In 2011, we at AVAST released our mobile device theft protection tool, avast! Anti-Theft, we wanted to change the way mobile devices are being protected from being stolen or abused. We did not know if people would like it, we did not know how well avast! Anti-Theft would perform in actually protecting mobile device owners from the bad guys.
Now, 1 1/2 years after release, we receive tons of feedback from users around the globe. Every day we hear of several customers who were able to recover their phone or their tablet by using our solution. Honestly, this makes us happy, more than you could imagine. We see that our tool actually makes sense and gives REAL value to our users. Which is the dream for every developer.
Of course, sometimes phones just got lost and were easily recovered. But sometimes we really hear nice recovery stories that could be described as almost or real adventures. As is the story of our user FridgeWheeL who managed to recover his device even from a foreign country. We decided that the story needs to be shared, so thanks for FridgeWheeL to give us a summary. Enjoy:
To the Avast Team
I believe to give credit where credit is due, and due to this belief I want to give a big thanks to the Avast team for their assistance in recovering my stolen mobile handset.
I live in South Africa & if your phone is stolen and you do not have insurance, the chance of seeing your phone ever again is very grim. Stolen phones here get exported or sold to foreigners since you are able to black list your phone to prevent any further use of the phone on our local networks.
With the above in mind & since I did not have insurance on my mobile phone due to high costs at the time when I bought my Samsung Galaxy S3 on a two year contract, I installed the free version of Avast Mobile Security and ran through the Anti-theft setup as a precaution should my phone get stolen.
On the 2nd of March 2013 I was at a Samsung Galaxy World Tour music festival where my phone was pick pocketed amongst the crowed. This was honestly a very bad experience for me since I did not have insurance and still have to pay a hefty monthly payment up until December 2014.
Having completely forgotten that I installed Avast Anti-Theft on my mobile, I tried finding my phone via the stock tracking applications and tools that came with my mobile but all of these were dependant on an active internet connection on my stolen mobile phone. These tools could not assist me in any way and I made peace with the fact that my phone was lost forever.
On the 1st of May 2013, my fiancé at the time (my wife now ) received an SMS that a SIM card change was detected on my phone and another SMS followed with a link on the approximate location based on the mobile network service of the new SIM card in my phone. With this information it clearly showed that my phone was in Lusaka Zambia. I then got a hold of the Police in Lusaka Zambia and explained to them the whole situation. Within 45 minutes after speaking to the Zambian Police, they located my phone and opened a case and followed procedures to ensure that the phone was indeed mine.
I provided all necessary information to the Police as well as the tracking SMS’s from Avast and the Police confirmed that the phone was indeed legally mine. They happily couriered my phone back to South Africa and my mobile is due for collection tomorrow from my local post office.
Special thanks to Avast & the professional service from the Lusaka Zambian Police.
FridgeWheeL, thanks for your message and your permission to publish it! Such news always encourage us to develop even more great stuff to get it our to our millions of users. Now, we hope you’ll never loose your phone again. But if it happens at least you know you’re protected .
The avast! Anti-Theft development team.
Question of the week: Since I have been using avast! I have been conscious of staying secure online. Does it matter which search engine I use? Is one safer than the other?
Thanks for using avast! to protect your computer. Yours is a great question, but maybe not one that people consider when thinking about the security of their system.
A recent 18-month study by the German Security firm AV-TEST Institute revealed that search results about breaking news stories, like the recent bombing at the Boston Marathon, frequently contain malicious links. People seek news quickly and they click on the links at the top of results without stopping to consider their safety or reliability. PCs without reliable security software soon become infected.
Google search is safer than Bing
AV-TEST evaluated about 40 million websites and found that Google is the safest way to search if you want to avoid malware. It’s rival Bing delivered five times more malicious websites in search results than Google. Yandex, Russia’s popular search engine, performed even worse than Bing delivering 10 times as many infected websites as compared to Google. This chart shows the results from Yandex, Bing, Google, and Blekko.
Overall the number of infected websites represent a small overall percentage of search results. But you need to remember that Google handles 2 to 3 billion search requests worldwide every day. The editors of the study point out, “If this total is factored into the calculations, the total number of websites containing malware found by the search engine is enough to make your head spin!”
Even though the study indicates that Google is the safer bet, all the search engines are pretty safe. As a conscientious user, you just need to be careful what you click on and make sure your programs and applications are up-to-date. Of course, you are already covered by terrific protection – avast! Antivirus!
Microsoft response to AV-Test- “We show results with warnings for about 0.04% of all searches, meaning about 1 in 2,500 search result pages will have a result with a malware warning on it. Of those, only a small proportion of malicious links ever get clicked and the warning therefore triggered, so a user will see the warning only 1 in every 10,000 searches. In any case, the overall scale of the problem is very small.”
Yandex response to AV-Test – “Yandex uses its own proprietary antivirus technology to protect users from malicious software,” reads an email from the company. “Yandex marks the infected webpages in its search results in order to notify users of unsafe content. We just notify users of possible consequences and do not block access to the webpage completely.”
