Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for January, 2013
January 31st, 2013

Is your home updated?

The digitalization of our homes continues to grow, and with it the number of vulnerabilities your household devices can suffer from. We’re surrounded with many specialized minicomputers (which we usually fail to consider computers) that are subject to the same problems as the desktops or laptops. But, because of a psychological barrier, we’re unable to see them this way. Almost nobody thinks of their big TV as a computer and the same is true of phones, but there are many smaller, almost invisible devices like intelligent disk arrays (NAS) or routers, which are nothing else but ‘computers without the keyboards’. It was published in the past – it’s possible to hack/exploit/misuse such devices – there are exploits for printers, desk phones, Samsung TVs, all of these devices contain bugs which, when exploited by the bad guys, could run executable code which suits bad guys’ needs.

Read more…

Categories: Uncategorized Tags:
January 29th, 2013

Job offer: AVAST seeks experienced IT journalist or blogger

AVAST typically has a lot of great news to report and we’re looking for a full-time native speaker of English — with a background in IT journalism (this is important!) — to join our team in Prague.

For more information, please visit our job description for PR News Writer – English native speaker (click link).

 

Please note that questions about the position will NOT be answered here. Thanks.

January 25th, 2013

Introducing the New Avast Bug Bounty Program

Hello Avast fans!

No Bugs

It is my pleasure to officially announce the new Avast bug bounty program. As a security company, we very much realize that security bugs in software are reality. But we also realize that companies that are able to use their user communities to find and fix bugs are generally more successful that those that don’t. Therefore, we have decided to reward individuals who help us find and fix security-related bugs in our own software. This makes us probably the first security vendor with a reward program like this: I think it’s mainly because the other companies generally take the position that ‘Hey, we’re a security company. So we know security and it can’t happen to us.’ But in reality, that’s not what’s happening. Just look at bugtraq or the CVE databases and you will find that security software is no more immune to these issues than any other programs. A bit of irony, given that people generally install security software to fight security issues in the first place, isn’t it?

We at Avast take this very seriously. We know that being a market leader (Avast has more users than any other AV company in the world), we’re a very attractive target for the attackers. So, here’s our call to action: let’s unite and find and fix those bugs before the bad guys do!

 

Here’s how it works:

  • The bounty program is designed for security-related bugs only. Sorry, we’re not paying for other types of issues like bugs in the UI, localization etc. (nevertheless, if you find such a bug, we will of course very much appreciate if you report it).
  • This program is currently intended only for our product, i.e. not the website etc.
  • We’re generally only interested in these types of bugs (in the order of importance):
    • Remote code execution. These are the most critical bugs.
    • Local privilege escalation. That is, using Avast to e.g. gain admin rights from a non-admin account.
    • Denial-of-service (DoS). In case of Avast, that would typically be BSODs or crashes of the AvastSvc.exe process.
    • Escapes from the avast! Sandbox (via bugs in our code)
    • Certain scanner bypasses. These include include straightforward, clear bypasses (i.e. scenarios that lead to direct infection, with no additional user input), as opposed to things like deficiencies in the unpacking engine etc. In other words, we’re interested only in cases that cannot be mitigated by adding a new virus definition (please don’t report undetected malware)
    • Other bugs with serious security implications (will be considered on a case by case basis).
  • The base payment is $200 per bug. Depending on the criticality of the bug (as well as its neatness) the bounty will go much higher (each bug will be judged independently by a panel of experts). Remote code execution bugs will pay at least  $3,000 – $5,000 or more.
  • We might change these ranges based on the number and quality of incoming reports. Generally, the less reports we will get, the higher the bounty will go.
  • We will only pay for bugs in Avast itself. For example, if you find a bug in a Microsoft library (even if it’s used by Avast), please report it to Microsoft instead (it would be great if you could also notify us, but unfortunately, we cannot offer any reward in such cases).
  • The program is currently limited to consumer Windows versions of Avast (i.e.: Avast Free Antivirus, Avast Pro Antivirus, and Avast Internet Security). Only bugs in the latest shipping versions of these products will be considered.
  • Payment will be done preferably by PayPal. If you can’t accept PayPal (e.g. because it doesn’t work in your country), please get in touch with us and we will try to figure out something else.
  • Because of certain legal restrictions, we cannot accept submissions from the following countries: Iran, Syria, Cuba, North Korea and Sudan.
  • It is the researcher’s own responsibility to pay any taxes and other applicable fees in their country of residence.
  • In order to be eligible for the bounty, the bug must be original and previously unreported.
  • If two or more researchers happen to find the same bug, the bounty will be paid only to the one whose submission came in first.
  • You must not publicly disclose the bug until after an updated version of Avast that fixes the bug is released. Otherwise, the bounty will not be paid.
  • The bounty will be paid only after we fix the issue (or, in specific cases, decide to not fix it).
  • Some bugs may take longer to correct. We will do our best to fix any critical bugs in a timely fashion. We appreciate your patience.
  • Employees of AVAST and their close relatives (parents, siblings, children, or spouse) and AVAST business partners, agencies, distributors, and their employees are excluded from this program.
  • We reserve the right to change the rules of the program or to cancel it at any time.

