Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Search Results

Keyword: ‘settings’
April 16th, 2014

Are software “Easter eggs” safe?

eggs02Easter egg hunts are a favorite activity for kids and adults alike, and on Easter Sunday, backyards, church grounds and even the White House will host their own competitions. Cyberspace has its own Easter eggs (a hidden message in software applications), and the hunt for them is just as fun as for real eggs. I asked Filip Chytrý, a researcher in the avast! Virus Lab specializing in mobile malware, about his favorite Easter eggs.

“I hate boiled eggs,” Chytrý joked, “but revealing Easter eggs in applications is pretty fun especially if you just have a clue, but don’t have any idea where to start.”

Can Easter eggs be malicious?

We’re not too keen on hidden code that no one knows about here at AVAST, so I thought it was a good question. Filip explained that to successfully make an Easter egg, the programmer has to hide the surprise from his fellow team mates and his employer, as well as the end user. It occurred to me that if programmers can hide fun things, it’s not a huge leap to hiding malicious things. Backdoors, for instance?

“We have not seen an Easter egg that might be considered as malware. There are plenty of original apps for Android which are modified to distribute malware by adding some kind of a downloader, but it’s without the user’s interaction. Easter eggs have remained harmless; Android apps – not so much,” said Chytrý.

Are there Easter eggs in mobile software?

Android developers have hidden Easter eggs within Android OS.

Easter eggs found in older version of Android OS

“There are Easter eggs in the latest versions of Android,” said Chytrý. “To access the Easter egg in your device, open the settings screen and tap About phone at the bottom of the screen. Locate Android’s version number on the about screen and quickly tap it several times.”

It worked with Android KitKat on my Nexus 4, but may not work in the modified OS of some device distributors. Find out how to access older Android OS Easter eggs.

Read more…

April 1st, 2014

Email with subject “FW:Bank docs” leads to information theft

In this blogpost we will look deep into a spam campaign, where unlike other possible scenarios, the victim is infected by opening and running an email attachment. In the beginning of this year, we blogged about a spam campaign with a different spam message – a fake email from the popular WhatsApp messenger. This time we will look at spam email which tries to convince the victim that it originates from his bank. The malicious email contains contents similar to the following one:


Subject: FW: Bank docs

We have received this documents from your bank, please review attached documents.
<name, address>

 

promo Read more…

March 27th, 2014

How does avast! SafePrice work?

howto2_enQuestion of the week: I am a long time avast! Antivirus user. After a recent update, I was surprised to see something new called SafePrice. I can’t find any information on it. Please explain what it is (and also how to remove it.)

Thanks for asking. We have received some questions and comments regarding the new avast! SafePrice and its functions, so we’ll clarify what SafePrice does and how we protect your data.

SafePrice is a part of the avast! Online Security browser extension. The purpose of this feature is to help you find the best offers among participating trusted shops and to notify you about cheaper offers by displaying a small bar on the top of your browser. This ensures that you do business with trusted vendor sites, and save time by having better offers on products presented to you, rather than searching for them manually.

All personally identifiable information removed in real time

SafePrice communicates data with our server; specifically the products you are searching for, and the URLs of the shopping sites you visit. All personally identifiable information is stripped from this data in real time, as it comes into our servers, so that the data is completely anonymous. We then check for more favorable prices or coupons with our third party partner, Ciuvo. Ciuvo never receives any of our users’ personally identifiable information.

How can I deactivate SafePrice?

When SafePrice is initially installed, you are shown a welcome layer which explains SafePrice’s functions, including how to permanently deactivate it. If you don’t want to receive SafePrice recommendations, you can disable them directly in the settings of the avast! Online Security web browser protection plugin. In the browser plugin’s settings there is a menu where you can remove the check-mark next to SafePrice, permanently deactivating it.

Ask a question

If you have a question about any of AVAST’s products, please send them to wannabesocial@avast.com. If we answer your question, we will send you an avast! Teddy Bear.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: How to Tags: ,
March 26th, 2014

Cute, but deadly. AVAST minions fight Grime!

minionsThey might look like funny characters from an animated movie, but the avast! GrimeFighter minions are a deadly force against the grime that accumulates in your computer over time. This crack team of animated minions brings AVAST users new technology that speeds, tunes up, and extends the lifespans of PCs. avast! GrimeFighter is being launched officially today in 14 languages.

“With avast! GrimeFighter we’ve integrated exceptional technology into our product that will help users benefit from their valuable PCs longer, as the minions decontaminate them from unnecessary bloatware,” said AVAST Chief Executive Officer Vince Steckler. “We are glad to offer this new product to our users to optimize their PC performance and are sure our diligent minions will put a smile on their faces.”

The Minion Team

Officer Pete, a police officer with an over-sized mustache leads the team. Other minions with names like Zilch, Torque and Dale Jumpshot, Jr. wipe browser caches, look for hardware problems, analyze your Internet speed, and disable bloatware, such as unnecessary programs and software that may have been pre-installed.

