Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for April, 2012
April 24th, 2012

avast! Free Antivirus for Mac and the Flashback botnet

Mac computers running the beta version of avast! Free Antivirus for Mac were not infected by the Flashback Trojan.

“We’ve confirmed our app’s detection abilities for Flashback within the test lab and with reports from our beta testers,” says Jiri Sejtko, director of AVAST Virus Lab operations.

The Flashback Trojan linked to the Mac botnet is a derivative of last year’s DevilRobber Mac OS X Trojan. The AVAST Virus Lab now has 18 variants of this malware in its antivirus database.

“With an estimated 600,000 infected Macs, this botnet is just a large example that the Apple operating system is not immune from malware,” said Jiri. “Add a growing market share that makes Mac an attractive target for the bad guys together with a user base that insists they do not need a security app – you have all the conditions in place for an epidemic to rip through.”

The latest Flashback variants can infect vulnerable Macs without requiring the victim to enter a password. “Mac malware has historically been dependent on social engineering – convincing the user to enter the required password. Now these days are over and Mac users can pick up malware just by visiting an infected website,” adds Jiri. “Welcome to the real world.”

Flashback is a logical step in Mac malware’s steady evolution, he points out. Initial malware samples were rather simple, just compiler-generated code, with no encryption whatsoever, but it has since evolved to be more “custom”, with encrypted strings and code, and structured to avoid security apps like LittleSnitch(firewall software for Mac OS) or Apple’s XProtect. During 2011, there were some large-scale attempts to spread Mac malware via Google Image poisoning.

“It takes 1-2 years for malware guys to adapt to a new technology – it took a similar time when they switched from DOS to Windows. This latest botnet did not fall out of the clear blue sky. The conditions have been building for some time and I’m glad that our security app will soon be available for Mac users,” says Jiri.

avast! Free Antivirus for Mac is currently in the late  BETA stage. It includes the latest avast! antivirus engine, three shields (Web, File, and Mail) and the WebRep reputation and anti-phishing plugin for Safari browser. avast! Free Antivirus for Mac builds on the AVAST Software tradition of providing a full-fledged security app which is completely free. More details coming very soon.

Categories: Mac, Uncategorized, Virus Lab Tags: ,
April 23rd, 2012

AVAST gets Advanced Plus rating in AV-Comparatives’ Test

Avast! Free Antivirus 7 has the distinction of being the only free antivirus to receive the Advanced Plus certification rating from the annual “On-Demand Detection of Malicious Software” test from Anti-Virus Comparatives.

Approximately 300,000 pieces of malware were used in the testing, and avast! Free Antivirus 7 detected 98% of them; the highest detection rate of all tested free solutions which outperformed a number of paid-for products from other AV vendors. Complementing the high malware detection rate, avast! was also recognized for detecting few false positives during the test. The number of avast! false alarms was 14. The average was 48 false positives. Avast! Free Antivirus 7 is the only free antivirus to receive the Advanced Plus certification rating.

AV-Comparatives chooses which antivirus products are to be tested from a field of internationally well-known, up-to-date antivirus products. In order to ensure that test results give a complete and accurate picture of a product’s capabilities, AV-Comparatives has strict rules about which tests every product must take part in, and which tests are optional. A dynamic “real world” protection test is conducted which measures file-detection rates, the number of false positive alerts raised, as well as other tests that cover different features of the products.

April 20th, 2012

Malware ate my homework

Missing homework used to be blamed on the family dog, but now the focus has shifted to the computer. And sometimes – as this user note shows – malware really is to blame.

“My avast! Free version will not let me check teacher’s blogs at my daughter’s high school website.  avast! just started blocking this site about 1 week ago.  We can’t find any way on avast! Free to “allow” a trusted site.  What do we do?” wrote a concerned parent from Harrison High School in Georgia.

The problem was not with avast! – the school’s site (http://harrisonhigh.org) really did have an infection.

“For unprotected visitors, it was the same schema as usual, says Jan Sirmer, analyst at the AVAST Virus Lab. “A screen with a fake AV appears in browser and forces you to download that AV and pay money for it.”

“The attack, not surprisingly :) , focused on WordPress,” he adds. “There were redirections to sub-sites at rr.nu. There we detected more sites such as cie69svoi.rr.nu and  ordonv12ectorct.rr.nu. Those sites redirected visitors to a site with the rogue antivirus.”

In this case, the concerned parents did the right thing. Instead of switching their avast! off to they could visit this “trusted” site, they wrote a note to the AVAST Virus Lab. That likely saved them from installing a fake antivirus on their computer. Read more…

Comments off
April 17th, 2012

Here comes the “Zahlungspflichtig bestellen” button

Germany leads EU in unpronounceable consumer protection

Germany has become the first country to enact a new EU law to protect online consumers against new types of fraud. One visible change will be a “Zahlungspflichtig bestellen” button on internet sites which translates into “order with an obligation to pay” button.

The law is designed to combat internet “subscription traps”, sites that lure consumers with a free offer but actually sign them up for a service where the real costs are hidden and conditions can be misleading if not fraudulent. By late 2012, customers at German ecommerce sites will have to click a button labeled “zahlungspflichtig bestellen” to complete their online purchases instead of the current “anmeldung” (registration) button.

