Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘SMB/Business’ Category
October 27th, 2014

Pony stealer spread vicious malware using email campaign

Most people want to stay on top of their bills, and not pay them late. But recently, unexpected emails claiming an overdue invoice have been showing up in people’s inboxes, causing anxiety and ultimately a malware attack. Read this report from the Avast Virus Lab, so as a consumer you’ll know what to look for, and as a systems administrator for an SMB or other website, you will know how cybercrooks can use your site for this type of social engineering scam.

Recently we saw an email campaign which attempted to convince people to pay an overdue invoice, as you can see on the following image. The user is asked to download an invoice from the attached link.

mail1

The downloaded file pretends to be a regular PDF file, however the filename “Total outstanding invoice pdf.com” is very suspicious.

When the user executes the malicious file, after a few unpacking procedures, it downloads the final vicious payload. The Avast Virus Lab has identified this payload as Pony Stealer, a well-known data-stealing Trojan which is responsible for stealing $220,000, as you can read here.

We followed the payload URL and discovered that it was downloaded from a hacked website. The interesting part is that we found a backdoor on that site allowing the attacker to take control of  the entire website. As you can see, the attacker could create a new file and write any data to that file on the hacked website, for example, a malicious php script.

backdoor

Because that website was unsecured, cybercrooks used it to place several Pony Stealer administration panels on it, including the original installation package, and some other malware samples as well.  You can see an example of Pony Stealer panel’s help page written in the Russian language on the following picture.

panel

Avast Virus Lab advises:

For Consumers: Use extreme caution if you see an email trying to convince you to pay money for non-ordered services. This use of “social engineering” is most likely fraudulent. Do not respond to these emails.

For SMBs: If you are a server administrator, please secure your server and follow the general security recommendations. As you learned from this article,  you can be hacked and a backdoor can be put in your website allowing anyone to upload whatever he wants to your website. Protect yourself and your visitors!

SHA’s and detections:

4C893CA9FB2A6CB8555176B6F2D6FCF984832964CCBDD6E0765EA6167803461D

5C6B3F65C174B388110C6A32AAE5A4CE87BF6C06966411B2DB88D1E8A1EF056B

Avast detections: Win32:Agent-AUKT, Win32:VB-AIUM

Acknowledgement:

I would like to thank Jan Zíka for discovering this campaign.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

October 15th, 2014

5 steps to keep your SMB data protected

SMB-security

When Edward Snowden came forward in May 2013, accusing the world’s largest intelligence service of spying on US allies, people, and private companies, it became evident that electronic data is quite vulnerable. This major event even caused Russian and German government officials to consider cataloguing their data, using old-fashioned manual typewriters instead of computers. Should you do the same with your business’ data to protect it?

The only way to keep your data absolutely safe from hackers and spies is to keep it far away from computers and servers, but this approach isn’t realistic. So here are five steps that you can take to protect your small or medium size business’ data:

1)     Configure your computer network properly Regardless of the way your computers are connected in your company, via work group or server, make sure that you have implemented the right configuration. Make sure you haven’t left any gaps for hack attacks, such as software that has not been updated or free network accessibility to suppliers or all company employees.

2)     Install a business-grade antivirus This one sounds obvious, however, it is important to point out that several SMBs still use personal antivirus to protect their business data. A company that opts to use consumer security products might not get into legal problems (although this is possible), but the major issue here is the security of the data itself. Business antivirus allows an entrepreneur to manage the company’s electronic security remotely instead of being obligated to check   each PC’s security manually. With a administration console, you can check on current problems, their solutions, and in the event of an infection or unauthorized action your console can get real-time alerts.

3)     Educate your employees about online security At AVAST we receive 50,000 samples of new viruses a day. Online security is evolving, which means you need to educate your employees about the dangers of online security and how they can best protect your company’s data on a regular basis. Try to focus on explaining the concept of social engineering to your employees, what the most recent methods of attacks are, and what the latest malware on the market is. The AVAST blog is a great place to find this information.

4)     Keep in mind that humans can fail Remember that although a great part of online security can be automated, it continues to be dependable on human actions, which from time to time can fail. Minimize the risks by training your employees properly and sharing the responsibility for data security with everyone. If a mistake is made, take it as an experience to learn from as a company, rather than cracking down on one person.

5)     Encrypt your most important data Currently, SMB owners have the option to encrypt data, so that in the case of an attack, their files will be protected. Encrypting files turns the information into unreadable code and only those who have the access to the encryption key are able to restore the files to their original state. This process is not simple, which is why it is recommended to encrypt your most important and sensitive files.

In addition to these five steps, make sure you stay up-to-date with the latest data security news. If a company in the same field as yours gets attacked, it can hit your SMB quicker than you may think! Remember, the digital world has neither frontiers nor barriers!

