When the mastermind hackers of the notorious Carberp Banking Trojan were arrested, we thought the story had ended. But a sample that we received on May 7th, a month after the arrests, looked very suspicious. It connected to a well known URL pattern and it really was the Carberp Trojan. Moreover, the domain it connected to was registered on April 9th!
Taking a closer look into the PE header, it was observed that the TimeDateStamp (02 / 27 / 13 @ 12:19:29pm EST) displayed a bit earlier date than the date of the arrests of the cybercriminals, and the URL was a part of larger botnet where plenty of Russian bots are involved. So the case was closed as a lost sample within a distribution process.
After using our internal Malware Similarity Search to catch as many malware samples as possible, a cluster appeared. It contained some well-known families like Zbot, Dofoil, Gamarue, and some fresh families like Win32/64:Viknok and Win32:Lyposit. The latter is a dynamic link library and it caught our attention by a quite sophisticated loader and a final payload. Read more…
avast! Free Antivirus for Mac was launched a mere week ago, and it only took three days to reach the #1 position on CNET’s download.com. avast! Free Antivirus for Mac fulfills the need for quality security just as the Mac community is recovering from the high-profile Flashback Trojan that infected 600,000 Macs. Many people realize now that OS X is not immune to attack, and new OS X malware is demonstrating how unprotected Macs can be infected when a user simply visits a website.
avast! Free Antivirus for Mac contains the same light, award-winning, certified, and highly acclaimed antivirus and anti-spyware engine as its avast! version 7 Windows counterpart. Learn more about it here.
Win a MacBook Air
Thanks to loyal avast! users like you, avast! is the most liked antivirus on Facebook. As of this writing, we have over 1.1 million likes and rising. Thanks, avast! fans.
Like avast! on Facebook and enter to win a MacBook Air! Take a photo of yourself with an apple and submit it to our contest by Friday, May 18. You must be a registered avast! user and a fan of avast! on Facebook. After the photos are in, the fun begins when all the participants vote for their top 5 favorite photos. Those five will each win a MacBook Air! So get those apples polished and cameras snapping. We want your best photo!
Mac computers running the beta version of avast! Free Antivirus for Mac were not infected by the Flashback Trojan.
“We’ve confirmed our app’s detection abilities for Flashback within the test lab and with reports from our beta testers,” says Jiri Sejtko, director of AVAST Virus Lab operations.
The Flashback Trojan linked to the Mac botnet is a derivative of last year’s DevilRobber Mac OS X Trojan. The AVAST Virus Lab now has 18 variants of this malware in its antivirus database.
“With an estimated 600,000 infected Macs, this botnet is just a large example that the Apple operating system is not immune from malware,” said Jiri. “Add a growing market share that makes Mac an attractive target for the bad guys together with a user base that insists they do not need a security app – you have all the conditions in place for an epidemic to rip through.”
The latest Flashback variants can infect vulnerable Macs without requiring the victim to enter a password. “Mac malware has historically been dependent on social engineering – convincing the user to enter the required password. Now these days are over and Mac users can pick up malware just by visiting an infected website,” adds Jiri. “Welcome to the real world.”
Flashback is a logical step in Mac malware’s steady evolution, he points out. Initial malware samples were rather simple, just compiler-generated code, with no encryption whatsoever, but it has since evolved to be more “custom”, with encrypted strings and code, and structured to avoid security apps like LittleSnitch(firewall software for Mac OS) or Apple’s XProtect. During 2011, there were some large-scale attempts to spread Mac malware via Google Image poisoning.
“It takes 1-2 years for malware guys to adapt to a new technology – it took a similar time when they switched from DOS to Windows. This latest botnet did not fall out of the clear blue sky. The conditions have been building for some time and I’m glad that our security app will soon be available for Mac users,” says Jiri.
avast! Free Antivirus for Mac is currently in the late BETA stage. It includes the latest avast! antivirus engine, three shields (Web, File, and Mail) and the WebRep reputation and anti-phishing plugin for Safari browser. avast! Free Antivirus for Mac builds on the AVAST Software tradition of providing a full-fledged security app which is completely free. More details coming very soon.
Apple’s ‘cloak of invulnerability’ has lately been shredded by the MacDefender fake antivirus and the Pinhead and Boonana Trojans. Don’t worry, be proactive. Here are five tips to make your Mac more secure:
1. Don’t use ‘automatic login’
It’s cool to turn your computer on and instantly use it. But troubles can start when a computer is turned on by someone other than its owner… If you are concerned about your sensitive data, you can encrypt or simply disable the ‘automatic login’ function. Here’s how to do it:
1) Go to System Preferences > Security
2) Authenticate yourself by clicking Click the lock to make changes
3) Check Disable automatic login Read more…
On August 28, 2009, Apple released Snow Leopard. One of new functions added to this version is basic anti-malware tool called “XProtect”. The name is based on the name of one .plist file which contains strings that are necessary for detection. Apple had not provided a name for the tool, so developers made it. Read more…
You’ve probably seen applications for generating passwords. For those who have not, this is how the process actually works:
- application for generating passwords is downloaded
- user runs the application and presses the “generate” button
- a string appears that looks something like this: I8kjH9s&ER1()G
- this string is used as a password for his Mail / Facebook / Twitter / …
And now, the user has two options:
- he’ll forget his new password immediately
- to ensure that the new password is not forgotten, he’ll write it down on a sticker and put it on the computer monitor. If the user has other computer-generated passwords, he will place this “my email” sticker on top of the existing stickers.
So what’s the deal? Why am I telling you this? Because in a moment, we’re going to learn how to create secure passwords – and you’ll see that you are going to change passwords more often than you have previously. Because creating passwords can be fun.
There’s a groovy discussion in the world of Apple about the security of Mac OS. I’ve seen this kind of discussion many times and in most cases it had a quite similar scenario. We won’t go through this entire scenario (although it could be fun), we’ll just summarize the core of it with one phrase that pops up in all these debates: “There are no viruses for Mac OS.”
Let’s take a short excursion through the history of Mac infections.