Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for January, 2014
January 25th, 2014

The top 5 things we need to know for our trip to Florida

The team that runs AVAST Free for Education is excited to be attending this year’s Florida Educational Technology Conference (FETC 2014) in Orlando, Florida, but also a little nervous about what to expect. Here’s the top 5 things we have been alerted to about our trip to The Sunshine State – Florida, USA!

1. Everything will be AWESOME! Americans are a very positive bunch, and describe everything good with an enthusiastic “Awesome!” So we’re prepared that FETC will be Awesome, Orlando will be Awesome, the weather will be awesome, and of course, AVAST Free for Education is TOTALLY AWESOME!! We will fit right in. ;-) Come see us at booth #356.

2. Everyone smiles. All. The. Time. Again Americans are positive bunch, and it shows on their faces. So even when the conference day is nearing an end, and our faces hurt from smiling at Awesome people and telling our Awesome story, we’ll make an effort to keep smiling. It won’t be hard, because we are genuinely happy to be at FETC.

3. Mickey Mouse is the governor of Florida and the capital is The Magic Kingdom. Need we say more?!

4. Americans don’t know where Prague is. We’ve heard that Americans are not too good at European geography. It doesn’t matter; we don’t know where Kansas is (but I promise we’ll find out!) Conference-goers just need to know which state their school and school districts are in, so we can provide them with free business-grade security protection.

5. Alligators live in every body of fresh water in Florida. We sincerely hope that doesn’t include hotel swimming pools.

We can’t wait to arrive in beautiful Orlando, Florida and spend this next week talking to our Free for Education customers, meeting new people, and saving U.S. schools and districts thousands of dollars a year. Stop by our booth #356 and attend our Learning Lab talk on Friday at 11:40.

fetc-post

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
January 24th, 2014

Ransomware worse than CryptoLocker?

The name CryptoLocker makes the hairs on the back of our neck stand up, and now researchers tell us that something worse may be coming.
ransomware

You recall that CryptoLocker locks up users’ machines, encrypts the files, then demands a payment to unlock the encrypted files. Even if the actual malware is removed, the data remains unavailable.

“There’s mostly no way to get the data back without paying the ransom and that’s the reason why bad guys focus on this scheme as it generates huge profit, “ said  Jiri Sejtko, Director of AVAST Software’s Virus Lab Operations.

There is new evidence that another more insidious version of ransomware could be coming. Underground hacker forums have seen advertisements for a new DIY ransomware tool-kit dubbed Prison Locker or PowerLocker available, along with convenient tutorials, for a $100 license fee. A blog post on Malware Must Die, an online crime fighting group, gives the details.

Read more…

Categories: General Tags: ,
Comments off
January 23rd, 2014

Facebook music theme scam hits a sour note

FB_Theme

Facebook Music Theme

By now, we are all familiar with Facebook scams that claim to give your Newsfeed a designer look. Remember Facebook Red or Facebook Black? Those pretty themes ended up spreading spam and malicious links via online surveys and fake videos. Today, the AVAST Virus Lab experts discovered a unique variety– the Facebook Music Theme Scam.

The Facebook Music Theme Scam is supposed to change the theme and add a song to your Facebook page. But when our Virus Lab expert, Honza Zika, investigated, he got more than danceable music tracks, “What this code does is modify Facebook.  It automatically liked 32 photos, people, groups, … See my activity log, that is just half of it.”

Read more…

January 23rd, 2014

WhatsApp bogus email tries to install Zeus Trojan on your computer

whatsapp-logoHave you received an email from WhatsApp? No? That’s because the company usually sends their users messages directly via the app itself, typically notifying them of updates. If you have received an email from WhatsApp recently, we urge you to not open it and to delete it immediately. The email is a hoax that contains malware.

Within the last few days, an email with the subject line “Missed voice message” has spread with the sender name “WhatsApp Messenger.” The message asks recipients to “please download attached file,” a file named “Missed-message.zip.”

Our antivirus lab expert, Peter Kálnai, told us, “It has never been WhatsApp’s strategy to send you missed voice messages in an email and they haven’t started to do so now. Instead of a voice message, it includes a zipped attachment with an executable file under the same name missed-message.exe. This file is able to download any malware attackers want to load onto their victim’s computer, including the Zeus Trojan, also known as one of the most dangerous banking trojans.”

Zeus lies silently on users’ computers until they log on to a banking website. Once on a banking site, Zeus collects the users’ personal data and online banking information. Read more about how avast! Antivirus blocks Zeus Trojans.

The popular mobile messaging service, WhatsApp, recently announced they now have more than 430 million Android and iPhone users. This is a great success for WhatsApp, but at the same time makes it an attractive target for cybercriminals, as the amount of potential victims is huge.

Does avast! Antivirus protect against the WhatsApp malware?

