Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for May, 2009
May 27th, 2009

False positive alerts in “Tools”

Are you always sure that what you are downloading is safe? Every day, many of our users report “false positive alerts” to us. I use quotes, because most of them are actually malware. See the picture below. The reported “wrong-detection” is Win32:Ardamax-LV [Spy].

false-positive-cracks

False positive alerts report

Ardamax is a well known legitimate keylogger, but the “bad guys” often use it to steal account information. In this case, keylogger is a part of some hack. This is the reason why 90% of antivirus programs detect this keylogger as suspicious (VirusTotal report).

So, do you put your trust in unknown web sources such as RapidShare, MegaUpload etc. or in your antivirus program?

Categories: lab Tags: ,
May 22nd, 2009

Inside Win32:Allaple

Win32:Allaple was a succesful worm few years ago. There are some instances of the worm in the wild also now, but the first boom was notably higher. The payload is a nice piece of polymorphic code, let’s look how it looks and how it works.

alla_stg00

Read more…

Categories: analyses Tags:
Comments off
May 21st, 2009

Caro workshop #3

Few Avast viruslab guys & developers attended 3rd CARO workshop in Budapest/Hungary. We found a bit of time to make a short visit of the historical center. Here are some pictures caught by my “faithful friend” Canon EOS 400D.

Categories: lab Tags:
Comments off
May 21st, 2009

Rogue malware ranking

Nowadays the internet is full of hacked websites that redirect browsing users to various malware distribution networks. Website hacking consists basically of adding an iframe, script tag or some more sophisticated javascript to the clean code. These methods are dependent only on the reputation of infected domains. Last week (2009-05-13) we released the detection signatures of one interesting redirector – Its name is JS:Redirector-I [Trj]. The source is a type of Rogue malware which is comonly known to use social engineering to spread. Now we can talk about ’search engine related’ social engineering. The redirector itself doesn’t look particularly sophisticated – simple code is hidden as shown in next image:

2_js
Read more…

Categories: analyses Tags:
May 15th, 2009

Welcome

Welcome to the avast! blog

avast! antivirus represents the range of popular antivirus products developed by ALWIL Software a.s., a technology company based in Prague, Czech Republic. First released back in 1988, avast! antivirus is now protecting more than 80 million users worldwide against the ever increasing threat from computer viruses and other forms of malware. The Home Edition of avast! antivirus can be downloaded and used completely free of charge, while the paid Professional Edition provides additional features to those users and businesses that need them. Here you can find interesting information about avast! and computer security in general, which has been posted by avast! staff. We hope you find it useful.

Categories: General Tags: