How it all started

The concept of the modern day malware all started not with a program, but with an idea.  The mathematician John von Neumann wrote an article about the “Theory of Self-Reproducing Automata” in 1966. The article compared and contrasted the internals of computers to the human nervous system. He then discusses the possibility of self-replicating software using mathematical analysis based upon the self-replication process of organisms found in nature.

Five years later in 1977, Bob Thomas of BBN Technologies built the “Creeper” virus which is generally accepted as the first computer worm. It would spread through the mainframe computer networks and display the message:

“I’m the Creeper, catch me if you can!”

Near the same time, in order to combat the Creeper virus, another worm program was created, named “Reaper.” Reaper would also spread through the same mainframe systems but would delete Creeper upon contact. I find it very interesting that only a short time after the creation of the world’s first virus was the world’s first antivirus.

Three years after that, the world’s first Trojan Horse was developed, it was known as “Pervading Animal” and it was written by John Walker to be used on UNIVAC systems (or those really big computers that took up entire rooms).  The Trojan would present the user with a game called ANIMAL where it would ask numerous questions in an attempt to guess what animal the user was thinking of. Meanwhile, another program called PERVADE, would copy both itself and ANIMAL to every directory which the user had access to.

The very late 60’s and early to mid-70’s were the origin years of malware. Computer systems were becoming more and more capable and autonomous and therefore curious programmers could write up all kinds of fun things to play pranks on their friends or just to see what they could do, this is how our modern malware began.

.

Infecting the home user

You may or may not believe this but some of the very first malware that was written in the early 1980’s was for Apple II systems. So next time you hear about the “Flashback virus”, or something similar to it, and how it is changing the game because it is infecting Apple computers, just remember that malware has been on Apple hardware before. An example of one type of Apple II malware was called “Elk Cloner”, it was created by Richard Skrenta a 15-year-old high school student. It infected the systems using the “boot sector” technique which means that if the user booted up their system from an infected Floppy Disk, a copy of the virus was placed in the memory of the computer. The virus itself was harmless but spread to all disks attached to a system and spread like wildfire, being referred to as the first large-scale computer virus outbreak in history.

From 1983-1986 numerous types of early viruses were developed for IBM PC’s, these viruses had the ability to infect other legitimate files on the operating system, delete other files, and self-replicate. In 1987, as these viruses became more and more prevalent on user systems, IBM developed and released its own commercial antivirus.  Prior to doing this, all antivirus technology was for IBM internal use only. Finally, in 1988, the “Morris worm” was created to infect users using UNIX systems connected to the internet and was considered the first worm to spread “in the wild.”  It was also known as one of first programs to exploit buffer overflow vulnerabilities, a practice which is still used in many of today’s exploits.

It wasn’t until 1989 that malware began to really look like how we see it today. Take for example, the “Lamer Exterminator” virus. It was created for the Commodore Amiga and had the ability to hide itself by hooking into parts of the operating system and sending false data to any process which might detect it.  It also encrypted its own file every time it was replicated.

.

Malware starts to get scary

Over the last few years we have had multiple types of “scares” as far as malware goes, including the most recent DNSChanger scare, which left millions of people thinking that they were going to lose their access to the internet.  Well it wasn’t the first scare and back in 1992, the “Michelangelo” virus made a name for malware on a large scale.

The mass hysteria that surrounded “Michelangelo” was due to the belief that the virus would wipe all the information off of people’s computers on March 6^th.  When the date came and went, the damage was minimal and it turned out that the media had hyped up the story more than it needed to be.

In 1995, new methods of hiding and infecting are created with the first Macro virus known as “Concept”, which turned Microsoft Word documents into weapons. This leads us into the next 5 years of heavy email worms including the “Melissa” worm, “Kak” worm and “ILOVEYOU” worm. In March of 2004, the “Witty” worm exploited holes in several Internal Security Systems (ISS) products and was the first internet worm to carry a destructive payload.

.

New Frontiers and Advertising

The first half of the 21^st century was witness to a shift in the intent and purpose of malware, from  being malicious tools to cause harm and prank people, to tools of espionage where destroying the system was the last thing that the attacker wanted to be done, because it would mean not being able to steal more data. In June of 2004, the “Caribe” worm was found infecting mobile phones which were running the Symbian OS; it is the first case of mobile phone malware and spread to other phones via Bluetooth.

Even later that year the “Vundo Trojan” caused popups and advertising for rouge antispyware programs and is one of the earlier versions of a type of malware which is commonly seen today.