Collaboratively, the other minions examine security settings of popular applications and wireless networks, analyze the PC’s memory, hard drive, CPU and files to provide the user with a report at the end of the scan. The report is straightforward, with an option of viewing more detailed results.

Spring clean your PC

grimefighter resultsYou can scan your PC for free using avast! GrimeFighter, then pay for removal of the Grime reported. avast! GrimeFighter is available as a feature in avast! Antivirus 2014 and also as a standalone application. If you don’t have avast! Antivirus 2014, you can download it for free or purchase it from the AVAST website.

People investing in avast! GrimeFighter to make their PCs run like new again will see instant performance increases that prolong the life of their computers.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

 

March 18th, 2014

Fake Korean bank applications for Android – Pt 3

Recently, we discovered an account on GitHub, a service for software development projects, that has interesting contents. The account contains several projects; one of the latest ones is called Banks, and it has interesting source codes.  The account contains information like user name, photo, and email address, but we cannot tell who the guy in the picture is. He might not be related to the contents at all, it could be a fake picture, fake name, or simply his account may have been hacked, his identity stolen, and the Banks repository created by someone else without his consent. In this blog post, we will explore the source codes in detail.
korea-03

When we downloaded the repository, we found several directories – GoogleService and fake applications imitating mobile applications of five major Korean banks – NH Bank, Kookmin Bank, Hana Bank, ShinHan Bank and Woori Bank.

korea-02

 

We previously published two blog posts with analyses of the above mentioned fake applications.

When we look at GitHub statistics, and Punchcard tab, it tells us what time the creators were most active. From the chart below you can see, that Saturday mornings and evenings and Sunday evenings were the most active times of comments of new versions. It seems that authors of this application do the development as a weekend job. At the time of writing this blogpost, the last update of fake bank applications was in the beginning of January 2014.

korea-20

This is not the first attack against users of Korean banks. About a year ago, we published this analysis.

Conclusion

Github, the web-based hosting service for software development projects, offers a lot of interesting contents, which depending on its settings can be later found and accessed by virtually anyone, including Google robots.  We managed to find the above mentioned repository by simply Googling the strings which occurred in a malicious Android application.

Acknowledgement:

The author would like to thank to Peter Kalnai and David Fiser for help and consultations related to this analysis.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

March 5th, 2014

How to reinstall the avast! Endpoint Protection client

howto2_enRecently we started a new corner in our blog, SMB/Business, to talk about the avast! business product line. We will focus on topics which are come up during our conversations with resellers and their clients.

Today we will present a quick guide to answer this question:

How can I correctly reinstall the avast! Antivirus client?

Whether you’ve used avast! Antivirus for a long while, manage a large organization, or simply installed the wrong product,  it is imperative that you understand the correct uninstallation procedure before installing a different avast! Antivirus product.

The following guide will help you through the process.

  1. 1.  Navigate to add/remove programs, and uninstall the relevant avast! Antivirus product.
  2. 2.  Download avastclear.exe from here, and save it to your desktop.
  3. 3.  Start Windows in safe mode. (Safe mode is an operating mode that uses only the most fundamental driver and application set required to start the operating system.)

Windows XP, Vista, 7

To get to safe mode in Windows XP, Vista or 7 –  Restart your machine, and continuously tap the F8 key. You will then be presented with an Advanced Options Menu, where you can chose to boot from safe mode.

Windows 8

To get to safe mode in Windows 8 –  Go to the start screen and type Advanced into the search field. When the search results appear, click the settings category and navigate to the Advanced startup options screen.  Clicking restart now will take your computer directly to the advanced startup mode, from there click troubleshoot, then at the startup settings menu press F4 to enable safe mode. Your machine will then restart to safe mode.

  1. 4.  Open the avastclear.exe file you downloaded, and navigate to the root of the previous installation directory. Ex: C:\Program Files\AVAST Software.
  2. 5.  Click remove and restart your machine.

endpoint

Using the add/remove programs in Windows is not always 100% effective

Enjoy our business solutions! To find more information about SMB products, please follow this link: http://www.avast.com/business

For our existing business partners we also offer products training, which can be found here: http://avast.enterprisetube.com/

Ask a question on the User Forum

Thousands of avast! Antivirus users as well as avast! team members gather on the popular forum to help users-in-need with their questions. It helps to read the rules and practice polite netiquette at all times.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
February 3rd, 2014

AVAST Privacy IQ quiz: answers

AVAST Privacy IQ Quiz has finished.  Before we will officially announce the winners, please check how you should answer and learn why!

header

Do privacy policies guarantee that your information will be kept private?

Correct answer: No
A typical privacy policy includes information about the types of data the company collects and how it analyzes, discloses and stores the data; it doesn’t necessarily guarantee that your information will be kept private. Furthermore, companies can change their policy at any time – so what you initially agreed to may no longer be valid in the future.

