Question of the week: Since I have been using avast! I have been conscious of staying secure online. Does it matter which search engine I use? Is one safer than the other?

Thanks for using avast! to protect your computer. Yours is a great question, but maybe not one that people consider when thinking about the security of their system.

A recent 18-month study by the German Security firm AV-TEST Institute revealed that search results about breaking news stories, like the recent bombing at the Boston Marathon, frequently contain malicious links. People seek news quickly and they click on the links at the top of results without stopping to consider their safety or reliability. PCs without reliable security software soon become infected.

Google search is safer than Bing

AV-TEST evaluated about 40 million websites and found that Google is the safest way to search if you want to avoid malware. It’s rival Bing delivered five times more malicious websites in search results than Google. Yandex, Russia’s popular search engine, performed even worse than Bing delivering 10 times as many infected websites as compared to Google. This chart shows the results from Yandex, Bing, Google, and Blekko.

Overall the number of infected websites represent a small overall percentage of search results. But you need to remember that Google handles 2 to 3 billion search requests worldwide every day. The editors of the study point out, “If this total is factored into the calculations, the total number of websites containing malware found by the search engine is enough to make your head spin!”

Even though the study indicates that Google is the safer bet, all the search engines are pretty safe. As a conscientious user, you just need to be careful what you click on and make sure your programs and applications are up-to-date. Of course, you are already covered by terrific protection – avast! Antivirus!

Additional information:

Microsoft response to AV-Test- “We show results with warnings for about 0.04% of all searches, meaning about 1 in 2,500 search result pages will have a result with a malware warning on it.  Of those, only a small proportion of malicious links ever get clicked and the warning therefore triggered, so a user will see the warning only 1 in every 10,000 searches. In any case, the overall scale of the problem is very small.”

Yandex response to AV-Test – “Yandex uses its own proprietary antivirus technology to protect users from malicious software,” reads an email from the company. “Yandex marks the infected webpages in its search results in order to notify users of unsafe content. We just notify users of possible consequences and do not block access to the webpage completely.”

Dealing with file formats is not really enjoyed by us. Usually the format designers haven’t had the security and parsing by foreign applications in mind, sometimes the specifications are hard to get, but, what is worst is the specification which claims something and then the major implementation does not follow it, allowing the bad guys to evade easily our strict parsers (as strict as specified in docs). We’ve already blogged about such problem in the past.

As I dealt with Embedded Open Type (EOT) in the past I have received some undetected samples from my colleague. It was EOT sample mentioned in this blog and some other sample downloaded by her. EOT is a compact form of OpenType font – it uses some special compression based on this specific file format to decrease file size.

Read more…

How’s this for a good phishing scam? Everything seems legit:

1. From email is “customerservice@utsa.edu”

2. No misspelled words and has decent grammar (however, some punctuation inconsistency)

3. Copyright (c) symbol next to the university name

4. Gmail did not filter it as spam, but left it in my normal inbox

Yes, if I had ever attended that particular university, I might have fallen for it.

PLEASE NOTE: University of Texas has nothing to do with this email.

Part time job for a social media agent  

Do you blog, comment, respond, post, chat, like, re-tweet, add to circles, pin…? Do you monitor what’s hot on social media in your language? Do you have 2 hours a day that you can fully dedicate to avast! social media? Can you be the eyes and ears of avast! in your country as if your own reputation depended on it?

We seek a highly motivated individual with experience and fanatical passion for blogging, micro-blogging and community participation to simply communicate with avast! followers in your mother tongue. You will help us approach new users in your country, so we can spread avast! Free Antivirus across the globe!

This is a part time position – at least 10 hours a week

That will not happen to you

Read more…

They say size doesn’t matter… however, at Twitter it actually does! How can you express yourself, knowing that you MUST use no more than 140 characters? How can you tell everything about Avast and still fit within this number? How can you respond to Avast users knowing this limitation? Well, by setting up and communicating daily via our avast! Twitter account, we have accepted this challenge and now we have one for you…  But before we get there, let me tell why you should start following us on Twitter.