 

How to report a bug and qualify for the bounty:

  • Please submit the bug to a special email address bugs@avast.com
  • If you’d like to encrypt your email (recommended), please use this PGP key.
  • A good bug report needs to contain sufficient information to reliably reproduce the bug on our side. Please include all information that may be relevant – your exact environment, detailed bug description, sample code (if applicable) etc. It also needs to contain a decent analysis – this is a program designed for security researchers and software developers and we expect certain quality level.
  • You will receive a response from an Avast team member acknowledging receipt of your email, typically within 24 hrs. If you do not receive a response, please do not assume we’re ignoring you – we will do our best to follow up with you asap. Also, in such a case it is possible your email didn’t make it through a spam filter.

 

Finally, I’d like to say thanks to everyone who helps to find and fix bugs in our products. Hopefully, this new reward program will take this initiative to a whole new level.

Happy [bug]hunting!

 

P.S. The bug bounty rules are also available on our main website here.

 

Categories: Technology, Uncategorized, Virus Lab Tags:
January 25th, 2013

5 Question with Petr Bucek – social media support specialist

Petr BucekWe are excited to share news with you. Our two-person, social media team now offers professional support. :) Since December 2012 Peter Bucek has been helping us respond to your technical and customer care inquiries in English, Spanish, and of course, Czech language. We are pleased to welcome Peter on the board and introduce him to YOU.

I have known Peter since I started 5 years ago with AVAST Software. When I joined the company in 2008 we have been working together in the support team. Peter is a very friendly, kind and cheerful person, always willing to help not only the customers but also other colleagues. Despite the rather routine job, he kept his creative and innovative attitude towards everyday tasks. He came up with idea of creating video manuals. Now thanks to Peter we can easily check: How to download, install and customize avast! Antivirus. He is a proud father of two lovely kids: a boy Jonáš and a girl Emma .

So let’s hear the voice of Peter. :)

Peter has worked in AVAST Software since November 2006. Peter, how, in your opinion, has the company changed during this time and how is our support team changing?

Read more…

Comments off
January 24th, 2013

What’s that new game on Google play? Oh, it’s malware again!

playA few months ago, Google announced a new feature in Android. Version 4.2 Jelly Bean has an integrated real-time app scan which should be able to check if applications you install are clean or malicious. But is this enough? Sleazy Android app developers continue to sneak their fake apps by the Google Play gatekeepers. These guys rip off popular apps in an attempt to fool unsuspecting users.

“In the start of this week, Google released a few applications from a developer called GILBERT8332 which pretend they are legitimate applications. Between these applications you can find quite common games such as The Sims 3, Asphalt 6, Ninjago Lego and so on. And compared to original developers they are free,” said Filip Chytrý, a researcher from Avast Virus Lab.

The common result of downloading a bogus app is that personal information like your email address and mobile phone number are stolen and you are served an unending stream of spam and unwelcome offers.

Chytrý warns, “When you download them and install in your android device you will be surprised. All of them are malware. They all start quite innocently with a license agreement of AirPush advert. (AirPush is a advert system which allows to show advertisement in notification bar of your Android device.)”

2

“And then the funny parts come up. The Game will ask you if you want to change your main page in browser and put a search icon on desktop. Even if you decline, it’s too late. Your browser is already changed for another search page and your device is filled with uncomfortable adverts and as a bonus, the device will send  personal information to a third party,” said Chytrý.

top apps

Block fake apps

avast! Free Mobile Security blocks fake apps and our new signature targeting protects you against
malware distributed with them. Our popular anti-virus/anti-theft app for Android stops downloads of fake apps and games, so you won’t be duped.