Dealing with file formats is not really enjoyed by us. Usually the format designers haven’t had the security and parsing by foreign applications in mind, sometimes the specifications are hard to get, but, what is worst is the specification which claims something and then the major implementation does not follow it, allowing the bad guys to evade easily our strict parsers (as strict as specified in docs). We’ve already blogged about such problem in the past.
As I dealt with Embedded Open Type (EOT) in the past I have received some undetected samples from my colleague. It was EOT sample mentioned in this blog and some other sample downloaded by her. EOT is a compact form of OpenType font – it uses some special compression based on this specific file format to decrease file size.
How’s this for a good phishing scam? Everything seems legit:
1. From email is “email@example.com”
2. No misspelled words and has decent grammar (however, some punctuation inconsistency)
3. Copyright (c) symbol next to the university name
4. Gmail did not filter it as spam, but left it in my normal inbox
Yes, if I had ever attended that particular university, I might have fallen for it.
PLEASE NOTE: University of Texas has nothing to do with this email.
Part time job for a social media agent
Do you blog, comment, respond, post, chat, like, re-tweet, add to circles, pin…? Do you monitor what’s hot on social media in your language? Do you have 2 hours a day that you can fully dedicate to avast! social media? Can you be the eyes and ears of avast! in your country as if your own reputation depended on it?
We seek a highly motivated individual with experience and fanatical passion for blogging, micro-blogging and community participation to simply communicate with avast! followers in your mother tongue. You will help us approach new users in your country, so we can spread avast! Free Antivirus across the globe!
This is a part time position – at least 10 hours a week
That will not happen to you
They say size doesn’t matter… however, at Twitter it actually does! How can you express yourself, knowing that you MUST use no more than 140 characters? How can you tell everything about Avast and still fit within this number? How can you respond to Avast users knowing this limitation? Well, by setting up and communicating daily via our avast! Twitter account, we have accepted this challenge and now we have one for you… But before we get there, let me tell why you should start following us on Twitter.
Thousands of new malwares come to our virus lab daily. The target could be both Android devices and Windows computers. They’re being detected under the Android:Ssucl-X name. The malwares are being spread through false apps to free up memory of the devices and enhance their performance. They were available at Google Play as Superclean (published at January 3rd and got 4,5 stars with more than one thousand installations) or DroidCleaner, both from Smart Apps developer. Both apps were not blocked by the protection system of Google Play, although they were removed some time after that. They still could be available for download in smaller stores.
When installed, the apps ask for a group of permissions from sending SMS to enable the WiFi network, handle the owner personal data including SMS, photos, contacts, GPS coordinates and also any data or file in the SD card!
After installed in the Android device, the apps download files to the SD card (autorun.inf, folder.ico and svchosts.exe). When the device was connected to a computer as an storage mass media (USB), the file svchosts.exe could be automatically executed in the computer, spreading the infection. Once in the system, the malware could activate the microphone and store the surroundings audio, encrypt it and send it to a FTP remote server.
The infection scheme is old, but the infection migration from mobile devices to the computer could be a new headache. The better would be stay protected by avast! Free Antivirus in the computer and avast! Free Mobile Security in the Android devices.
Some technical info about these malwares:
SHA-1: 183d694cc6b1565fce318531b56a6e9ce9f79149 – MD5: 89d71ec272778910941d2cd28a4cf776
SHA-1: 2853d37fbc729cd43ab7d12b5899edda9e59693e – MD5: f5546f1d7e5cd2b43cb81197d85ac0d3
SHA-1: 30e0b93c36afca1da5db5e11ba0b5f00a8401c7d – MD5: c293bc5cd1101b5b648b9ba92edf1994
The digitalization of our homes continues to grow, and with it the number of vulnerabilities your household devices can suffer from. We’re surrounded with many specialized minicomputers (which we usually fail to consider computers) that are subject to the same problems as the desktops or laptops. But, because of a psychological barrier, we’re unable to see them this way. Almost nobody thinks of their big TV as a computer and the same is true of phones, but there are many smaller, almost invisible devices like intelligent disk arrays (NAS) or routers, which are nothing else but ‘computers without the keyboards’. It was published in the past – it’s possible to hack/exploit/misuse such devices – there are exploits for printers, desk phones, Samsung TVs, all of these devices contain bugs which, when exploited by the bad guys, could run executable code which suits bad guys’ needs.
Hello Avast fans!
It is my pleasure to officially announce the new Avast bug bounty program. As a security company, we very much realize that security bugs in software are reality. But we also realize that companies that are able to use their user communities to find and fix bugs are generally more successful that those that don’t. Therefore, we have decided to reward individuals who help us find and fix security-related bugs in our own software. This makes us probably the first security vendor with a reward program like this: I think it’s mainly because the other companies generally take the position that ‘Hey, we’re a security company. So we know security and it can’t happen to us.’ But in reality, that’s not what’s happening. Just look at bugtraq or the CVE databases and you will find that security software is no more immune to these issues than any other programs. A bit of irony, given that people generally install security software to fight security issues in the first place, isn’t it?
