Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘General’ Category
October 17th, 2014

Ebola scams spread faster than actual disease in panic-striken U.S.

shutterstock_204144223 (2)

Cybercrooks use popular stories in the news to deceive people into giving up confidential information.

The dreaded disease Ebola that is spreading rapidly throughout West Africa made landfall in the US recently, and since then many news agencies have sensationalized the “outbreak” with constant coverage. Panic has grown as politicians raise the public’s fears and medical experts are confusing people with contradictory information. These things all combine to create the perfect atmosphere for scammers.

It’s quite common for cybercrooks to use social engineering techniques to fool people during a big news event, and we have seen an increase in phishing attempts. The United States Computer Emergency Readiness Team (US-CERT) issued an alert today to remind users to protect against email scams and cyber campaigns using the Ebola virus disease as a theme.

“Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system, “ says the advisory.

Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

Categories: General Tags: , , ,
October 15th, 2014

“Poodle” security hole has a nasty bite

poodles

“Poodle” bites on open WiFi networks with multiple users.

A security hole called Poodle could allow hackers to take over your banking and social media accounts.

Yesterday, Google researchers announced the discovery of a security bug in version 3 of the Secure Sockets Layer protocol (SSLv3). This web technology is used to encrypt traffic between a browser and a web site, and can give hackers access to email, banking, social accounts and other services.

Poodle bites multiple users in unsecure open WiFi networks, like the ones you use at coffee shops, cafes, hotels, and airports.

“To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using,” explained Kim Zetter in a WIRED article.

Avast experts strongly recommend that our users protect themselves when using free WiFi with avast! SecureLine VPN.

Poodle is not considered as serious a threat as this past spring’s Heartbleed bug which took advantage of a vulnerability in OpenSSL, and or last month’s Shellshock bug in Unix Bash software.

SSLv3 is an outdated standard (it’s a decade and a half old), but some browsers, like Internet Explorer 6, and older operating systems, like Windows XP, only use the SSLv3 encryption method. Google’s security team recommends that systems administrators turn off support for SSLv3 to avoid the problem, but warns that this change will break some sites.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

October 14th, 2014

Adobe gathers data from your eBook reader

Image from http://www.quickmeme.com

Security and privacy violations in Adobe’s Digital Editions eBook and PDF reader were discovered last week.

“This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects,” researcher Nate Hoffelder wrote in The Digital Reader blog post.

If you check out eBooks from your local library and read from a digital reader like a Nook, Kobo, or other non-Amazon eBook reader, then you have probably used Adobe’s free Digital Editions software.

Hoffelder said that Adobe is gathering user data on the eBooks that have been opened, which pages were read, and in what order, as well as metadata such as title and publisher –and all of it is being sent to Adobe’s servers in plain text. That means anyone who is interested and has the means, say, the National Security Agency or your ISP, could be reading over your shoulder. That’s not good. In fact, it’s very bad, as well as illegal.

It is hoped that Adobe’s Tuesday update will include a plug for the Digital Editions leak, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.”

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

October 13th, 2014

Big updates coming from Microsoft, Oracle and Adobe this Tuesday

Patch Tuesday Oct 2014

Pour yourself a cup of coffee; this could take a while.

One of the biggest “Patch Tuesday” fixes is happening October 14, when vital updates will be available from three companies at the same time.

We are all used to the monthly Patch Tuesdays from Microsoft and Adobe, but this month the quarterly updates from Oracle, the parent of problem child Java SE, coincide, making it a pretty big day for securing your system. Avast experts agree that one of the most important steps you can take to securing your data and devices is to make sure that you keep your software up-to-date.

Microsoft

Microsoft leads off the normal Patch Tuesday with the release of 9 security updates across products including a critical patch of Internet Explorer, all supported versions of Windows, and the .NET development framework.

Oracle

Oracle’s Critical Patch Update is a collection of patches for multiple security vulnerabilities. It contains 155 new security fixes across hundreds of Oracle products; 25 of them for Oracle Java SE. Oracle warns that “these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. “ That’s not good, if you were wondering.