.

The Age of Cyber-crime

In January of 2007, the “Storm Worm” was identified.  It spread fast by using email spamming and gathered infected systems to be used as bots for the “Storm Botnet”. By June it had infected 1.7 million computers and by September between 1 and 10 million.  It was believed to have originated from Russia which means that it was most likely used by cyber-crime organizations.  Nearly all large botnets are run by cyber-criminals who buy and sell bots to other criminals or to would-be criminals to spread spam or steal personal information.

In 2008 a few months before the “Koobface” worm first starts infecting users of Facebook, the “Torpig” Trojan infects users and turns off their antivirus.  It also steals personal information such as log-in credentials and installs subsequent malware on the victims system. Then in November, the “Conficker” worm is discovered and infects anywhere from 9 to 15 million systems. Microsoft puts up a bounty of $250,000 for information leading to the arrest of the creator.  Multiple government agencies and organizations from all over the world come together to find a way to combat “Conficker”, ending with the eventual release of a patch by Microsoft in December, making everyone safe again

.

World War Malware

It was only a matter of time before malware started being used as government weapons or tools of espionage at a deeper level than any crime organization is capable of.  In 2007, cyber-attacks against Georgia during a conflict with Russia were reported to be coming from infected systems using the Black Energy Botnet.  It targeted government websites and news sources, attempting to cut off communication between the government and the people.

In July of 2009, multiple cyber-attacks were reported in both the United States and South Korea (a lot more than usual anyway), leading to a specific piece of malware known as Dozer. It is suspected that this malware was developed and deployed by the North Koreans but no one knows for sure. In 2010, the Trojan Stuxnet was discovered infecting SCADA systems at Iranian nuclear facilities, the malware disrupted systems and sent information back to the command and control servers, recently announced to be controlled by the U.S.

Finally, this year alone we have seen not only the use of Remote Access Trojans (RATs) like BlackShades and DarkComet being used by the Syrian government to spy on rebels but also the use of the Flame Trojan in Middle Eastern countries, a highly sophisticated piece of espionage malware which targeted government facilities and officials.

.

Conclusion

When you read the news and hear about horrifying malware that threatens the population, you might not always think that it all started with an idea and a little annoying yet harmless program.  In the same way you don’t often think that a flood which is destroying a town all starts with a single drop of rain.  The people who are using the malware and for what reason will always change and you can never say for sure what is going to happen. One thing is for sure however, Malware will continue to evolve into stealthier, more powerful and more dangerous weaponized software for as long as we integrate computer systems into our lives.

.

.

By Adam Kujawa
Malwarebytes Antimalware

The past year has been a year where information insecurity has been thrust into the lives of the common person.  From changes in the way we use the internet, through mobiles, tablets and cloud services, to high profile security breaches from Sony, the FBI and RSA itself, to the relentless hacktivism of Anonymous and the nowpossibly-defunct Lulzsec, to the misguided efforts of governments with SOPA and PIPA,  there has never before been such a time where something that is so pervasive in our lives, has changed so rapidly.

The turnout at this year’s 20^th annual RSA seemed to eclipse that of last year’s conference.  Companies and individuals came in unprecedented numbers, in order to make sense of it all and to draft their battle plans in the coming year.  This year, RSA itself challenged the security industry to stop being slow and reactive and to be more agile and offensive, using the advances in technology at its disposal.  Symantec and Facebook highlighted the generational differences between hyperconnected “digital natives” who are blurring the line between business and personal computer use, and the “digital immigrants”, who view security in a much different light and must adapt to the future.  Virtually every keynote speech highlighted the fact that we are in a time of rapidly shifting technology and user habits which will make security extremely challenging in the future. An excellent panel on hacktivism disputed the merits and evil of today’s digital agents for change.

In the “Crypto Commons” There were several infosec luminaries sharing materials and themes from their recently authored books. Bruce Schneier, inventor of the Blowfish algorithm gave a talk based on his book “Liars and Outliers”, examining the complex relationships and balance between interpersonal relationships and trust. Mark Russinovich, co-author of the essential anti-malware tool autoruns, presented material from his book “Zero Day: A Novel”, which is a fictionalized account of a Stuxnet-like cyberattack.