Yes! AVAST detects the executable files spread in the ZIP file in different versions and protects all of its more than 200 million users from this threat. Besides using AVAST, we recommend users use common sense and think twice when they receive an email from an app that usually never chooses to address its users via email. Also, in general, trustworthy companies don’t send attachments unless you have requested specific documents, so do not open any email attachments if you haven’t requested them, and always use caution when downloading files from the Internet.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , ,
Comments off
January 22nd, 2014

Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 2

1608606_777513882262041_947320490_n

Last week we promised to explain in detail how the “Blackbeard” Trojan infiltrates and hide itself in a victim’s system, especially on its 64-bit variant. Everything described in this blogpost happens just before Pigeon (clickbot payload) gets downloaded and executed. The most interesting aspects are the way it bypasses the Windows’ User Access Control (UAC) security feature and switches the run of 32-bit code of the Downloader to 64-bit code of the Payload. And finally, how the persistence is achieved.

From 32-bit Loader to 64-bit Payload

As almost all other malware, this downloader is encapsulated with a cryptor. After removing the first layer cryptor, we can see that the downloader is written in a robust way. The same code can be run under either a 32-bit or 64-bit environment, which the code itself decides on the fly based on the entrypoint of the unpacked layer. Authors can therefore encapsulate their downloader in either a 32-bit or 64-bit cryptor and it will get executed well in both environments.

Read more…

January 21st, 2014

5 security tips from an expert AVAST Evangelist

howto2_enEarlier this month we introduced you to AVAST Evangelist: Paulius Yla. With nearly 10 years of experience gained from supporting users on the AVAST forum, Paulius can be easily called an AVAST expert. He has been using our software since 2003 and participated in testing dozens of AVAST products. Paulius has shared with us 5 basic and MUST-FOLLOW security tips!

Check it out and don’t forget to follow these steps:

  • Antivirus software is a MUST. Don’t believe your friends if the say you don’t need it, it only slows your PC, and so on. It must be installed and must be up-to-date.
  • A Firewall must be enabled too, at least the integrated one.
  • Never use cracked illegal software, especially Operating Systems (OS). You will never know what backdoor can be included in it.
  • Never ignore OS updates, leave automatic updates on. Other software updates are also important. In most cases they are fixing bugs, security holes etc., and improving your internet security.
  • Believe me, the internet is a wild place, so try to avoid sites with a bad reputation or risky sites (peer-to-peer, adult sites, etc.) There is no AV solution which can protect you from 100% of threats, so use your head, too!

fr635249706757607162

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

January 20th, 2014

Nice apps get bad makeover after spammers buy them

broken-chrome

Spammers buy Chrome extensions and turn them into adware ~PC World

This is one “before and after” picture that we didn’t want to see. Someone contacted the original developers of Chrome extensions Add to Feedly and Tweet This Page with an offer to purchase. Thinking it was a good opportunity for a company with more time and money to further develop what they started, both developers sold perfectly nice apps. It wasn’t until the next automatic update that the true transformation was revealed.

Even though users didn’t know about the sale of the extensions, angry reviews indicated that a change had been made. The app was accused of spamming because it had silently updated the extensions to inject ads and affiliate links. Amit Agarwal, Add to Feedly‘s original author told PC World, “These aren’t regular banner ads that you see on webpages, these are invisible ads that work the background and replace links on every website that you visit into affiliate links. In simple English, if the extension is activated in Chrome, it will inject adware into all webpages.”

Over the weekend, the two extensions were removed from the Chrome Web Store.

How to remove bad extensions and toolbars from your computer

“Both of these add-ons are categorized as “very bad” in the avast! Browser Cleanup database,” said Thomas Salomon, head of AVAST Software’s Browser Cleanup development.  “Browser Cleanup will remove them without any trace. This means they’ll be removed the same way as any other bad add-on/toolbar.”

Browser cleanup screenshot

Open the AVAST user interface to access Browser Cleanup

avast! Browser Cleanup lists all poorly rated add-ons, extensions, and toolbars for the 3 major internet browsers, Microsoft Internet Explorer, Mozilla Firefox, and Google Chrome, and allows you to disable or remove them. It works by scanning the browser environment, then displays a list of any bad toolbars you may have, and asks if you want the offending toolbar removed. If you authorize it to do so, then Browser Cleanup will remove them.

There are more than 7,500,000 different browser extensions for the three main browsers. AVAST currently receives 1 million requests every day to remove browser toolbars. Read more about annoying toolbars from this blog post by Thomas Salomon.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

1/21 updated number of browser extensions. It keeps growing!

Comments off
January 17th, 2014

Has the NSA installed spyware on your new computer before you opened the box?

nsaAn article in German magazine Der Spiegel stated that the NSA is capable of installing backdoors on devices by Juniper Networks (firewall manufacturer), Cisco and Huawei (giant network device manufacturers), and also, Dell. According to the article, a special hacking team intercepted some new computer deliveries to secretly install spyware in these machines. Der Spiegel did not reveal how they got access to this information, although it’s public that they have access to secret information leaked by the former NSA contractor, Edward Snowden.

