Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for October, 2013
October 31st, 2013

Beware what you share

I have Social Disease. I have to go out every night. If I stay home one night I start spreading rumors to my dogs. ~ Andy Warhol

Party time is here. It starts with Halloween and continues with different occasions such as St. Nicolas Day, Christmas parties, New Years Eve and on through the huge fiesta of Carnival. We all love to get together, celebrate with our families, friends,  have fun and to… SHARE with our friends on social networks. There is nothing wrong with that, as long as you are aware of the consequences and share wisely.

Let’s face it, we are not all PR specialists. Social networks however, are our private PR zone. Imagine that your Facebook profile is a cover of a huge magazine like Time or People. Sounds silly? Well, not really. Given the fact, that our profiles are exposed to the public, and often checked by our potential or current employers, it is very important to take into consideration what kind of content we share.

Once you are at the Halloween (or any other) party, consider switching off your internet access. Have fun enjoy yourself, but wait until posting anything to the  next day. Under the light of day (and post-hangover) your picture might look different than you anticipated. :)

times_img (3

The golden social media rule says: Everything you post on Social Media can and will be used against you! :) So if it is something you wouldn’t like to see on tomorrow’s New York Times cover, DON`T post it!

Read more…

Categories: Uncategorized Tags:
Comments off
October 30th, 2013

Halloween tricks move online

HalloweenBack in the good ol’ days of Halloween, you only had to worry about your house getting egged or your big brother stealing the good candy. Halloween tricks have moved online, and along with any significant event or holiday, this spooky celebration marks an increase in malware. Cyber ghouls pull out their bag of tricks – rogue apps, scams, and email attachments, to name a few classics – all to get unsuspecting people to click on a link in order to steal credentials.

Here are a few tricks to be aware of:

Bad video links and rogue apps

In the weeks before Halloween, searches for holiday-related items like costumes and pumpkin carving increase. This example of a search for “Halloween costume make your own” came from Glen Newton of Wired’s Innovation Insights. He wrote,

The website that came up at the top of the list has a link to a video that promises to show you how to make one for under $15 in materials, requiring only basic sewing skills – just what you were looking for. You click, and there it is, but the video doesn’t play. Oh, wait, there’s a note at the bottom of the player that says, “If this video doesn’t start playing, click here to download the latest flash player.” You click.

You can guess what happens next. No, someone in a Ghostface is not looking in your window. Rather, when you click to download, a warning pops up that your PC is infected with multiple instances of malware. But don’t you already have virus protection? You immediately assume that it’s not working, plus you remember that you haven’t backed up your files in months (cue the Psycho music). Panic ensues.

The scan window…show(s) you third-party software that can remove the malware… Fortunately, it’s not a budget breaker: $39.95 for a year’s license. The web page includes graphics that show several certifications with which you’re unfamiliar, so you figure it must be safe.

Instead of finding out how to make a costume, you end up selling your soul to the devil. Well, not quite that bad – but you give personal information and your credit card number to buy a malware removal program. After the purchase is made, you still can’t access the video. Meanwhile, the personal information and credit card data you gave away is being sold to the highest bidder on underground crime webs, and your real antivirus has been disabled and replaced by malware that the crooks can use to control your computer. Talk about a Nightmare on Elm Street…

Read the whole article from Wired.

AVAST Tip: Only visit websites that are established and reputable, and keep your antivirus software updated. (And remember, vampires can only enter your house if you invite them!)

 

Recycled scams

voodoo dollSome old-fashioned tricks that have made the jump from darkened parlors to cyberspace are virtual voodoo dolls, fortune-telling, psychic readings, and spell casting. There are good and respectable “intuitive consultants” (as some psychics prefer to be called) that are able to help others. For every good one, there are a plenty who con people to only get their money.

A typical M.O. of scammers is to use multiple sites with similar content. So if you see a site for Voodoo Queen Mumbo Gumbo who is offering a buy one spell, get one free, and you see 12 others with similar content, then forget about it.

“It’s a new twist on an old idea,” said Nicholas Little, legal director of the Center for Inquiry to the Toronto Sun yesterday. “It’s easy to hide your identity on the Internet, so people are willing to try scams online that they would never be willing to try in person.”

AVAST Tip: Never pay for a service or product that you are not sure of or you do not want. (A money-back guarantee for spell casting is not a good sign!)

Read more…

Comments off
October 29th, 2013

How many variations of “qwerty” and “1234″ can you think of?

passwords strip_

http://www.dilbert.com/

I am quite surprised at how inventive people can be when it comes to the thinking up weak passwords. The obviously weak combinations like ’1234′ or ‘qwerty’ along with names and phone numbers are quite common parts of passwords.

Some background

The story begins with me fighting a familiar piece of malware, Bicololo, which is spyware designed to steal the identity from users of Russian social networks. A routine task you might say. This time the authors were less cautious with settings on their rogue servers, so I managed to get hundreds of freshly-stolen credentials. What to do with them? The first thing I tried was contacting support of the affected social network to get users warned and passwords reset. Unfortunately, my effort met no success there; they did not even bother to answer my mail! So instead of getting to warn hundreds of innocent users on the Russian social network,  I used this unique opportunity to analyze the habits users have regarding their passwords and share it with our AVAST readers.

Once I cleaned up the data, I received about 850 unique combinations of username-password pairs. This is not enough variants for the results to be widely  representative. The data was obtained from a rather specific group of (less experienced) users whose lack of knowledge allowed their computers to be infected. I expect the general reality to be a bit better than my results. Though my findings are not scientifically-correct, they can give us some insight into the problem and show us examples we should avoid while choosing our passwords. Read more…

Comments off
October 28th, 2013

Loyal fans make AVAST the most popular antivirus

Avast! Antivirus is the most trusted and popular antivirus in the world and a leader among worldwide antivirus vendors.  “With nearly 200 million customers in 43 languages — a staggering 1 million users in 38 different countries — it is used by more people than rivals AVG Technologies, Symantec and McAfee combined,” wrote Jon Swartz in a recent USA Today article.

Data from the October report by OPSWAT shows that AVAST leads overall in worldwide product market share for antivirus and encryption applications. Microsoft Security Essentials is the only other vendor that comes close.

OPSWAT

“Avast has held its own in the hotly contested consumer-security market – it ranks in the top five, based on market share, in North America, Latin America, Europe and Asia Pacific – because of a fiercely loyal user community,” said Heidi Shey, security analyst at Forrester Research. “Fans, especially for a consumer product, go a long way. Avast users have even volunteered to help translate their product into different languages as a result.”

Microsoft makes an unusual suggestion

Microsoft admitted earlier this month that “Windows users should install antivirus above and beyond its own Security Essentials,” describing its protection as merely a “baseline” that will “always be on the bottom” of antivirus software rankings. Lifehacker comments on Microsoft’s announcement saying, Microsoft’s new approach means you’re best off using a third-party tool in your arsenal, like our current favoriteAvast.

Please share this Facebook post with your friends, so they can make the switch to the most popular (and trusted) antivirus in the world!

 

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , ,
October 28th, 2013

Facebook Clickjacking: Will You Like Me?

FB_meme“Who wouldn’t want to have more likes on their Facebook page?” This is the motivation of a very trivial code to get more likes, but while other methods usually comprise of adding better content or advertising, this one is a bit easier, and much dirtier. Why not show the like button directly beneath your mouse cursor as you browse a website, make it invisible, and move it as you move your mouse?

The only thing the victim has to do is click; if they are logged in to Facebook, they will automatically like the Facebook page. And of course, it is not only about the number of likes, but each like means the victim will get all the information about this page on their news feed (until they unlike the page), and all friends will also see that you like it – so why not check it out themselves?

FB_clickjack_Like_ButtonThis method is possible due to Like Button, a social plugin for Facebook, made by Facebook developers. It is used properly on many legitimate sites, but when combined with CSS hiding and JS moving, the victim has no other chance. If you want to know how to minimize the impact of such tactics, or if you are more into technical details, read on.

Read more…

Comments off
October 25th, 2013

Google flagged PHP.net as suspicious website

PHP.net users that would like to access php.net were unpleasantly surprised today. Google flagged the website as suspicious and users of the Google Chrome and Mozilla Firefox browsers saw a security warning when they tried to visit the website.

php_mozilla

According to the Google diagnostic page, suspicious content was found on php.net on October 23rd, 2013. Three domains were mentioned; cobbcountybankruptcylawyer.com, stephaniemari.com, and northgadui.com (owned by the same GoDaddy account) which were said to distribute malware to visitors of the site. Read more…

Comments off
October 24th, 2013

What to do if your computer is attacked by ransomware

How_toQuestion of the week:  I just read your blog post about the Reveton virus. My computer was locked and held for ransom by something similar. I finally got it fixed and downloaded avast! 2014. How can I prevent that from happening again?

We’re sorry to read that you experienced “ransomware” firsthand.  While this type of malware has not been very common, it has proven to be effective, so its incidence is on the rise. There are variations on ransomware, but all are designed to frighten or shame the victim into paying a fee to have their computer returned to normal operation. One variation uses a popup to say a virus has been detected on your computer and you have to pay to get it removed. The FBI MoneyPak Virus threatened American users with prosecution because child pornography was allegedly found on the machine. German users got hit by a similar attack recently. A hefty fine of about $300 could make it right again (or not).

Ransomware has been found all over the world, but cybercrooks are making it scarier by targeting it locally. So if you live in Hawaii (first of all, lucky you), you may receive something that looks like this. It looks pretty serious, and can spook users into thinking something is very wrong.

Reveton screenshot

What do you do if your computer is attacked?

Ransomware has been reported by consumers, but it’s also been found in business environments. If you receive something like this on your work computer, please notify your IT specialists. They will need to take action to protect the network, and investigate how the attack occurred. Remember, do not do anything the on-screen message instructs you to do – never share data and do not pay any so-called fines.

If you find yourself infected with malware, it’s a major headache with many lost hours and sometimes irreparable damage. With this in mind, you can use avast! Rescue Disk, included in all avast! 2014 products, to create an image of your avast! installation. This image can be saved either on a USB, CD or DVD. That way if anything nasty happens to the PC, you will have the disk image ready to clean and restore your PC to normal function. The avast! Rescue Disk is built on Windows PE (pre-installation environment) which allows you to boot a PC even when there is no functioning Operating System. The Rescue Disk function is an integral part of the new remediation module introduced by the new 2014 version.

Here are complete instructions for Creating and using avast! Rescue Disk.

For those of you who are more visual, here’s a video ‘How-to’ from AVAST Evangelist, Bob G.

 

Download the new avast! 2014.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+.

October 23rd, 2013

No pleasure from this adult app – only pain

A few weeks ago, I discovered and Julia warned you about a fake AVAST application which was infecting smartphones. It was hidden behind adult apps and was pretty nasty. Here is some detailed information about it.

First of all, if you look for adult applications (also known as pleasure applications J ), you can find tons of them.  Some apps, especially those offered on unofficial markets, are infected by malware;  in the case of the fake AVAST app, it was ransomware. The same scenario commonly plays out – after installation when you play the application for the first time, you get infected and blocked from using your phone.  The app asks for money to unblock you phone. That’s typical ransomware behavior.

The clues are easy to spot

You are looking for a adult application and run across something called AVASTME.NOW.  What the hell is going on here, you might think? The fact that an adult app is named after the world’s most trusted antivirus might be your first clue that something is wrong. But you install the app, even though it’s a pretty weird name for an app designed for adults. Luckily, after the installation you get an icon on your device called Porn Hub, so you start to feel satisfied you actually got what you were looking for. So let’s play it!

icon

But this satisfied feeling does not stay forever. After the first few clicks, the application announces your phone must be checked for viruses. That‘s the second big clue that something might be wrong. Normal applications do not check your phone for viruses.  But you don‘t have any choice, so you continue. That’s when you see a fake avast! Mobile Security interface which is almost identical to the original.

install 3

fakeAvast4install2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here comes a third clue for sharp-eyed users: All the detections you see on the screen use a different format than AVAST. But it‘s already too late to stop the app. In the next step, you are asked to pay $100 to clean up your phone.  And your device is locked.

fakeAvast5fakeAvast7

Sloppy, but effective

This ransomware is easily packed, and it’s apparent that the creators tried to do it as quickly as possible. Strings of detections don‘t have any kind of background, and it appears that it used randomly generated names from multiple antiviruses, as you see in the screenshot  below. They were even too lazy to clean up unnecessary icons from the package, so you can find a picture of a cat in it (maybe it‘s the unhappy cat of some of the creators? :)) Even though the app was sloppily done, the cybercrooks were successful and earned/stole large sums of money.

kocka11

This is just one example of the many applications out there waiting to steal money from you. It doesn’t have to be for adults only; basically any application might be misused against you. That‘s why everyone should be a careful and download applications only from trusted sources.  Because malware like this is increasing, it especially prudent to use some kind of antivirus protection.  We suggest (the authentic) avast! Mobile Security, available from the Google Play store. It’s free! You never know when you will get something like this, so install it today on your Android device.

SHA:
0768724FFD5B78F1F510E5C5C87181534E61A35D04BFCD29946D9DBB305BF275
F9D4CE9174F1A57C3D335E467A5079BF3CA87F00EB6B996B8EAF21E0D6F54BDD

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+.

 

Categories: Android corner, Uncategorized, Virus Lab Tags:
October 22nd, 2013

AVAST team gets together to work and to celebrate!

The release last week of the new #avast2014 became a great opportunity to get our global team together.  Members of the Social Media and Communication team met in the HQ of AVAST Software in beautiful Prague. Our team normally works remotely and its members are spread in different countries: Czech Republic, USA, Spain, and Germany. Finally, we all met at once, to work together, exchange ideas, and to celebrate.

Preparation for the release, coordinating communication, and organizing the international press conference as well as coordinating social media activities was our major focus. It was hard work but we found time to be together sight seeing in Prague.  It was a great way to get to know each other better and simply have fun.

A picture is worth a thousand words, so check it out. Also, see the gallery of pictures on our avast! Facebook page.

The Social Media team concentrated hard on tweeting from the press conference. Live stream #avast2014!

blog5

AVAST’s Social Media A-team: Albert, Anna, (A-)Deborah and (A-)Julia

blog3

We had many occasions to celebrate: The new #avast2014, the 25th anniversary of AVAST Software, as well as nearly reaching 200 million users of our products. Read more…

Categories: Uncategorized Tags:
October 22nd, 2013

Win32:Reveton-XY [Trj] saves hundreds of computers worldwide and cybercriminals know it!!!

It has been more than a year, since we last time reported about Reveton lock screen family. The group behind this ransomware is still very active and supplies new versions of their ransomware regularly.

reveton-xy_000-mainpicture Read more…

Categories: analyses, Virus Lab Tags: ,