The mood on the expo floor was frenetic, with the usual carnival-like atmosphere found at technology shows, as security vendors vied for the attention of their battle-weary potential clients.  Among antivirus vendors, the competition was fierce, as it seemed each vendor was giving away mobile versions of their antivirus product and,  showing clients comparatives where they had rated best in detections.  The giants like Symantec and McAffee were hardly recognizable as endpoint vendors and had booths that looked like mini-cities and buzzing with exhibitors and clients.  Vendors like Eset and Kaspersky had apartment-like booths that would cost more than $4,000 a month to rent in midtown Manhattan.  Smaller players like Bitdefender, Sophos  and GData had business-like booth with friendly staff. Each vendor was on top of their game (after all, this is the World Cup of security), explaining their technology and why it is the best solution to combat today’s malware.

At these events, it’s not easy to find security experts who speak Spanish natively.  We played a cat-and-mouse game with Alejandro Musgrove, President of Americas for Bitdefender, but we were ultimately unable to catch him due to scheduling conflicts. Fortunately we were able to speak with Luis Corrons from PandaLabs to ask him about some of the challenges facing the world of security today, he provided very insightful information, which we were able to record for InfoSpyware TV. Things like Advanced Persistent Threats, SpyeEye, the security challenges wrought by “Bring Your Own Device”, Security in the Cloud, Hacktivism and and increasingly hostile threat landscape were topics covered not only by Mr. Corrons, but the event speakers from various vendors from Microsoft to Cisco, to Qualys.  As we go to press, it appears that PandaLabs has also joined the ranks of security vendors targeted by hacktivists.  Already the predictions seem to be correct, we are in for a very memorable year indeed.

.

You can watch the keynote speeches and relive the RSA conference here.

.

.

Blue Coat security released an infographic this morning that makes it easy to understand how your computer is becoming infected with malware and what botnets are delivering it. For instance, did you know that "image search is the most dangerous activity users can engage in on the web"? Or that Shnakule is the biggest malware network out there currently with an average of 2,001 unique hosts a day? Hit the jump for the full infographic.

In terms of attack vectors, search engine poisoning is by far the most predominant form of malware delivery on the Web. Email is the next biggest at 6.9%, with porn and social networking close behind at 6.7% and 5.2% respectively.

Expect that to change in coming years as social networking spam becomes more prevalent. At the same time, do not think that porn malware is going anywhere. Porn is huge on the web, a rabbit hole that is only getting deeper.

Check out the infographic for full details.

by: Read Write Web

.

.

.

‘Butterfly bot’ kit steals financial information, but its licensing model could ultimately lead authorities to its newest botmasters.

A financial-fraud botnet built with the same malware kit used in the now-defunct Mariposa botnet remains active after arrests this month of two Eastern European men who allegedly ran it.

Researchers at Unveillance, Panda Labs, and Damballa have been studying the botnet, which has been dubbed “EvilFistSquad” by Damballa and “Metulji” by Unveillance and Panda, for some time now. Unveillance and Panda Labs today announced that the botnet has hit businesses and individuals across 172 or more countries, including the U.S., Russia, Brazil, China, Great Britain, India, and Iran. The botnet uses the Butterfly Bot Kit, a.k.a. Palevo, Pilleuz, and Rimecud, the malware that was used by the Mariposa botnet.

According to translated news reports out of Eastern Europe earlier this month here, here, and here, the FBI worked with Interpol in the arrest of two suspected hackers, Aljosa Borkovic and Darko Malinic, in the so-called Operation Hive case. The two men allegedly used the so-called EvilFistSquad botnet to steal several hundred thousand dollars from victims’ bank accounts around the world. Borkovic reportedly had been arrested a few years ago for cybercrime; he since had lived in a luxury apartment in Banja Luka in Bosnia and Herzegovina, and drove expensive cars.

Damballa, which has been tracking Butterfly-based command-and-control traffic since 2007, ranks EvilFistSquad at No. 28 in the most prevalent botnets in the U.S. as of the first quarter of this year.

“Across our customer base — ISPs and large enterprises — the number of unique machines in the U.S. that are currently live and communicating with the [EvilFistSquad] command-and-communications infrastructure is just under 60,000 machines,” says Gunter Ollmann, vice president for research at Damballa. Ollmann says there are three other Butterfly-based botnets his firm is tracking as well, but they are relatively small.

Karim Hijazi, CEO and president at Unveillance, says his firm estimates that the Metulji botnet is bigger than Mariposa in its heyday — possibly twice the size, he says — but is still confirming actual bot counts. He doesn’t believe there’s a direct connection between the operators of this botnet and those of the former Mariposa. “At first glance, I don’t think these guys were tied to the guys in Spain other than using a similar kit — just far more successfully, from the looks of it,” he says. “Metulji” is Slovenian for “butterfly.”

