PandaLabs says hackers are breaking records

According to the latest internet security report from PandaLabs hackers are breaking all established records when it comes to the nefarious business of creating new threats.

The security firm said that it had recorded five million new strains of malware in just the last three months. Alarmingly most were banking trojans, the rest a mix of adware, worms, hacking tools and spyware. Trojans took a 38 per cent share of all infections, adware was responsible for 18.68 per cent, and worms 14 per cent. Country to country, Taiwan was found to have the most active infections, 29 per cent, but is closely followed by the US and the UK, which both have roughly 25 per cent.

The risk of infection continues to worsen, according to PandaLabs, which paints a bleak picture of the future. "We are currently receiving some 50,000 new examples of malware everyday, this compares to 37,000 just a few months ago. There is no reason to believe that the situation will improve in the coming months," explained Luis Corrons, technical director at PandaLabs.

PandaLabs said that crooks would throw almost every resource at their disposal in order to infect the maximum number of machines. It said that these varied from social networking attacks to search engine manipulation. The firm also fingered a few firms for exposing their users to potential risks. It called one of the vulnerabilities patched by Microsoft, 'Striking', and another, 'Alarming'.

What with all these risks out there PandaLabs suggests that users install some web security software. You shouldn't need to look too far to find a supplier of that.

How low is public trust in data security?

New Symantec research released today has found that public confidence in the data security standards of various business sectors is shot to hell.

Unsurprisingly for a vendor looking to shift as many units of its data loss prevention solution as possible, the research paints a pretty grim picture. Of the 1,000 UK adults asked to rate their level of confidence on a scale of one to six, with one the most confident, banking came out top with 3, while retail, telecoms, transport and the public sector fared slightly worse.

Online retailers may have something to think about if this research is to be believed as they scored the worst, with a 3.7 average.

Symantec's senior product marketing manager for data loss prevention, Chi-Chi Liang, did a wonderful job of marketing Symantec's product for data loss prevention, by declaring that the low level of trust can be linked to an increasing number of high profile data loss incidents - many of which have been caused by simple employee error.

"The task for organisations in both countries is to win back customer confidence by reassuring them that world-class data loss prevention measures are in place," added Liang. We can't think whose DLP tools Ms Liang might be referring to.

To take a more glass-half-full view of this research though, isn't it more noteworthy that public confidence is still so high, despite the ever-increasing barrage of data loss incidents from public and private sector?

If most sectors scored around a 3, which is mediocre, then one could say public confidence is more resilient to media scare stories than we perhaps give it credit for.

Second phishing attack targets Facebook users

Facebook users are facing yet another malware attack this week, after security experts warned of a new phishing scam with a nasty payload.

Email hosting provider AppRiver said that the Zbot, or Zeus, botnet is delivering 30,000 messages a minute, and warned users to take extra care with unsolicited emails.

"We have already seen about 1.65 million messages from this campaign. As we've come to expect from Zbot, the phising email is well crafted and could easily trick the unsuspecting recipient into falling for its ruse," Fred Touchette, a senior security analyst at AppRiver, said in a blog post.

"The graphics are well done and all look like something you would see from Facebook. The email informs users that Facebook is updating their log-in system to 'make things more secure', and urges people to click on the update button in the email.

"This should be enough anyone needs to see, considering that Facebook, your bank or anyone else, doesn't need every one of their users' participation in order to update their product."

Clicking on the link leads to a genuine-looking Facebook login screen that asks for the user's password. Another screen then asks them to download an update tool, which is actually the Zeus Trojan that typically targets bank accounts.

"Stay away from these emails. Zeus or Zbot spares no effort in making their attacks appear to be genuine. It is very important to protect yourself by being vigilant," said Touchette.

"If you don't personally know the sender, I would avoid clicking any links in emails, especially when the term 'your account' appears anywhere in the email."

This is the second phishing attack on Facebook users in as many days, following the discovery yesterday of a widespread attempt to trick users into giving away password and login details.