“I would suggest removing Java if possible or at least turning it off in all your browsers,”  advises Jiri Sejtko, director of AVAST Virus Lab operations. Here are removal instructions for the most popular browsers: How do I disable Java in my browser?

Adobe

It is hoped that Adobe’s Tuesday update will include a plug for the big Digital Editions e-book and PDF reader hole, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.

Tuesday’s patch will probably include a fix for bugs in Adobe Flash Player.

avast! Software Updater shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.  All avast! security products inform you whenever any of your 3rd party applications are out-of-date and you can apply updates manually by clicking the ‘Fix now’ button next to each conflicting application. avast! Premier can be configured to perform these updates automatically.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

October 1st, 2014

Millennials take responsibility for their own cybersecurity

A new trend has started – people are taking responsibility for their own safety online!

ncsam_facebook_cover_photo_2014

AVAST Software is a “champion” and supporter of NCSAM.

Last October when National Cyber Security Awareness Month (NCSAM) was getting started, it was reported that the incoming workforce of millennials was lax about cyber-risks. They engaged in risky online behavior like:

  • Connecting to unprotected public WiFi networks
  • Using a storage device that wasn’t their own
  • Sharing a password with a non-family member
  • Never changing their online banking password

2014 brings more awareness among “Digital Natives”

For this year’s NCSAM, a new survey was done by defense contractor Raytheon in partnership with the U.S. Department of Homeland Security and the National Cyber Security Alliance. It showed that awareness of online safety is rising, with 70% of millennials saying they follow cybersecurity concerns and are up-to-date on the topic. Eighty-seven percent believe they are personally responsible for their online safety.

Millennials are known as the “Facebook generation” or “Digital natives” because they grew up in the “digital age” with internet-connected devices. But just because they were born after the digital age began, doesn’t mean they were any more concerned about security than the so-called digital immigrants who had to replace analog skills with digital. But this year, maybe because of the high profile data breaches that have occurred repeatedly, millennials are concerned about their devices being infected by malware, credit or debit card theft, someone hacking into financial information, or falling victim to online scams or fraud.

While many are aware of the risks – roughly 60% have experienced some sort of online violation – identity theft, a computer virus, or a bad experience on social media – they’re still engaging in some risky behaviors, such as 72% using public WiFi that doesn’t require a password.

Interestingly enough, this increased awareness is also driving interest in a career in cybersecurity with millennials expressing a desire to make the Internet safer and more secure. The problem is that almost two-thirds of the total don’t know or aren’t sure what the “cybersecurity” profession is.

Building_Tomorrows_Cybersecurity_Workforce-NCSAM2014

STOP. THINK. CONNECT.

Read more…

September 22nd, 2014

Join the Avast Beta 2015 and share your feedback

The Avast developers invite you to participate in the Avast 2015 beta test.

2015-Avast-beta

Your participation gives the team working on the latest versions of the world’s most trusted security products a chance to hear your voice – what’s working for you and what is not, how you like the experience, if you see performance or connectivity problems, etc. There are multiple new low-level functions which impact the whole system, so we need your feedback to tune everything for the final release.

Two new features introduced in Avast Beta 2015

Avast NG

Avast NG is a hardware-based virtualization solution capable of running each Windows process in a standalone, safe, virtualized environment (VM) which is fully integrated to your desktop. Each process is executed in its own instance of VM, which means it’s totally isolated from other applications. This feature is now powering Avast DeepScreen, resulting in better detection. The technology will also power the Sandbox and SafeZone components in the final release.

GrimeFighter Free

GrimeFighter will offer free cleaning of junk files and tuning of system settings. These tasks are performed by our Zilch and Torque minions.