Read more…

Thousands of new malwares come to our virus lab daily. The target could be both Android devices and Windows computers. They’re being detected under the Android:Ssucl-X name. The malwares are being spread through false apps to free up memory of the devices and enhance their performance. They were available at Google Play as Superclean (published at January 3rd and got 4,5 stars with more than one thousand installations) or DroidCleaner, both from Smart Apps developer. Both apps were not blocked by the protection system of Google Play, although they were removed some time after that. They still could be available for download in smaller stores.

When installed, the apps ask for a group of permissions from sending SMS to enable the WiFi network, handle the owner personal data including SMS, photos, contacts, GPS coordinates and also any data or file in the SD card!

After installed in the Android device, the apps download files to the SD card (autorun.inf, folder.ico and svchosts.exe). When the device was connected to a computer as an storage mass media (USB), the file svchosts.exe could be automatically executed in the computer, spreading the infection. Once in the system, the malware could activate the microphone and store the surroundings audio, encrypt it and send it to a FTP remote server.

The infection scheme is old, but the infection migration from mobile devices to the computer could be a new headache. The better would be stay protected by avast! Free Antivirus in the computer and avast! Free Mobile Security in the Android devices.

Some technical info about these malwares:
SHA-1: 183d694cc6b1565fce318531b56a6e9ce9f79149 – MD5: 89d71ec272778910941d2cd28a4cf776
SHA-1: 2853d37fbc729cd43ab7d12b5899edda9e59693e – MD5: f5546f1d7e5cd2b43cb81197d85ac0d3
SHA-1: 30e0b93c36afca1da5db5e11ba0b5f00a8401c7d – MD5: c293bc5cd1101b5b648b9ba92edf1994

The digitalization of our homes continues to grow, and with it the number of vulnerabilities your household devices can suffer from. We’re surrounded with many specialized minicomputers (which we usually fail to consider computers) that are subject to the same problems as the desktops or laptops. But, because of a psychological barrier, we’re unable to see them this way. Almost nobody thinks of their big TV as a computer and the same is true of phones, but there are many smaller, almost invisible devices like intelligent disk arrays (NAS) or routers, which are nothing else but ‘computers without the keyboards’. It was published in the past – it’s possible to hack/exploit/misuse such devices – there are exploits for printers, desk phones, Samsung TVs, all of these devices contain bugs which, when exploited by the bad guys, could run executable code which suits bad guys’ needs.

Read more…

Hello Avast fans!

It is my pleasure to officially announce the new Avast bug bounty program. As a security company, we very much realize that security bugs in software are reality. But we also realize that companies that are able to use their user communities to find and fix bugs are generally more successful that those that don’t. Therefore, we have decided to reward individuals who help us find and fix security-related bugs in our own software. This makes us probably the first security vendor with a reward program like this: I think it’s mainly because the other companies generally take the position that ‘Hey, we’re a security company. So we know security and it can’t happen to us.’ But in reality, that’s not what’s happening. Just look at bugtraq or the CVE databases and you will find that security software is no more immune to these issues than any other programs. A bit of irony, given that people generally install security software to fight security issues in the first place, isn’t it?

We at Avast take this very seriously. We know that being a market leader (Avast has more users than any other AV company in the world), we’re a very attractive target for the attackers. So, here’s our call to action: let’s unite and find and fix those bugs before the bad guys do!

Here’s how it works:

• The bounty program is designed for security-related bugs only. Sorry, we’re not paying for other types of issues like bugs in the UI, localization etc. (nevertheless, if you find such a bug, we will of course very much appreciate if you report it).
• This program is currently intended only for our product, i.e. not the website etc.
• We’re generally only interested in these types of bugs (in the order of importance):
  • Remote code execution. These are the most critical bugs.
  • Local privilege escalation. That is, using Avast to e.g. gain admin rights from a non-admin account.
  • Denial-of-service (DoS). In case of Avast, that would typically be BSODs or crashes of the AvastSvc.exe process.
  • Escapes from the avast! Sandbox (via bugs in our code)
  • Certain scanner bypasses. These include include straightforward, clear bypasses (i.e. scenarios that lead to direct infection, with no additional user input), as opposed to things like deficiencies in the unpacking engine etc. In other words, we’re interested only in cases that cannot be mitigated by adding a new virus definition (please don’t report undetected malware)
  • Other bugs with serious security implications (will be considered on a case by case basis).
• The base payment is $200 per bug. Depending on the criticality of the bug (as well as its neatness) the bounty will go much higher (each bug will be judged independently by a panel of experts). Remote code execution bugs will pay at least  $3,000 – $5,000 or more.
• We might change these ranges based on the number and quality of incoming reports. Generally, the less reports we will get, the higher the bounty will go.
• We will only pay for bugs in Avast itself. For example, if you find a bug in a Microsoft library (even if it’s used by Avast), please report it to Microsoft instead (it would be great if you could also notify us, but unfortunately, we cannot offer any reward in such cases).
• The program is currently limited to consumer Windows versions of Avast (i.e.: Avast Free Antivirus, Avast Pro Antivirus, and Avast Internet Security). Only bugs in the latest shipping versions of these products will be considered.
• Payment will be done preferably by PayPal. If you can’t accept PayPal (e.g. because it doesn’t work in your country), please get in touch with us and we will try to figure out something else.
• Because of certain legal restrictions, we cannot accept submissions from the following countries: Iran, Syria, Cuba, North Korea and Sudan.
• It is the researcher’s own responsibility to pay any taxes and other applicable fees in their country of residence.
• In order to be eligible for the bounty, the bug must be original and previously unreported.
• If two or more researchers happen to find the same bug, the bounty will be paid only to the one whose submission came in first.
• You must not publicly disclose the bug until after an updated version of Avast that fixes the bug is released. Otherwise, the bounty will not be paid.
• The bounty will be paid only after we fix the issue (or, in specific cases, decide to not fix it).
• Some bugs may take longer to correct. We will do our best to fix any critical bugs in a timely fashion. We appreciate your patience.
• Employees of AVAST and their close relatives (parents, siblings, children, or spouse) and AVAST business partners, agencies, distributors, and their employees are excluded from this program.
• We reserve the right to change the rules of the program or to cancel it at any time.

How to report a bug and qualify for the bounty:

• Please submit the bug to a special email address bugs@avast.com
• If you’d like to encrypt your email (recommended), please use this PGP key.
• A good bug report needs to contain sufficient information to reliably reproduce the bug on our side. Please include all information that may be relevant – your exact environment, detailed bug description, sample code (if applicable) etc. It also needs to contain a decent analysis – this is a program designed for security researchers and software developers and we expect certain quality level.
• You will receive a response from an Avast team member acknowledging receipt of your email, typically within 24 hrs. If you do not receive a response, please do not assume we’re ignoring you – we will do our best to follow up with you asap. Also, in such a case it is possible your email didn’t make it through a spam filter.

Finally, I’d like to say thanks to everyone who helps to find and fix bugs in our products. Hopefully, this new reward program will take this initiative to a whole new level.

Happy [bug]hunting!

P.S. The bug bounty rules are also available on our main website here.

Do you use your mobile device to check email, use social networks or log in to your bank account while sipping a double mocha latte at your favorite coffee shop or while waiting for your next flight? That’s risky considering you cannot count on public Wi-Fi hotspots that you find in cafes, coffee shops, airports, schools, and hotels to be secure. Remote cybercrooks, and even the guy sitting a couple of tables from you sipping coffee, can use software to eavesdrop and snoop which could result in stolen credit card information and passwords or full-blown identify theft.

With new avast! SecureLine for iOS you can secure your wireless internet connection when using your iPad, iPhone, or iPod on a Public/Open Wi-Fi network. Here’s how it works:

VPN stands for Virtual Private Network.  avast! SecureLine VPN creates a private ‘tunnel’ through the internet for your data to travel through, and everything inbound and outbound through the tunnel is encrypted. Data is decoded at the VPN server, using advanced encryption protocols. Handy features also detect and filter malicious URLs, block ads in the browser and apps, or can compress your transferred data which saves your mobile data plan and enables access to US-only content.

Download avast! SecureLine for iOS from iTunes. Read more…