The “Button Law” adopted by the German Bundestag is a result from EU Directive 2011/83/EU on consumer rights. And, it might be used as a model for the other EU countries to copy as the 2013 deadline on the consumer rights Directive approaches.  Since Germany is the largest economy in the European Union, this new law might just have a knock-on impact on consumer rights that goes outside of the country’s borders. Read more…

April 16th, 2012

Fake Angry Birds Hits Android

A fake version of Angry Birds is making the rounds, warns Rovio, creator of the popular game. The fake is a fully functioningl version which quietly installs malicious code that gives hackers control over your phone.  If you need a fresh copy, make sure to get the real deal at the Rovio website.

Protect your Android mobile phone from malware like this with avast! Free Mobile Security.  avast! Free Mobile Security is a full-featured anti-theft and anti-malware app for Android smartphones. Available through the Android Market and other select markets, avast! Free Mobile Security is completely free.

Categories: Virus Update Report Tags:
Comments off
April 12th, 2012

Beware of a new Windows security vulnerability (MS12-024)

As a part of the April’s “Patch Tuesday”, Microsoft released a fix for the MS12-024 / CVE-2012-0151 vulnerability.

This issue was discovered and researched by us; we have been in contact with Microsoft engineers for the past few months to fix this problem. The aim of this blog post is to explain the problem, the risks, and possible consequences of the fix.

Read more…

April 10th, 2012

Surfing the Web vs. Cruising the Strip

Modern teenagers would rather socialize with friends on the web than get in a car and go see them in person. Is this a glitch in the matrix, or for real?

It’s real. Recent studies reveal that being digitally connected is more important to young people than the freedom a car brings. The University of Michigan Transportation Research Institute found that the current number of American 17 year-olds with driver’s licenses has dropped by 50% from 30 years ago. The pattern is repeated in countries with quality Internet access, including Canada, Great Britain, Germany, Japan, Sweden, Norway and South Korea, where the number of young drivers has also declined over recent years.

The theory is that virtual contact has reduced the need for young people to get together face-to-face. A November Gartner study supports this, showing that 46% of people aged 18 to 24 would take internet access over access to a car of their own. This is not too surprising when you consider the price of a car, insurance and fuel compared to the price of an iPhone, for example.

Does this mean that dependence on digital devices instead of wheels for socializing can save lives? Could be. Read more…

April 10th, 2012

Risky gaming with ZeuS and WordPress

Assassinscreedfrance.fr, a French fan site for the wildly popular computer game, is still infected.

For over 8 weeks, the site has been infected with a Trojan java script redirector that sends visitors to a Russian malware site and connects them to a ZeuS powered botnet. The infection was last confirmed by the AVAST Virus Lab at 12.00 CET, April 10, 2012. And, just to make it clear, this Assassinscreedfrance.fr site is not affiliated with Ubisoft, the developers of the Assassin’s Creed franchise.

So far, avast! has blocked over 179,800 visits by its users to this site. And, Assassinscreedfrance.fr is just one of 1,841 sites around the globe that has been infected with this specific Trojan during the month of March.

Powered by variants of the ZeuS Trojan, this collection of botnets has stolen over $100 million from small and medium-sized businesses.

The infection, a Trojan redirector, sends users to Russian malware distribution server with an IP registered in Saint Petersburg, Russia. And yes, this sever is still working, even after Microsofts’ recent takedown of a few dozen botnet servers. Read more…

April 6th, 2012

Lazy Friday? Maybe next time

Some of you may think that Friday (especially the afternoon) is an informal prequel to the weekend relaxation. As such, it should be devoted to putting legs high up on the desk and drinking long drinks from a glass with a little umbrella. You know, no one wants to make some last-minute embroilment. But unfortunately, malware seems to never sleep. Due to that, Friday can provide us with interesting revelations.

Read more…

Categories: analyses, Virus Lab Tags: , , ,
April 3rd, 2012

Privacy Losses: Cybersecurity Efforts Move Us Towards A Big-Brother Nation

My last post was about how we’re steadily moving towards consumer online privacy regulations over the collection and use of personal online data by businesses. At the same time, however, we’re seeing the US government relentlessly expanding their efforts to monitor people online – and in ways that may completely negate any efforts to regulate the privacy practices of businesses.

It is the fear over cyberterrorism (a term you can’t expect the average person to understand) that is driving many to cede their privacy rights to the government. There are two competing cybersecurity bills working their way through Congress: the Cybersecurity Act of 2012 and the Secure IT Act. They differ fundamentally in areas of jurisdiction (the NSA versus the DHS) and whether the voluntary approach promoting and fostering public-private collaboration is sufficient, or a whether a regulatory approach is also required. But what they have in common is the aggregation and analysis of data on unprecedented scales.

In the background to all this, the Obama administration has just expanded the ability of the National Counterterrorism Center (NCTC) to retain data on people for five years (previously, it was 6 months) – even if they are not suspected of terrorist activity. The NCTC receives data from many other agencies.

So at the same time one side of the US government (the consumer protection side) is restricting what personal data businesses can collect, another side (the cybersecurity side) is moving not only to expand its own access to and control over personal data, but also to enlist in its efforts those very same businesses whose data collection efforts the FTC is otherwise trying to restrain: ISPs and mobile carriers, search engine and web portal companies, social media companies, etc. This opens a very wide door to abuse of any consumer privacy efforts currently underway with the FTC.