The magazine has access to secret documents describing a method of direct attack on an end-user device called “interdiction.” If a person was being investigated and bought a new computer, the Tailored Access Operations division (TAO) of the NSA could have access to it. They collect online information using a tool called XKeyscore, like the British journal The Guardian revealed last July. They also are able to redirect the internet traffic to their own servers. Der Spiegel said that this redirection occured with high success (50%) when people were browsing the professional network LinkedIn.

But I’m not interesting enough…

Ok. You’ll say that you’re not included in the “interesting” people to be investigated by the NSA. What you need to know, quickly, is that there are tons of spyware and behavior monitoring tools being distributed all over the world. Our team detected more than 6 million of them disguised as toolbars for browsers. These nasties monitor everything from your browser habits to your personal information.

Similar to NSA, some “security companies” do this dirty job of monitoring. Did you read about avast! BrowserCleaner yet? You can get rid of spyware toolbars using this tool inside avast! Antivirus products, or you can download the standalone version here. Learn more about it in this blog entry. And, of course, do not forget to alert your friends and family.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , , ,
January 16th, 2014

avast! Free Antivirus is Top Rated product of 2013

post-top-rated

Throughout the year, independent testing labs run antivirus products through the rigors of “real-world’ testings as well as simulations and testing of specific features and performance. avast! Free Antivirus was honored as the Top Rated Program of 2013 by one of the most respected antivirus testing labs, AV-Comparatives.  Tests during 2013 were carried out on 22 consumer antivirus and internet security products. AVAST always puts our free product up against our competitor’s paid-for products because we are confident that the technology can stand up to the competition. The honors we received validate that.

Explaining the reasoning behind pitting a free antivirus product against paid-for suites, AVAST Software co-founder, Eduard Kučera said, “Our philosophy is we should not be a good product, but a perfect product. We provide the community with a perfect product.”

AV-Comparatives awards given to avast! Free Antivirus in 2013

  • Top Rated Program of 2013 avast! Free Antivirus proves that it protects against real-world internet threats, it identifies thousands of recent malicious programs, and provides protection without slowing down the PC. See report (PDF).
  • Advanced On Demand Detection Test, March 2013 A good file detection rate is still one of the most important, deterministic and reliable features of an antivirus product. See report (PDF).
  • Advanced Plus Performance Test, April 2013 avast! Free Antivirus not only provides high detection rates and good protection against malware, but it also does not degrade system performance or trouble users. See report (PDF).
  • Advanced Plus Real-World Protection Test, July 2013 avast! Free Antivirus passed the tests with honors and was the only free solution to receive the Advanced+ rating! See report (PDF).
  • Advanced Heuristic/Behavioral Test, August 2013 See report (PDF).
  • Advanced Anti-Phishing Test, August 2013 See report (PDF).
  • Advanced On Demand Detection Test, September 2013 See report (PDF).
  • Advanced Plus Malware Removal, November 2013 Good malware protection is important to find existing malware that is already on the system. avast! Free Antivirus earned the Advanced Plus rating for successfully removing malware from an already infected system. See report (PDF).
  • Advanced Plus Performance Test, November 2013 avast! Free Antivirus has negligible impact on system performance performed on an up-to-date Windows 8 64-Bit system. See report (PDF).
  • Advanced Plus Real-World Protection Test, December 2013 avast! Free Antivirus was the only free product to receive AV-Comparatives highest award in the ADVANCED Plus category because of exemplary results in protecting against malicious samples with a small incidence of false positives. See report (PDF).
  • Silver Best Overall Speed 2013
  • Bronze Real-World Protection Test 2013

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

1/17 edited for clarity

January 15th, 2014

Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 1

clickfraud2At the turn of the year we started to observe a Trojan, not much discussed previously (with a brand new final payload). It has many interesting aspects: It possesses a complex structure containing both 32-bit and 64-bit code; it achieves its persistence with highly invasive methods; and it is robust enough to contain various payloads/functionalites.

Evolution of Blackbeard

Confronting this threat for the first time, we wondered about its classification. Using AVAST’s Malware Similarity Search, we found an old sample (the TimeStamp said “02 / 20 / 12 @ 3:30:55am UTC”) in the malware database that shared the threat’s structure of PE header. Moreover, it also contained debug info with a string “Blackbeard,” so we decided to dub it like that.

blackbeard_first_old

The development of the code evolved in time. We can connect a part of the infection chain of this Trojan with the threat called Win32/64:Viknok. For both the historic and the current variant of Blackbeard, the complexity of the structure is sketched on this scheme:

blackbeard_structure_and_evolution

Read more…