Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for June, 2011
June 29th, 2011

5 Questions with Vladimír Černík (Lead Virus Analyst)

When I emailed the entire AVAST team about nominations for co-workers that they would want to see interviewed, I saw/heard “Vladimír Černík” more than any other name. It turns out that Vladimir was one of the first people ever hired by AVAST founders Eduard Kučera and Pavel Baudiš, more than 20 years ago. It’s enough of an accomplishment, in modern times, to work 20 years in one place… but to watch a company grow from almost nothing… to over 150 team members, with more than 160 million users of your product… that’s truly amazing.

In the comments below, please join us in offering Vladimír Černík a warm congratulations on his 20 years with AVAST Software. – Jason Mashak

Vladimir Cernik (avast! Lead Virus Analyst)

1. You’ve been at AVAST longer than anyone aside from the founders (about 20 years?)… how was it for you in the beginning, and why have you stayed so long?

I don’t remember exactly how it happened. I started as an assembler programmer, then I was programming databases for a while, and eventually I was helping (avast! co-founder) Pavel Baudis with the viruses. At the time I didn’t know a thing about viruses and I was gaining all my experience hands-on. And of course a couple of times I managed to massively infect my computer.

It was back in the good old days of DOS. There weren’t so many viruses around like nowadays, when you are cluttered up with thousands of new virus samples daily. Read more…

June 28th, 2011

Flash malware that could fit a Twitter message

When analysing malware you are most likely to encounter samples which use all kinds of obfuscation in order to hide from antivirus software that protects your computer. This is also true for malware written in flash (more specifically, ActionScript). Flash is very popular among malware writers these days because many people use it on daily basis. Sometimes, they don’t even know it’s flash that runs all the fancy stuff which takes place on their screen! Recently I came across a sample that uses a very nice trick to hide its purpose from everyone who tries to look under its hood. What is more interesting, this sample is actually smaller than 140 bytes, which means it could fit in a Twitter message!  That is rather unusual for flash files, which tend to be considerably larger. But don’t worry, this is not a case of malware spreading through Twitter in its binary form. Maybe via malicious links, but that is another story.

Read more…

June 20th, 2011

Fear of the HTML5

Right at the beginning of this article – I must admit that I’m definitely not a specialist for the newest trends in web development. Consider following contemplation only as a thinking of an amateur. Today I’ve noticed an article about the first MP3 codec written in JavaScript (http://jsmad.org/play/160426) in order to support this media format in all browsers (even when they have no native support/codec for such media). Sounds great for such kind of  inexact specification like <audio> and <video> tags, that can encapsulate variable media formats. The particular media format does not matter (MP3, OGG, FLAC etc.), the only thing you need is to provide a codec.

Read more…

June 20th, 2011

5 Questions with Bob Gostischa (avast! Forum “Evangelist”)

From the time I started at AVAST Software, I began hearing the name “Bob” a lot, but never saw the guy, and his handle on the avast! Forum “bob3160″ sounded to me like some new industry buzz word, a new kind of machine that would change the way we all live. When I finally asked someone about “Bob,” I was shocked. “He’s one of our biggest fans on the user forum, and he helps us with a lot of stuff in the US.” Bob ranks third on the avast! Forum in terms of post count, with over 15,000 as of this writing (about 4,000 posts ahead of our CTO, Ondrej Vlcek). I began to laugh that the ‘avast! secret weapon’ might be a retiree in the southwestern desert of the USA. :)

Early in 2011, Bob and some other avast! Forum “Evangelists” came to visit us in Prague, and I think we were all affected in some way by his positive demeanor, charismatic personality, warm heart, and sincerity. It made me think that, yes, it’s “bob3160″ and others like him who are indeed the avast! secret weapons. It was an honor to interview Bob, and we hope he returns soon to visit us in Prague. – Jason Mashak

Acoma Sky City, New Mexico (USA)

 

1. How long have you been using avast! antivirus solutions and how influential would you say avast! Forum members have been in their development?

I first discovered avast! in 2003 while looking for a replacement for Norton, which at that time was using my computer more than I was.

After testing quite a few alternatives, I finally settled on avast! since the protection it offered was excellent and it wasn’t a system hog like the others.

It actually allowed me to gain access to my computer again, something I really had not enjoyed for some time. :)

 

2. In terms of innovative practices, can you think of any other product or service that has such a feeling of ‘community’ and user-co-development as that fostered by AVAST?

I honestly can’t – and I do belong to several other forums, even though my involvement with the other forums I frequent isn’t the same as it is with the Avast forum.  I consider the Avast Forum my home away from home. Read more…

June 16th, 2011

Win32:SuspBehav strikes again

I’m glad to announce that Win32:SuspBehav – an advanced heuristic set of detections -  is back on track now. It has been in a maintenance mode quite a while because there were some scheduled changes made to the underlying emulator. Following these changes, I was really curious about what the real-world feedback would be and this is what I found:

few of the SuspBehav submissions

Wait! There’s a path to the legitimate IncrediMail installation directory. Hmmm, it is either a false positive or something really strange is going on here…..

Read more…

June 2nd, 2011

Phishing email: The YouTube impostor

In 2010, AVAST noticed that the majority of malware infections were occurring via infected websites, rather than from malicious email, which had previously been the main culprit.

But good criminals go where they are least expected.

A couple weeks ago I posted an example of a type of phishing email that I’ve since learned is called ‘vishing‘, as it uses voice (VoIP, telephone) as an agent in the scam process. (It reminds me of a public payphone I had to use in Mexico about 10 years ago, which billed me something around $80 for a five-minute call.) :) Read more…

Categories: General Tags: , , , , ,
June 1st, 2011

Wrong specifications [reloaded]

I can confirm that we at the Virus Lab “love” product specifications and documentation. My recent experience shows a discrepancy between MSDN and the real behavior of VirtualAlloc.

I’m currently revising and tweaking the memory management inside one of the emulators used in the avast! antivirus engine. The goal of my effort is to bring this emulated environment closer to the real world environment, thus I decided to make the memory management conform precisely with MSDN. But after doing that…. suddenly….. about a sixth of my test set (around 400 malware families in total) refused to emulate deep enough (as usual). And the problem was in VirtualAlloc emulation:

MSDN documentation of VirtualAlloc

Read more…