Before Mariposa was taken down in early 2010, it was a massive global botnet with close to 13 million infected machines in more than 190 countries — including those of half of all Fortune 1000 firms. The botnet harvested banking credentials, credit card information, account information from social networking sites and online email services, and other usernames and passwords. A team made up of law enforcement officials in Spain, the FBI, Panda Security, Defence Intelligence, and Georgia Tech cut off the Mariposa botnet’s command-and-control (C&C) infrastructure in one day in December, ultimately leading to the arrest of the alleged head botmaster and two of his partners by Spanish authorities.

Mariposa infected machines via email and Web exploits, as well as via instant messaging and USB drives, which were the most successful modes of infection for Mariposa. Several months after the takedown, a hacker known as “Iserdo,” who allegedly wrote the Mariposa virus, was arrested in Slovenia.

Meanwhile, researchers say the new Metulji/EvilFistSquad botnet uses Butterfly Bot malware to infect its victims, and then steals bank account credentials and other personal information. The worm spreads via removable drives, namely USB sticks. The researchers say that while some of the botnet’s domains were taken down, several other domains are still up, running, and harvesting stolen information from victim machines.

“All we can say at the moment is that we are analyzing the few thousand binaries involved to determine the exact connection with the Slovenian Butterfly Framework creator and the different botmasters identified from the Mariposa case,” says Pedro Bustamante, senior research adviser for Panda Security. “It is obvious that any Butterfly-based botnet out there is related to the Mariposa case in some way or another, as the creator of the botnet framework was arrested by the Slovenian police last year and is now most likely pending extradition to the U.S., thanks to the involvement of the FBI.”

The good news is that when Mariposa was taken down, researchers discovered the licensing model inside the malware framework, which then provides nicknames of the botmasters who license the Butterfly bot malware.

“There are other Butterfly-botnets out there. The key here is that during the Mariposa case, we discovered the licensing mechanism inside the Butterfly framework, and we were able to get the framework creator arrested. This gave law enforcement the list of all Butterfly botnet operators around the world,” Bustamante says. “… It is safe to assume that law enforcement has a very good insight into who is running any Butterfly-based botnet out there.”

So why would botmasters use the same kit that ran the former Mariposa? “Obviously, those botmasters are either not concerned about going to jail or just plain stupid,” he says.

Another clue that the perpetrators either weren’t worried about, or aware of, getting caught: Unveillance researchers say one of the arrested men used the same email address to register multiple domains for the botnet, and even used his real name and address at times.

.

.

By Kelly Jackson Higgins
Dark Reading

.

.

To evaluate protection, AV-Test used static and dynamic malware found in the wild, including 0-day attacks. To test repair functionality, previously infected test systems were subjected to an exhaustive analysis and for determining usability, the number of false positives and system latency during virus scans were tested. These tests were performed on 32-bit Windows 7 systems.

The 17 certified AVs from AV-Test are:

BitDefender: Internet Security Suite 2011 > 15,5 ptos.
F-Secure: Internet Security 2011 > 15,5 ptos.
Symantec: Norton Internet Security 2011 > 15 ptos.
Panda: Internet Security 2011 > 14 ptos.
G Data: Internet Security 2011 > 14 ptos.
Kaspersky: Internet Security 2011 > 14 ptos.
AVG: Internet Security 10.0 > 13,5 ptos.
Sophos: Endpoint Security and Control 9.5 > 13 ptos.
Eset: Smart Security 4.2 > 12,5 ptos.
Webroot: Internet Security Complete 7.0 > 12,5 ptos.
Trend Micro: Titanium Internet Security 2011 > 12,5 ptos.
Sunbelt: Vipre Antivirus Premium 4.0 > 12 ptos.
Avast: Free AntiVirus 5.0 and 6.0 > 11,5 ptos.
Microsoft: Security Essentials 2.0 > 11,5 ptos.
Avira: Premium Security Suite 10.0 > 11,5 ptos.
MicroWorld: eScan Internet Security Suite 11.0 > 11,5 ptos.
BullGuard: Internet Security 10.0 > 11 ptos.

“We always used the most current publicly-available version of all products for the testing.” said Andreas Marx, CEO of AV-Test.org. “They were allowed to update themselves at any time and query their in-the-cloud services. We focused on realistic test scenarios and challenged the products against real-world threats.”

The 5 AVs NOT certified by AV-Test were:

:( Comodo: Internet Security Premium 5.0 and 5.3 > 10,5 ptos.
:( PC Tools: Internet Security 2011 > 10,5 ptos.
:( CA: Internet Security Suite 2011 > 9,5 ptos.
:( Norman: Security Suite Pro 8.0 > 8,5 ptos.
:( McAfee: Total Protection 2011 > 8,5 ptos.

Comparative results from such prominent and venerable independent test labs such as AV-Test, who along with AV-Comparatives and Virus Bulletin, is members of the Anti-Malware Testing Standards Organization (AMTSO), are very interesting and credible for computer end users in helping us decide which security products to consider for our own PCs.

Another interesting finding is that two free antivirus products: Avast! And Microsoft Security Essentials had excellent results, on par with or better than commercial security suites. None of our forum member’s favorite security products (according to our survey Kaspersky, Panda, Avira, and ESET), placed first, but they still ranked very well, obtaining certification with very good results. Products that are less popular or well-known in the Spanish-speaking world also performed well.

One thing to remember is that the malware threat landscape changes daily, and no product has the ability to detect 100%, nor is that ever likely, given the vast scope and volume of malware threats today. These days, we can’t leave the entire responsibility of protecting our personal data to whatever antivirus is installed on our PC. As end users we have to take an active role in protecting out data and systems, but comparative tests like AV-Test’s are a beautiful thing. ;-)

.

Lab Test Summary:

The chart below summarizes the latest results reported by labs West Coast Labs, ICSA Labs, Virus Bulletin, AV-Comparatives, and AV-Test.

As a final recommendation from InfoSpyware, when it comes to deciding which Antivirus is best for your PC, it makes sense to take these comparatives into account, but also try them on your own PC and see which one suits your particular needs the best.

.

.

Surf Safely

This complex threat uses multiple vulnerabilities and has been specially coded to avoid detection from behavioral antivirus defenses. The final payload is the injection of malicious code to alter the behavior of SCADA systems, ultimately leading to industrial malfunctions and sabotage of Iran’s suspected nuclear program.

Recently, independent  malware researcher Amr Thabet shared with us a document that takes a close look at MrxCls, the malicious driver dropped by Stuxnet. MrxCls is a very complex project, which Thabet believes was developed independently from the main Stuxnet dropper due to its scale, complexity and lack of modification alongside Stuxnet.  MrxCls appears to have had some cooperation from industrial or politically motivated spies, having been signed with a security certificate from a major hardware vendor.

From the reverse analysis in the paper, an exclusive from InfoSpyware, the reader will find that MrxCls is a multi-staged attack, which in the end, does not need to run initially with elevated privileges.  Other interesting features include entry point obfuscation techniques, as  well specific methods to avoid behavioral-based detection that is used by most commercial antivirus.

This is the first salvo of politically-motivated targeted malware attacks, but for sure, this will not be the last.  Indeed, retaliatory attacks and preparation for further attacks have already occurred and are guaranteed to escalate the situation further. The malware phase of cyber warfare has begun in earnest and we are likely to see stuxnet evolve over time as well, inspiring similar attacks and the inevitable intensification of hostilities.  What we can do as persons dedicated to fighting all forms of malware, is to know and understand the enemy, even if they are in our midst.

Download PDF:MrxCls – Stuxnet Loader Driver-English

A online black market exists where different crimeware packages (Kits for the creation of malware) are for sale.  These kits can build personalized Trojans, capabable of escaping dection from antivirus scanners, and have some interesting functionalities that help them to steal data, while protecting themselves from AV and other malware.

The two most popular botnet packages available have been the ZeuS and SpyEye crimeware families.  In late 2010, the creator of ZeuS decided to halt development of the trojan and opted to sell the source code to their former rivals at SpyEye.  These new ZeuS/SpyEye hybrids have already been seen in the wild, and the combined botnet is now believed to be  one of the largest and most active data-stealing botnets in the world.

That being said, ZeuS/SpyEye is not the only large-scale threat affecting banking and online transactions.  In the second half of 2010,  security firms such as Prevx, have been closely monitoring the growth of a new silent trojan called Carberp, which has been showing potential to be the eventual successor of SpyEye.

Carberp is a completely modular, data-stealing trojan, which is capable of downloading and executing new plugins with additional functionality.  Additionally, it can carry out encrypted communication with a list of Command & Control servers, and uses rootkit techniques to hide itself.  It can run in user mode, even inside limited and guest accounts, and can be remotely controlled, turning an infected PC into a zombie and part of a botnet.