“All of these apps use multiple advert services, steal your personal data and they even are hidden under different creators. But don’t worry. Avast detects all of the mentioned applications as Android:FakeInst-DL, and urls of fake searchers are blocked also,” said Chytrý.

Get avast! Free Mobile Security for your Android device from Google Play. Please add a review and share with your friends if you like it! :-)

January 23rd, 2013

Earn money from safety at home

Today, I received an email from one of my coworkers (yes, even careful employees of security vendors are in danger:) ). This email has more recipients and contains only one link, without any text or subject.

spam link

Fortunately, I am a really paranoid person about emails containing only a link to an unknown site. At this link, you can notice two really suspicious things: The directory is images and there’s a file called yahoo12.php. That should warn users to avoid clicking on this link.

Read more…

January 22nd, 2013

‘Reporters without Borders’ website misused in wateringhole attack

As mentioned by me on Twitter, it seems that the entity or entities behind the watering hole attacks don’t care to be caught or detected, and it also seems that they don’t care if the Internet Explorer and Java vulnerabilities are patched. They act as opportunists and try to take advantage from the time frame between the patch release and the patch application of some users, companies and non-governmental organizations.
Last week me and Eric Romang reported on watering hole attacks against multiple high value web sites, including as example major Hong Kong political parties. These websites used the latest Internet Explorer (CVE-2012-4792) vulnerability, patched in MS13-008, but also the latest Java (CVE-2013-0422) vulnerability, patched in Oracle Java 7 Update 11.
It seems that one week later, Reporters Without Borders (Wikipedia link), a French-based international non-governmental organization that advocates freedom of the press and freedom of information, is the new web site used for the watering hole campaign. Such an organization is an ideal target for a watering hole campaign, as it seems right now the miscreants concentrate only on human rights/political sites – many Tibetan, some Uygur, and some political parties in Hong Kong and Taiwan which are the latest hits in this operation. In our opinion the finger could be safely pointed to China (again). Read more…
Categories: analyses, Virus Lab Tags:
Comments off
January 18th, 2013

Fans praise avast! on social media

It is a credit to the quality of our Facebook and Twitter fans that so many take the time to write us with appreciation and praise. It is extremely meaningful for us to receive your feedback, positive or negative, but we are especially motivated and thrilled to learn when we are satisfying our customers. Here are some examples of messages we have received lately on social media. Thanks to all who have written to us.

FB 1  FB2

 

 

 

 

 

FB3

 

 

 

 

TW2

 

 

 

TW3

 

 

 

 

 

We invite all our avast! users to join us on Facebook and Twitter.

January 17th, 2013

Encrypt unsecured Wi-Fi for Apple iOS

SecureLineDo you use your mobile device to check email, use social networks or log in to your bank account while sipping a double mocha latte at your favorite coffee shop or while waiting for your next flight? That’s risky considering you cannot count on public Wi-Fi hotspots that you find in cafes, coffee shops, airports, schools, and hotels to be secure. Remote cybercrooks, and even the guy sitting a couple of tables from you sipping coffee, can use software to eavesdrop and snoop which could result in stolen credit card information and passwords or full-blown identify theft.

With new avast! SecureLine for iOS you can secure your wireless internet connection when using your iPad, iPhone, or iPod on a Public/Open Wi-Fi network. Here’s how it works:

VPN stands for Virtual Private Network.  avast! SecureLine VPN creates a private ‘tunnel’ through the internet for your data to travel through, and everything inbound and outbound through the tunnel is encrypted. Data is decoded at the VPN server, using advanced encryption protocols. Handy features also detect and filter malicious URLs, block ads in the browser and apps, or can compress your transferred data which saves your mobile data plan and enables access to US-only content. :-)

Download avast! SecureLine for iOS from iTunes. Read more…

Comments off
January 15th, 2013

Watering hole attacks continue (with a twist)

Through a collaboration with Eric Romang (@eromang), independent security researcher we can confirm that the watering hole campaigns are still ongoing and are targeting multiple targets, including as an example a major Hong Kong political party website.

This website is actually using the new version of the original Internet Explorer (CVE-2012-4792) vulnerability attack, but right now it’s also using the latest Java (CVE-2013-0422) vulnerability.

Chinese language version of the web site is doing a remote javascript inclusion to “http://www.[REDACTED].org/board/data/m/m.js”.

javascript-inclusion

This website is a legitimate compromised website used for hosting the exploit files, hosted in South Korea.

Read more…

Categories: analyses, Virus Lab Tags: