The subject of the mail is: “COVID-19 Solidarity Response Fund for WHO – DONATE NOW”. Please donate! The threat is great, everyone is affected, a lot of money has to be invested in combating the pandemic and its consequences. The World Health Organization (WHO) is coordinating this fight, has set up a Solidary Response Fund and is collecting money. Please pay by Bitcoin.
Except for the keyword Bitcoin, everything is right: This fund exists, it collects donations, but not anonymously via digital currency. The account into which the recipients of the spam mail are supposed to pay belongs to a fraudster.
How many people really fell for it is unfortunately not known, because many do not even notice the fraud or do not report to the police. However, some are doing it, and accordingly the authorities are warning of increasing corona-related cyber fraud. “The coronavirus pandemic has slowed many aspects of our normal lives.
Unfortunately, it has accelerated online criminal activity, ”said EU Home Affairs Commissioner Ylva Johansson. The Europol Cybercrime Report 2020 also focuses on the topic: “Criminals have quickly exploited the pandemic to attack vulnerable people; Phishing, online fraud and the spread of fake news … ”
No new scams are used, but the current ones with corona issues are realigned. Examples are fake shops that offer cheap disinfectants or websites for immediate help for the self-employed.
Here the victim loses money or information without receiving anything in return. Kaspersky gives specific figures: In the first week of March this year, there was an increase to one million cyberattacks related to Covid-19 per day.
Home office in focus
As a result, attacks on the home office have risen sharply. In its special evaluation of cybercrime in times of the corona pandemic, the Federal Criminal Police Office (BKA) reports 127 percent more attacks on the Windows Remote Desktop Protocol (RDP) than in the previous year.
RDP is used for remote control and has often been a gateway for Trojans. The Eset analysts also report a significant increase in RDP attacks. In addition, the BKA report warns of falsified or manipulated Zoom versions that are misused by fraudsters for espionage or simply to generate bitcoins.
Many reasons to take a closer look at the current anti-virus programs. This year we are again working together with the AV Comparatives laboratory from Innsbruck, which continuously analyzes the protection programs. We use the results for the entire current year; it is therefore much more than a sample.
In recent years we have noticed that the actual virus detection is consistently high in all programs. Specifically, this means that the programs only overlook viruses in the two most important tests by AV Comparatives in the per mil range. The live test (real world test) simulates a real surfing and working environment in which the tested AV program repeatedly encounters malware.
The testers observe how the program reacts: does it protect the user? Can it beat the virus? The worst value here is 98.7 percent (McAfee), the best is 100 percent (F-Secure and Trend Micro).
In the malware protection test, viruses are hidden in the file system and the testers observe what happens if such a virus is suddenly executed. Here all programs achieve one hundred percent recognition rate, with the exception of Trend Micro with 98.7 percent. There are real differences when it comes to false positives. Any virus detection can be improved if the manufacturer simply sets it more strictly.
But then there are more false messages in which the security program blocks benign files. That doesn’t directly lower the level of security, but it’s annoying. Good protection programs create commendable detection rates for a few false positives, for example Eset with only five pieces over all test runs. In this respect, Eset creates victory in terms of security.
Good performance required
About the evaluation: This time we have brought two aspects to the fore: Operation and performance (with security still accounting for half of all the points to be achieved). The Rennsemmel is clearly McAfee with 30.3 points, but closely followed by Kaspersky with 28.6 points.
This value was ultimately decisive for the overall victory for Kaspersky and the good third place for McAfee. Trend Micro and G Data are at the lower end in terms of performance. During operation, we took a look at the user interface: Is it all of a piece and can the functions be reached in an understandable manner?
We didn’t like it that much when a new, stylish surface overlays an older one and this leads to inconsistencies in the look and, unfortunately, in the logic of the user interface. That was the case with Norton, G Data, Bullguard and Avira, for example.
In principle, Avast has a very nice interface, but unfortunately it annoys itself with self-promotion. When I’m on the road with a Kangoo, I don’t want to keep hearing: “With a Porsche, you would have overtaken this truck!”.
We liked the detailed setting options at Eset or the good explanations of the setting options at Norton, for example. Another important point in operation concerns communication with the user in the event of an attack. The user wants to hear: What exactly happened? What did the protection program do? I’m sure? There are significant differences here.
Kaspersky reports succinctly: “The object has been deleted. File xyz “. Yes and now? Was that a virus? What does “object” mean here? F-Secure also leaves us out in the cold: “Malicious file blocked! … Your computer will be scanned for further threats. ”That is commendable, but the user never learns how the further scan then turns out.
Overall, the G Data report is meaningful, but leaves the choice of action to the user. We think it is better if the security program first sends the virus to quarantine, reports it and leaves it to the user – if he really wants to – to drag the file out of quarantine again.
The worst example is provided by McAfee: on the left a green tick “Safe”, on the right a red warning triangle “Restart the PC … so that we can remove the threat.” As long as the threat has not been removed, “Safe” is only the pious one Manufacturer’s request.
Eset, Trend Micro and especially Avast communicate clearly: a big green tick, then “Threat secured. We moved xyz to your virus container because it was infected with abc. ”That’s all I need to know first.
Improved protection with AI
All providers are increasingly using components with artificial intelligence (AI) for virus detection in their security suites. This is also obvious, because the large amounts of data of known good and bad files form the ideal prerequisite for AI: Big Data.
Avira researchers speak of around 200 million files with 8,000 characteristics each. Due to the highly structured data, the AI algorithms used are not so much neural networks, but rather processes such as decision trees (or random trees). The villains have also discovered AI for themselves and optimize files or URLs, for example, so that they are not recognized.
The Emotet Trojan uses AI to analyze whether it is running under surveillance in a virtual environment. Then he switches off. In contrast to the corona epidemic, which is not being intelligently promoted by anyone and will hopefully soon be defeated by human intelligence, the computer virus epidemic will remain a constant game of rabbits and hedgehogs – even with and despite AI.