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: SMB/Business Tags:
August 28th, 2014

Bad news for SMBs: Target’s “Backoff” malware attack hits 1,000 more businesses

PoS attacks

avast! Endpoint Protection can protect your network

U.S. merchants advised to protect themselves against same PoS hack that hit Target and Neiman Marcus last year.

More than 1,000 U.S. businesses have had their systems infected by Backoff, a point-of-sale (PoS) malware that was linked to the remote-access attacks against Target, Michaels, and P.F. Chang’s last year and more recently, UPS and Dairy Queen. In the Target breach alone, 40 million credit and debit cards were stolen, along with 70 million records which included the name, address, email address, and phone number of Target shoppers.

The way these breaches occur is laid out in BACKOFF: New Point of Sale Malware, a new U.S. Department of Homeland Security (DHS) report. Investigations reveal that cybercrooks use readily available tools to identify businesses that use remote desktop applications which allow a user to connect to a computer from a remote location. The Target breach began with stolen login credentials from the air-conditioning repairman.

Once the business is identified, the hackers use brute force to break into the login feature of the remote desktop solution. After gaining access to administrator or privileged access accounts, the cybercrooks are then able to deploy the PoS malware and steal consumer payment data. If that’s not enough, most versions of Backoff have keylogging functionality and can also upload discovered data, update the malware, download/execute further malware, and uninstall the malware.

General steps SMBs and consumers can take to protect themselves

  • You should use a proper security solution, like avast! Endpoint Protection, to protect your network from hacking tools, malicious modules, and from hackers using exploits as a gateway to insert malware into your network.
  • Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate.
  • Change default and staff passwords controlling access to key payment systems and applications. Our blog post, Do you hate updating your passwords whenever there’s a new hack?, has some tips.
  • Monitor your credit report for any changes. You’re entitled to one free report per year from each of the three reporting agencies.

Read more…

Comments off
August 21st, 2014

Employees using public Wi-Fi put sensitive business data at risk – VPN services provide proper protection

travel tipsJohn Smith works for a small business with ten employees. The company is sending John abroad to meet with potential investors. Being the productive employee that John is, he connects to the public Wi-Fi provided by the airport to do some work. He visits the investors’ websites and sends a few emails to his colleagues. On the flight, John continues to surf the web using the in-flight Wi-Fi. Once John lands he goes to a café before his first meeting. At the café he connects to the Wi-Fi to download a revised version of his presentation. After his meetings, John goes to his hotel for the night. There, John connects to the hotel’s Wi-Fi to send his boss a summary of the meetings and to catch up on some news from home. To John’s disappointment, local news videos are blocked due to geographic restrictions.

This sequence of events is typical for traveling business professionals. Connecting to public Wi-Fi frequently while on the go may be a great way to get work done, but it can be dangerous if employees don’t use a VPN (Virtual Private Network) connection.

During John’s journey he connects to four different hotspots. John works for a small business, so they do not have an IT administrator who set up a secure VPN for John to use. John therefore transferred valuable information, entered log in credentials, and browsed websites that reveal his business’ intentions without any protection. Anyone could observe which websites John visited, read messages he sent, and access files he transferred via unsecured sites with tools readily available online.

Unless you are visiting sites beginning with HTTPS, your communication is unencrypted. This means all your communication is out in the open for anyone to see, including log in credentials. Sharing information, such as files, via file transfer protocol (FTP) while connected to public Wi-Fi is also never a good idea. Like visiting non-HTTPS sites, files and data transferred via FTP are up for grabs.

Don't forgetSmall businesses, without a VPN network, should turn to VPN services, like avast! SecureLine VPN to protect their data. A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects business data, thus preventing hackers from accessing files and other sensitive information stored on the device. VPNs also anonymize location; an added plus for when business professionals who need access to content from home that may be blocked while traveling.

REMEMBER THIS!

With a VPN connection you can:

  • Protect your business data by preventing hackers from accessing files and other sensitive information stored on the device
  • Anonymize your location (IP address) online so you can access restricted content from home that might be blocked while traveling (Netflix, anyone?)
  • Hide your login details from snoops on public Wi-Fi. Avast encrypts all of your web use, including log ins and passwords.

avast! SecureLine VPN is available in packages of three, five or ten licenses and can be purchased from authorized AVAST resellers. avast! SecureLine VPN can also be purchased directly from the AVAST online shop.

Read more about VPN and avast! SecureLine from these blog posts:

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
July 23rd, 2014

Should small and medium-sized businesses be worried about PoS attacks?

Customers are vulnerable at the moment of purchase.

Most U.S. merchants cannot detect fraud at the point of sale.

One of the most dangerous places in America is your local retailer. Before you leave the building with your purchases, you run the risk of having your identity stolen.

No doubt you recall the 2013 security breaches at Target, Michael’s, and Neiman Marcus where millions of records were compromised by Point-of-Sale (PoS) attacks. PoS occurs when the customer makes a payment to the merchant. That last exchange is the most vulnerable.

Large retail merchants lead the list by 50% of organizations where consumers’ data was compromised in 2013, followed by credit card issuers and consumer banks, according to the #DataInsecurity Report done by the National Consumers League, in cooperation with Javelin Strategy & Research. The #DataInsecurity Report also revealed that 61% of data breach victims reported the breached information was used to commit fraud against them.

This should not come as a surprise. According to the Nilson Report, approximately $4 trillion dollars was paid with credit, debit, and prepaid cards in the U.S. last year. Add to that the ready availability of code to execute PoS attacks available on underground forums and you have the perfect storm of a large victim pool for cybercriminals. The U.S. is an easy target since EMV cards (cards with chips embedded) have not been widely adopted. EMV, conceived between Europay, MasterCard and Visa, is a standard securing payments in other countries.

Cybercriminals don’t care about the size of your business

U.S. banks are slow to upgrade to "Smart cards" with embedded chips

U.S. banks are slow to upgrade to “Smart cards” with embedded chips.

Although most of the PoS attacks highlighted in the media were against large retailers, cybercrooks don’t care how large or small your business is. You would think they would, but cybercriminals are more interested in raking in the money rather than caring about the fame they could possibly receive from attacking a large and popular business. Regardless of its size, if your business has a PoS system to charge customers for products or services, you should be protecting your system to save yourself from a possible attack. PoS attacks not only steal valuable customer information, they can damage your business’s reputation.

The #DataInsecurity Report shows that only 10% of retail fraud victims are confident that retailers can protect their information in the future.

How PoS attacks work

The biggest PoS Trojans, like Dexter, BlackPOS, Minerva, and vSkimmer, have targeted systems and networks running Windows. Read more…

April 23rd, 2014

Facebook is spring cleaning your News Feed

Facebook spam blocks relevant News Feed posts

Spam blocks news Facebook users want to see

Last year, Facebook had the dubious honor of containing more spam than other social networks.

In order to combat this scourge, Facebook recently announced a series of  improvements to the News Feed to help ensure that spammy content does not drown out the posts that people really want to see from friends and Pages they care about.

“The goal of this spring cleaning is to deliver the right content to the right people at the right time so they don’t miss the stories that are important and relevant to them,” said Facebook.

The clean-up targets three areas: Like-baiting, frequently shared content, and spammy links

Like-baiting is one of the sneakiest scams on Facebook. It’s when a post explicitly asks readers to like, comment, or share the post in order to increase the number of likes and/or shares; in other words, to “Go Viral.”  As we have described in previous posts, the page usually collects the likes, then sells it to the highest bidder to re-purpose for new annoying posts and scams.

Facebook uses this cute animal survey image to illustrate what it considers to be like-baiting.  The text asks the reader what their favorite animal is, with pictures asking for likes, comments, and shares.

Like-baiting is one of the sneakiest scams on Facebook

Facebook found that there was an over-abundance of frequently shared content.

Read more…

April 3rd, 2014

How to reset your avast! Administration Console password

When Albert Schweitzer said “Happiness is nothing more than good health and a bad memory” he could not have possibly known how unhappy future Systems Administrators would be when they have a scheduled maintenance window to deploy anti-virus clients throughout the domain, only to realize that the password to log into the console has been forgotten. If this is happening to you,  it may provide you some comfort in knowing that I’ve been there, but luckily enough for me (and you, my forgetful friend), there’s a pretty easy way out of a potentially disastrous situation. With that being said, it brings me great pleasure to publish a guide on a topic of which I am so familiar.

“Enough about your bad memory! How can I reset my password already?!” You say?
Well that depends on which console you’re using. If you’re using SOA, read below. If you’re using EA, click here to jump straight to it. Regardless, be sure to be logged in with administrative privileges, as they will be required.

How to reset the password for avast! Small Office Administrator

To reset the Small office Administrator password, enter the following into a command prompt:

“C:\Program Files\AVAST Software\Administration Console\Avast.Sbc.Service.exe” –c password -p NewPassword

…where:

“C:\Program Files\AVAST Software\Administration Console\Avast.Sbc.Service.exe” is the installation path to the file. And –c password –p NewPassword are the application switches. Do leave –c password intact, but change the newpassword field to the password of your choice.
If the application cannot be found from its default installation path, simply search for it from the Start menu, and when you’ve found it, right click it and go to properties. The fields target and location will provide the full path, though you will have to add the file name [Avast.Sbc.Service.exe] and the switches described above to the end.

 The results should look like this: The screenshot below will change the password to “NewPassword”

b1

If you have entered the command successfully, you’ll get the confirmation message below. Read more…

Categories: How to, SMB/Business Tags:
Comments off
March 25th, 2014

AVAST is the most known antivirus brand in the world. What does this mean for our business partners?

Over the years AVAST has gained an impressive number of users: Over 200 million worldwide.

How did AVAST grow into the most trusted security product provider in the world? 

We got there by launching a very successful freemium business model. We give a quality product, avast! Free Antivirus, away for free. Customers like it and recommend it to others. In addition to the free product, we offer paid-for consumer solutions and a business products line.

AVAST Software does not invest money into advertising; we are mostly growing via recommendations and huge social media communities.

The free product is great, but how do the paid-for products compare? av

We all know very well that when making a decision to buy a product, we would rather go for something which is known and our friends, family or colleagues recommend instead of getting something which we have never heard about and none can really refer to.

While making sales and offering products to customers, partners are often asked for testimonials. Recommendations provided by your existing, satisfied customers, are available but usually it is not enough! Especially in the IT and security sectors, it is crucial to show your customer proof provided by IT authorities and official comparatives results. Although AVAST is known as a provider of free software, at the same time, our products score top positions in many comparative tests. Read more…

Categories: SMB/Business Tags:
March 5th, 2014

How to reinstall the avast! Endpoint Protection client

howto2_enRecently we started a new corner in our blog, SMB/Business, to talk about the avast! business product line. We will focus on topics which are come up during our conversations with resellers and their clients.

Today we will present a quick guide to answer this question:

How can I correctly reinstall the avast! Antivirus client?

Whether you’ve used avast! Antivirus for a long while, manage a large organization, or simply installed the wrong product,  it is imperative that you understand the correct uninstallation procedure before installing a different avast! Antivirus product.

The following guide will help you through the process.

  1. 1.  Navigate to add/remove programs, and uninstall the relevant avast! Antivirus product.
  2. 2.  Download avastclear.exe from here, and save it to your desktop.
  3. 3.  Start Windows in safe mode. (Safe mode is an operating mode that uses only the most fundamental driver and application set required to start the operating system.)

Windows XP, Vista, 7

To get to safe mode in Windows XP, Vista or 7 –  Restart your machine, and continuously tap the F8 key. You will then be presented with an Advanced Options Menu, where you can chose to boot from safe mode.

Windows 8

To get to safe mode in Windows 8 –  Go to the start screen and type Advanced into the search field. When the search results appear, click the settings category and navigate to the Advanced startup options screen.  Clicking restart now will take your computer directly to the advanced startup mode, from there click troubleshoot, then at the startup settings menu press F4 to enable safe mode. Your machine will then restart to safe mode.

  1. 4.  Open the avastclear.exe file you downloaded, and navigate to the root of the previous installation directory. Ex: C:\Program Files\AVAST Software.
  2. 5.  Click remove and restart your machine.

endpoint

Using the add/remove programs in Windows is not always 100% effective

Enjoy our business solutions! To find more information about SMB products, please follow this link: http://www.avast.com/business

For our existing business partners we also offer products training, which can be found here: http://avast.enterprisetube.com/

Ask a question on the User Forum

Thousands of avast! Antivirus users as well as avast! team members gather on the popular forum to help users-in-need with their questions. It helps to read the rules and practice polite netiquette at all times.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
February 26th, 2014

Why you should join the AVAST Business Partner Program.

Most of you know avast! Antivirus as a free antivirus solution that provides comprehensive protection for consumers. With over 211 million users, including small companies up to enterprise using avast! Endpoint Protection, avast! is the most trusted antivirus protection in the world.

bs3AVAST business product facts:

  • AVAST has over 3,000 business partners worldwide and the number is growing!
  • The avast! Endpoint Protection business line offers products to fit your needs and budget
  • Light, easy-to-deploy and manage with the same award-winning antivirus designed for SMB needs!
  • Our business products are easily manageable, so you and your clients don’t have to be  IT experts to make your business secure!

The AVAST Partner Program

The AVAST Partner Program team has prepared rewarding programs for our business partners. New partners are welcomed with a special package to help them grow their business with AVAST immediately.

We have a great partner program for AVAST resellers, providing sales leads, project support as well technical support and training. Our aim is simple; provide best-in-class products with a best-in-class engagement model. We want to keep it simple, effective and fun ~ said Peter Baxter AVAST VP – WW Channels & Corporate Products. For more follow this link.

contact usInterested in joining AVAST?

It‘s easy!  Just fill in a partner application form, and we will take care of the rest. One of our team members will contact you within 2 business days and get you on your way to being an official AVAST business partner.

What are the next steps?

After the resellers agreement has been finalized, our sales representative will get in touch with you and agree on the next steps at your convenience. Shortly after the registration we will invite you for welcome training where you will learn more about our Endpoint Protection  solutions and our business model. Read more…

Categories: SMB/Business Tags:
Comments off