Changes and other new features

  • Home Network Security scans your home network for vulnerabilities like WiFi status, connected devices, and router settings.
  • HTTPS scanning is able to detect and decrypt TLS/SSL protected traffic in our Web-content filtering component. This feature will protect you against viruses coming through HTTPs traffic as well as adding compatibility for SPDY+HTTPS/ HTTP 2.0 traffic.
  • SecureDNS protects against DNS Hijack on router/client including unsecured networks, public ones, etc. This feature is active in the paid versions only.
  • Smart Scan integrates all on-demand scans into one scan with different results and recommendations. Includes Antivirus, Browser plugins, Software updates, Home Network, and GrimeFighter.

To learn more about the Avast Beta 2015 , what to test, known issues, and to leave comments, visit the avast! Community forum thread dedicated to the beta test.

Avast Beta 2015 installation links

http://files.avast.com/beta9x/avast_free_antivirus_setup.exe
http://files.avast.com/beta9x/avast_pro_antivirus_setup.exe
http://files.avast.com/beta9x/avast_internet_security_setup.exe
http://files.avast.com/beta9x/avast_premier_antivirus_setup.exe

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

 

 

 

Categories: General Tags: ,
September 19th, 2014

AVAST celebrates International talk like a Pirate day

Ahoy, me hearties!

Today, the AVAST crew is participating in one of the goofiest events in the world: International Talk Like a Pirate Day! Did you know thtalk-like-a-pirateat there is a Pirate language and that AVAST is one of the key words of the language? You can even set up your avast! Antivirus in Pirate language and change your sound notifications to pirate language! How we are participating?

Th’ wenches ‘o Social Media ‘n HR, along wit’ a few scurvy dogs, have planned a right jolly day ‘o piratey hijinks fer th AVAST pirates. Every hour when th’ bell chimes, a new task is assigned. The treasure hunting has finished and prizes given away.

Th’ best scurvy pirates come from AVAST!

Our team received seven tasks in different categories to challenge geeky and creative minds. The response was great and we are sharing with you only a fraction of what has been happening here. :)

Jolly good idea ya social media ‘n HR wenches, garrr!

But run out of rum and you walk the plank! ~ Jan, accounting department

 

Avast who is coming next

you will need your pirate vest.

Hide your hook and say ahoy

to not scare this little boy :D ~Pavla  Marketing

 

Ya lazy bums, hurry and up,
avast! they come, our blood thirsty foes,
let’s cut their throats with our smart codes
ahoy! we’ll grab, the scavengers boats!

One more yer’old powder monkeys!

The floor is dirty and supplies are rotten,
but we keep on sailing, we won’t be forgotten,
we rockin’n’surfin’n’fixin the mast,
we are the sailors working for Avast! ~ Tomas, BI

 

Advance, ye mates! Cross your lances full before me. Let me touch the axis and drink thy rum, ye harpooneers! ~ Andre e-commerce

 

 

 

A pirate ship named Avast,boat

Was sailing accross the sea,

The sailors organized a party and had a blast,

But the Captain was pissed as his glass was empty,

Where did all the rum go?

Where did all the rum go?

Arrrgh, the Captain was complaining over and over,

They will all be hangover! ~ Sarah e-commerce

 

Ahoj sailors developers!

I see some red,logo 6

Better when green,

Oops it’s again red,

Now code is clean,

And #TDD is great!

Code is poetry when #coding at Avast ~ Jonas BI

 

Malware are #FF0000

AVAST is the #FF9900

All my rums are belong to you!

ARrrrr!

01000001 01010110 01000001 01010011 01010100 ~ Nikolas, virus lab

 

Avast! Bloody Avast! Hey,
Pirates gonna crunch the bay.
Jump, shot & sink the boats.
Down the sea of rum & dry throats. ~ Pavel BI

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

September 19th, 2014

Avast, me hearties! Today is Talk Like a Pirate Day!

This day be a jolly day to be a scurvy pirate!

 

AVAST celebrates International Talk Like a Pirate Day

Celebrate all things pirate by installing a pirate-themed voice for your avast! Antivirus products. Download and install it from our Facebook avast! Voices tab and all yer antivirus alerts will henceforth be in a pirate voice. Go to avast! Voices on our Facebook page and choose Themed>1-pirate.mp3>Download Voice.

