hits-20-million-mark-in-three-weeks/?part=rss&subj=news&tag=2547-1_3-0-20

July 22, 2011

Tumblr, one of the fastest rising microblogging service with millions of users worldwide, has been recently hit by what seems to be one of the most publicized phishing attacks the social network has seen so far.

The attack, which happened in a span of several days, followed the same phishing patterns by luring Tumblr users to input their login information into a link in order to access “something special,” which is actually a pornographic content.

Hijacked Tumblr accounts will then propagate the phishing attack and thus keep the cycle going. This attack has so far been the most serious for the microblogging service.

An expert from leading secure content and threat management solutions developer Kaspersky Lab said there’s “nothing new” in the Tumblr attack.

Kaspersky Lab expert Stefan Tanase said “phishing is a game of numbers so even though many users are aware of this threat, there still are some of them who fall victim to this old social engineering trick.”

“Therefore, even with just a low efficiency rate in terms of percentage, thousands of accounts can still be easily compromised by cybercriminals if the phishing page is seen by enough people, ” he said.

According to Kaspersky Lab, a typical phishing attack involves the cybercriminals distributing fake emails, purportedly originating from major online banking or social networking organizations.

These emails usually request users to provide their confidential data and contain links to fake websites that mimic genuine ones.

Users falling victim to such schemes discover that the cybercriminals have used their social networking accounts to distribute spam and has taken money from their online financial accounts. The cybercriminals may even try to extort money from users in return for control of their hijacked accounts.

Tanase states that anyone using social networking services, even microblogging services, will have to be just as vigilant in keeping their accounts safe as much as they are with their other online accounts. Tanase says that cybercriminals will make various attempts to trick people into giving up their personal information.

Various phishing attempts have been made on other microblogging sites, such as Twitter. In a report, Kaspersky Lab expert Dong Yan said China’s own very popular microblogging site Sina Weibo with currently about 140 million users, fell victim to a recent phishing scam where the Trojan.JS.Iframe.fz was found.

Tanase suggests some tips for users of microblogging sites to avoid becoming victims of phishing attacks; be sure to log in directly on the website by manually typing the address in the browser. Avoid clicking suspicious links that purport to direct to alleged legitimate sites.

He also recommends to always browse through a secure connection, in particular HTTPS and not HTTP. If possible, check on the SSL (secure sockets layer) certificate of the host one is logging in to (to help user find out if its host’s file has been modified or in the case of a DNS cache poisoning attack or if the router is compromised).

Tanase said phishing emails look very much like genuine ones so he advises users to check the email headers (the link in the email link) to confirm the source, as email addresses can be easily spoofed.

The Kaspersky expert says microblogging sites also use shortened URLs, which makes it even more difficult to know if a link is legitimate. Having an internet security application installed should be able to detect the veracity of these URLs.

Also, Tanase advises users to be wary of sessions in legitimate websites that suddenly log out then ask for log-in access again. These could have been started by attackers who use web application vulnerabilities or social engineering to redirect users through fake log-in gateways.

Tanase also encourages users to employ modern browsers and ensure that all installed software are updated. In addition, users must apply fully featured Internet security software to stay protected against malicious software.

“Not specific to the Tumblr phishing attack itself, but a good advice anyway: always remember that your bank will never ask for your credit card details, and generally be suspicious about online forms requesting too much sensitive information,” says Tanase.

Just recently, Kaspersky Lab has been granted a patent on a new, innovative phishing technology in Russia. Its technology determines if a domain name of a site corresponds with its IP address. This essentially blocks cybercriminals’ attempts to redirect unwary users to fake websites.

The patented phishing technology was developed by Kaspersky Lab experts Aleksey Malyshev and Timur Biyachuev.

July 14, 2011

Increasing competition among cybercriminals for a chunk of earnings from data theft is also pushing the boundaries of malicious software development. So far, the destructive TDSS botnet has continued to be a primary weapon used by cybercriminals. Kaspersky Lab, a leading developer of secure content and threat management solutions, raised the alarm as it discovers TDL-4, the latest variant of the TDSS botnet, which is found to be destructive and powerful enough to remain hidden among other botnets.

Kaspersy Lab said the latest TDSS botnet variant could compete in stealing data from infected computers and was developed to be unnoticed even by commercial antivirus applications. TLD-4 has so far been widely used in a variety of attacks on both individuals and businesses. According to an analysis made by Kaspersky Lab experts, at least 4.5 million computer worldwide were found to be infected in the first three months of 2011.

About US$250,000 is estimated to have been spent by cybercriminals on the creation of a botnet made up of American users. Kaspersky Lab experts Sergey Golovanov says the new botnet was undetectable for months. He added that the TDL-4 has been found to have new capabilities not seen in previous variants. These included the ability to have its own encryption method in communicating with other infected computers, the use of peer-to-peer networks in sending commands, and even create a proxy server functionality that could allow cybercriminals to have undetectable, unlimited Internet access through infected computers. Golovanov adds that in particular, TDL-4 can now delete around 20 of the most popular competing products on an infected machine, among them such widespread programs as Gbot, ZeuS, Optima and others. Golovanov also found out that TDSS itself installs on a PC around 30 utilities, including fake anti-virus programs and systems for both increasing advertising traffic and distributing spam. One of the most significant new additions to TDL-4 is the possibility to infect 64-bit operating systems. To control the botnet – besides the command servers – for the first time, the Kad public file exchange network is being used.
“Such is the tenacity of the TDL-4 that it can even destroy other competing applications. This means that cybercriminals are fighting among themselves to secure their positions in the lucrative and illegal underground industry, “ Golovanov says. Igor Sumenkov, another Kaspersky Lab expert who investigated the spread of TDL-4, says that the intensity of the competition is growing that cybercriminals are heavily investing in both technology and manpower in their nefarious business.

Sumenkov says another new function of TDL-4 is the possibility to open a proxy-server. Cybercriminals offer anonymous access services via infected computers, charging for such a service around US$100 per month.

He says TDL-4 is distributed mainly with the use of so-called partner programs and affiliates.

“The authors of the malware are not expanding the network of infected computers themselves; instead they pay third parties to do it. Depending on the particular terms and conditions, partners are paid from US$20 to US$200 for the installation of a thousand malicious programs,” according to Sumenkov. The Kaspersky Lab experts warn that the release of the TDL-4 is just an indication of the risks cybercriminals are willing to take just to earn from the misery of victims. “We don’t doubt that the development of TDSS will continue,” said Golovanov and Sumenkov. “Malware and botnets connecting infected computers will cause much unpleasantness – both for end-users and IT-security specialists. Active reworkings of TDL-4 code, rootkits for 64-bit systems, the launch of a new operating system, use of exploits from the Stuxnet arsenal, use of p2p technologies, proprietary “anti-virus” and much, much more make the TDSS malicious program one of the most technologically developed and most difficult to analyze,” they conclude.