Carberp is capable of detecting and blocking antivirus programs on the infected machine, as well as killing rival malware such as ZeuS, Zbot, Limbo, Barracuda, Adrenalin, MyLoader, BlackEnergy and SpyEye.

Carberp quietly slipped in through the back door without much fanfare last year, but it is expected to grow exponentially in 2011, becoming one the largest data stealing threats of this year.

Prevx says their own product, SafeOnline has been capable of proactively protecting browsers from Carberp’s malicious hooks, preventing bank accounts and passwords while users conduct online transactions. An extensive report on Carberp can be found on Prevx Malware Research Team’s website.

.

While at the RSA 2011 Conference in San Francisco we caught up with Eddy Willems, influential malware expert, co-founder of EICAR, AMTSO committee member, and currently Security Evangelist for G Data, a German antivirus vendor that has recently been raising its global profile. We were interested in G Data’s recently released Half-yearly Report 2010, and wanted to speak with him about it.

G Data’s report mentioned that the volume of malware had once again increased about 32% in 2010, but a new trend emerged at the end of 2010; the rate of increase started to slow down to single digit territory, which G Data believes will not significantly change.

Mr. Willems believes it’s still too early to tell why exactly malware growth is flattening out, but thinks that the close ties between malware authors and the underground economy is in some way responsible, as it was in 2007 when organized crime entered the field and malware creation skyrocketed to unprecedented levels. To underscore this idea about how businesslike the “malware industry ” had become, he showed us the monthly graphs of malware growth and pointed out the differences in growth from month to month and from season to season.  Of course, the pattern looked almost identical to a sales chart from a Fortune 500 company, with huge spikes at the end of the year and dips for summer vacation months.  “Earnestly speaking, they have exactly the same business model as we have.” , said Willems.

Perhaps the underground has simply reached an equilibrium of sorts, or perhaps they are diverting technical resources into research and development in anticipation of the next great frontier of cybercrime: Tablets and Smart Phones.   Mr. Willems asserts “The underground economy is really still looking at Windows at this moment.  However, this could be changing.” A more emphatic statement comes from the company itself; in less than two weeks, G Data will be releasing its own antivirus for Android devices.
Another notable item from the report was that Java had superseded PDF as the most exploited software package. Towards the end of 2010 the attacks against Adobe were diminished, thanks to warnings and the release of Adobe Reader X, but the Java attacks continued unabated. Yesterday’s overdue release of Java 6 Update 24 by Oracle should hopefully have an impact on this prevalence, but some are recommending users to remove Java completely from their systems.

On the subject of the Zeus/SpyEye quasi-merger, Willems believes that it will grow and that we will see more mergers of botnets this year. This is not necessarily to create more immediate revenue, but in an effort to make botnets stronger as cybercriminals seek to evade prosecution by decentralizing  their presence across international borders.

In speaking with G Data, we get the sense that 2011 will not be an ordinary year in the fight against malware, just as we have grown accustomed to handling all the vagaries of Windows based malware, the playing field has just expanded enormously with the rise of mobile devices. As cloud has finally matured, it turns out that the tablet and phone will be the dominant client, and for that we must be prepared.  Fortunately, firms such as G Data are exist  to help us know our enemies and to provide critical tools for fighting them.

.

Free software giant AVG released today a free self-audit tool to help small and medium businesses gauge their security needs.  The tool, named AVG Online Security Audit, creates customized reports and recommendations for small and medium businesses who typically have a small or nonexistent IT staff.  In creating the reports, AVG hopes to educate and inform business owners as to specific internet risks facing their business.

According to AVG’s SMB Market Landscape Report 2010, small- and medium-sized businesses are becoming victimized by cybercriminals at an increasing rate; a full 25% have experienced a data breach, while 14% were using no antivirus whatsoever.

The AVG Online Security Audit can be found along with guides, videos and tutorials designed to help SMBs protect themselves at AVG’s Business Resource Centre.

It’s that time of year again, where the world gets together to speak about security in all its forms.  One issue that is clearly on the mind of security researchers we have spoken to, is the appearance in the wild of the new and improved SpyEye supertrojan, which is now making the rounds months after merging with Zeus.

There is no consensus as to the actual danger presented by this super crimeware family, relative to lesser-known variants, but its sheer size guarantees that it will continue to be closely watched by a large number of security firms and analysts.

Will SpyeEye be one for the record books, or will it get caught in its own hype cycle? We will be speaking with a variety of different firms this week for some expert opinions.

Stay tuned…