Which of these are not recommended to share while using a public WiFi connection?

A. Your credit card

B. Your bank account information

C. Your social security number

D. All of the above

Correct answer:  All of the above
Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine. For the maximum security, use new avast! SecureLine VPN for Android and iOS.

You really need to purchase a late birthday gift for your friend online but you are away on vacation. You have paid for a hotel public WiFi connection so your personal information will be secure. It’s ok to purchase a gift for your friend while using the hotel public WiFi.

Correct answer: False
Just because you purchase access to a public WiFi connection does not make it secure. Get savvy about WiFi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.

 What is the best way to use social networking sites?

A. Set the privacy and security settings to your personal comfort level for information sharing.

B. Avoid sharing compromising photos and information.

C. You don’t have to rely on default security settings every time

D. Option A and B


Correct answer: Option A and B 

Own your online presence. When available, set the privacy and security settings on websites to your comfort level for information sharing. It’s OK to limit how and with whom you share information.

Once I set my privacy settings on a product or service, I don’t need to set them again.

Correct answer: False
You need to check your privacy settings often. Updates for apps and software can change privacy preferences to a default setting.

 All mobile apps that ask you to enable geolocation services require location data to function.

Correct answer: False
Many apps do not need geolocation services enabled in order to provide the service. Make sure you decline or opt-out of the location service feature on your phone. Protect your personal information by learning more about an app before you download. Get insights about installed apps and understand your apps’ access rights and intentions with Privacy Report & Apps Manager when you use avast! Free Mobile Security for Android. Read more…

Categories: Uncategorized Tags:
Comments off
January 31st, 2014

How to use avast! Mobile Security: Privacy Advisor

howto2_enAt AVAST we work hard to improve your security and privacy. Mobile malware is increasing. If you aren’t yet convinced that this is an issue, please read the latest blog from the avast! Virus Lab, How are you doing Mr. Android?

Nowadays, besides the traditional way to get money – sending premium SMS – the collection of personal info and browsing habits are also trending. How do cybercrooks monetize this data? Managing the ads that are shown in your smartphone or tablet, suggesting apps, sending offers by email or displaying them in-apps.

If you use avast! Mobile Security, then you can run a Privacy Advisor scan to categorize all the apps in your device:

  • Collect location information: Because of their nature, some apps need to capture your location. These would be GPS navigation tools, outdoor sports tracking and weather apps, for example. Some of them do it for statistical reasons. However, the majority of them do it just to customize local (targeted) ads.
  • Collect device or mobile network information: Some apps use the device info for developer and statistical reasons. Your mobile network info is also captured.
  • Collect user behavior data inside the app: This data are mostly useful for the developers as they adjust and customize their own apps according to their customers’ use, and to separate free from paid features.
  • Show in-app banner advertisements: This is an annoyance. Impatient users could drop the use of the app due to this kind of ad.
  • Show in-app full-screen advertisements: This is a huge annoyance and if it occurs, it is an invitation to uninstall the app. This is why the developers only show them a few times while the app is running Read more…
Comments off
January 27th, 2014

What is your Privacy IQ? Take our quiz and find out!

AVAST Software is proud to be a champion of Data Privacy Day, celebrated every year on January 28th. We encourage you to make protecting privacy and data a greater priority. Read on to find out if you are a Privacy Pro!

Find out if you are a Privacy Pro or if you need to learn more to protect your personal information online by taking the My Privacy IQ Quiz. Take the quiz here, by submitting your answers, as a comment to this blog post. The first 5 participants who will answer all questions correctly win avast! SecureLine VPN for Android or iOS or an avast! teddy bear. Alternatively you can enter a quiz at our Facebook here. Quiz ends on Monday, February 3rd 

blog

 

My Privacy IQ quiz

 

1) Do privacy policies guarantee that your information will be kept private?

A. Yes

B. No

Read more…

January 22nd, 2014

Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 2

1608606_777513882262041_947320490_n

Last week we promised to explain in detail how the “Blackbeard” Trojan infiltrates and hide itself in a victim’s system, especially on its 64-bit variant. Everything described in this blogpost happens just before Pigeon (clickbot payload) gets downloaded and executed. The most interesting aspects are the way it bypasses the Windows’ User Access Control (UAC) security feature and switches the run of 32-bit code of the Downloader to 64-bit code of the Payload. And finally, how the persistence is achieved.

From 32-bit Loader to 64-bit Payload

As almost all other malware, this downloader is encapsulated with a cryptor. After removing the first layer cryptor, we can see that the downloader is written in a robust way. The same code can be run under either a 32-bit or 64-bit environment, which the code itself decides on the fly based on the entrypoint of the unpacked layer. Authors can therefore encapsulate their downloader in either a 32-bit or 64-bit cryptor and it will get executed well in both environments.

Read more…