We at Avast take this very seriously. We know that being a market leader (Avast has more users than any other AV company in the world), we’re a very attractive target for the attackers. So, here’s our call to action: let’s unite and find and fix those bugs before the bad guys do!
Here’s how it works:
- The bounty program is designed for security-related bugs only. Sorry, we’re not paying for other types of issues like bugs in the UI, localization etc. (nevertheless, if you find such a bug, we will of course very much appreciate if you report it).
- This program is currently intended only for our product, i.e. not the website etc.
- We’re generally only interested in these types of bugs (in the order of importance):
- Remote code execution. These are the most critical bugs.
- Local privilege escalation. That is, using Avast to e.g. gain admin rights from a non-admin account.
- Denial-of-service (DoS). In case of Avast, that would typically be BSODs or crashes of the AvastSvc.exe process.
- Escapes from the avast! Sandbox (via bugs in our code)
- Certain scanner bypasses. These include include straightforward, clear bypasses (i.e. scenarios that lead to direct infection, with no additional user input), as opposed to things like deficiencies in the unpacking engine etc. In other words, we’re interested only in cases that cannot be mitigated by adding a new virus definition (please don’t report undetected malware)
- Other bugs with serious security implications (will be considered on a case by case basis).
- The base payment is $200 per bug. Depending on the criticality of the bug (as well as its neatness) the bounty will go much higher (each bug will be judged independently by a panel of experts). Remote code execution bugs will pay at least $3,000 – $5,000 or more.
- We might change these ranges based on the number and quality of incoming reports. Generally, the less reports we will get, the higher the bounty will go.
- We will only pay for bugs in Avast itself. For example, if you find a bug in a Microsoft library (even if it’s used by Avast), please report it to Microsoft instead (it would be great if you could also notify us, but unfortunately, we cannot offer any reward in such cases).
- The program is currently limited to consumer Windows versions of Avast (i.e.: Avast Free Antivirus, Avast Pro Antivirus, and Avast Internet Security). Only bugs in the latest shipping versions of these products will be considered.
- Payment will be done preferably by PayPal. If you can’t accept PayPal (e.g. because it doesn’t work in your country), please get in touch with us and we will try to figure out something else.
- Because of certain legal restrictions, we cannot accept submissions from the following countries: Iran, Syria, Cuba, North Korea and Sudan.
- It is the researcher’s own responsibility to pay any taxes and other applicable fees in their country of residence.
- In order to be eligible for the bounty, the bug must be original and previously unreported.
- If two or more researchers happen to find the same bug, the bounty will be paid only to the one whose submission came in first.
- You must not publicly disclose the bug until after an updated version of Avast that fixes the bug is released. Otherwise, the bounty will not be paid.
- The bounty will be paid only after we fix the issue (or, in specific cases, decide to not fix it).
- Some bugs may take longer to correct. We will do our best to fix any critical bugs in a timely fashion. We appreciate your patience.
- Employees of AVAST and their close relatives (parents, siblings, children, or spouse) and AVAST business partners, agencies, distributors, and their employees are excluded from this program.
- We reserve the right to change the rules of the program or to cancel it at any time.
How to report a bug and qualify for the bounty:
- Please submit the bug to a special email address firstname.lastname@example.org
- If you’d like to encrypt your email (recommended), please use this PGP key.
- A good bug report needs to contain sufficient information to reliably reproduce the bug on our side. Please include all information that may be relevant – your exact environment, detailed bug description, sample code (if applicable) etc. It also needs to contain a decent analysis – this is a program designed for security researchers and software developers and we expect certain quality level.
- You will receive a response from an Avast team member acknowledging receipt of your email, typically within 24 hrs. If you do not receive a response, please do not assume we’re ignoring you – we will do our best to follow up with you asap. Also, in such a case it is possible your email didn’t make it through a spam filter.
Finally, I’d like to say thanks to everyone who helps to find and fix bugs in our products. Hopefully, this new reward program will take this initiative to a whole new level.
P.S. The bug bounty rules are also available on our main website here.
Do you use your mobile device to check email, use social networks or log in to your bank account while sipping a double mocha latte at your favorite coffee shop or while waiting for your next flight? That’s risky considering you cannot count on public Wi-Fi hotspots that you find in cafes, coffee shops, airports, schools, and hotels to be secure. Remote cybercrooks, and even the guy sitting a couple of tables from you sipping coffee, can use software to eavesdrop and snoop which could result in stolen credit card information and passwords or full-blown identify theft.
With new avast! SecureLine for iOS you can secure your wireless internet connection when using your iPad, iPhone, or iPod on a Public/Open Wi-Fi network. Here’s how it works:
VPN stands for Virtual Private Network. avast! SecureLine VPN creates a private ‘tunnel’ through the internet for your data to travel through, and everything inbound and outbound through the tunnel is encrypted. Data is decoded at the VPN server, using advanced encryption protocols. Handy features also detect and filter malicious URLs, block ads in the browser and apps, or can compress your transferred data which saves your mobile data plan and enables access to US-only content.