International Talk Like a Pirate Day started after syndicated columnist and author,  Dave Barry, mentioned a group of zany guys who liked to talk using pirate lingo. Years earlier, these guys decided to start their own Talk Like a Pirate Day and make it a national holiday on September 19th.  Trouble was, no one knew about it. But in 2002, when Dave Barry wrote about the fledgling holiday, it was a breakout success.

Since the name of our company, AVAST, also means stop or desist, as in “Avast, ye landlubbers!”, it made sense for us to be a part of the celebration.  Jezebel, the Webwench from the Talk Like a Pirate’s Day crew declares,

avast! Antivirus software  is the official AV protection of at least one-quarter of the Talk Like A Pirate Day crew. I installed the pirate voice and I LOVE IT SO MUCH, mate!

So join th’ ruckas this day, ‘n install th’ scurvy pirate voice on ye avast! Antivirus. Like our avast! Facebook page, click the avast! Voices tab and Talk Like a Pirate!

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

September 16th, 2014

‘Win iPhone 6’ scams fool Facebook users, pad scammers pockets

It only took Apple 24 hours to get 4 million pre-orders of the new iPhone 6, and scammers were right there with them to cash in.

FB iPhone 6 scam

This example of a like-harvesting scam page promises an iPhone 6 giveaway.

In the newest iteration of a scam used every time a new product is launched with fanfare, Facebook pages have been popping up claiming that people who like, share, and comment on a post can win an iPhone 6.

This type of scam is referred to as like-harvesting. The scammer makes the page popular by collecting likes and then sells the page to other scammers. The offer of a new device, like the iPhone 6, entices people to click the like button then spam their friends with the bogus promotion. Thousands of likes can accumulate within a few hours, making the page quite valuable on the black market. The new owner rebrands it to peddle more questionable products and services with their built-in audience.

A variation on this scam is the Survey Scam. As with like-harvesting, you must first like the Facebook page. The difference is that you need to also share a link with your Facebook friends.

This link takes you to a page where you are instructed to download a “Participation Application.” Generally, a pop-up window leads you to participate in a survey before you can download the application. Some surveys will ask for personal information like your mobile phone number or name and address. If you provide those details, you open yourself up to expensive text-messaging services, annoying phone calls, and junk mail. In some cases, the download contains malicious code. The only thing you can be guaranteed not to get is an iPhone 6! Meanwhile, the scammer earns money for every survey through an affiliate marketing scheme.

What to do if you liked a ‘Win iPhone 6′ page

If you fell for the scam, then learn from it and don’t do it again! Make sure you unlike the page, delete comments that you made, and remove the post from your news feed. You may also want to alert your friends to the scams, so they don’t fall for it.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

September 15th, 2014

Tiny Banker Trojan targets customers of major banks worldwide

The Tinba Trojan aka Tiny Banker targeted Czech bank customers this summer; now it’s gone global.

After an analysis of a payload distributed by Rig Exploit kit, the AVAST Virus Lab identified a payload as Tinba Banker. This Trojan targets a large scope of banks like Bank of America, ING Direct, and HSBC.

 hsbc_bank

In comparison with our previous blogpost, Tinybanker Trojan targets banking customers, this variant has some differences,  which we will describe later.

How does Tiny Banker work?

  1. 1. The user visits a website infected with the Rig Exploit kit (Flash or Silverlight exploit).
  2. 2. If the user’s system is vulnerable, the exploit executes a malicious code that downloads and executes the malware payload, Tinba Trojan.
  3. 3. When the computer is infected and the user tries to log in to one of the targeted banks, webinjects come into effect and the victim is asked to fill out a form with his/her personal data.
  4. 4. If he/she confirms the form, the data is sent to the attackers. This includes credit card information, address, social security number, etc. An interesting field is “Mother’s Maiden Name”, which is often used as a security question to reset a password.

Read more…

Comments off