PandaLabs : Security Reports

Quarterly Report April-June 2009

Luis Corrons — Mon, 06 Jul 2009 08:51:00 GMT

We've just published our latest quarterly report. Apart from the different figures for the Q2 you'll find some interesting articles about topics like:

- Waledac

- BlackHat SEO

- Twitter Trends

- Malware seeding via spam

It is a good reading meanwhile you are waiting for the 1st Panda Challenge ;-)

English:

Spanish:

Enjoy!

Annual Report PandaLabs 2008

Xabier Francisco — Wed, 31 Dec 2008 11:24:00 GMT

We have just published the Annual report PandaLabs 2008. There, you can find statistics and information about the current situation of malware.

In advance, regarding malware in the end of last Quarterly in 2008, Trojans continue being the most relevant category of malware, at 77.49%.

Also you will find an other interesting article in this report like, rogue antimalware, spam levels, vulnerabilities, banking trojan, and others…

You can download it in English or in Spanish .

Enjoy it! And from all the team, we wish you a happy -and malware free ;-) new year!

Microsoft Updates for November

Xabier Francisco — Wed, 12 Nov 2008 15:39:00 GMT

This month two new security bulletins have been published ( MS08-068 and MS08-069 ) as part of the usual launch of Microsoft Updates.

According to Microsoft's classification one of the bulletins are rated as "critical" and the last one as "important". So we recommend you to update your system as soon as possible.

You can find more information about this security bulletins by clicking the followings links:

MS08-068: It solves a vulnerability in the Microsoft Server Message Block (SMB) protocol which could allow an attacking user to execute remote code.
MS08-069: It solves three vulnerabilities in Microsoft XML Core Services, which could allow remote code to be executed and information to be disclosed if the user follows a link to a specially crafted website which exploits the vulnerability.

New critical Security Bulletin MS08-067

Oscar Cavada — Fri, 24 Oct 2008 07:00:00 GMT

Yesterday Microsoft published an extraordinary security bulletin called MS08-067. This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution and it is exploited by sending a specially crafted RPC (like Sasser, Blaster) request to a vulnerable system. On Microsoft Windows 2000, Windows XP, and Windows Server 2003 systems (even Windows 7 Pre-Beta), an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit. Firewall best practices and standard default firewall configurations can help protect network resources from attacks that originate outside the enterprise perimeter.

This vulnerability is rated as critical for Windows 2000, Windows XP, Windows Server 2003 and as important for Windows Vista and Windows Server 2008.

We have already seen the first Trojan that has been sent out using this vulnerability, we detect is as Trj/Gimmiv.A. The Trojan itself is not using the vulnerability to spread, but someone is infecting systems with it using the vulnerability.

We strongly recommend you to update you system as soon as possible.

Microsoft Updates for October

Xabier Francisco — Wed, 15 Oct 2008 14:35:00 GMT

Eleven new security bulletins have been published (from MS08-056 to MS08-066) as part of the usual launch of Microsoft Updates.

We recommend you to update your system as soon as possible, as according to Microsoft's classification four of the bulletins are rated as "critical", six as "important", and one is rated as "moderate".

You can find more information about those security bulletins by clicking the following links:

MS08-056: Vulnerability in Microsoft Office Could Allow Information Disclosure.
MS08-057: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution.
MS08-058: Cumulative Security Update for Internet Explorer.
MS08-059: Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution.
MS08-060: Vulnerability in Active Directory Could Allow Remote Code Execution.
MS08-061: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege.
MS08-062: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution.
MS08-063: Vulnerability in SMB Could Allow Remote Code Execution.
MS08-064: Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege.
MS08-065: Vulnerability in Message Queuing Could Allow Remote Code Execution.
MS08-066: Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege.

Back from VB2008

Ismael Briones — Tue, 07 Oct 2008 11:13:00 GMT

We returned from Virus Bulletin 2008 last Saturday. It has been a very exciting week, great presentations and better beer :-). Ottawa is really wonderful
This year has been the first time I've done a presentation in a big conference like VB. I have to say that I was nervous :-), however it has been a great experience that I'll try to repeat.

If you couldn't go you can download the slides:

VB2008 has allowed us to publish the entire paper. Enjoy it ( Copyright is held by Virus Bulletin Ltd.; made available on this site for personal use free of charge by permission of Virus Bulletin. This work may not be reproduced or redistributed without express permission from the copyright holder.)

Quarterly Report July-September 2008

Oscar Cavada — Fri, 03 Oct 2008 11:47:00 GMT

We have just released the Q3 Monthly report PandaLabs.

So, It’s time to see what has happened in the last three months. You can download it in English or in Spanish.

Enjoy it!