See update below
For the past three Tuesday mornings, DDoS (distributed denial of service) attacks have caused online outages at major U.S. banks, including Bank of America, Chase, Wells Fargo, U.S. Bank and PNC. The attacks end by Friday afternoons. A DDoS attack causes the site or service to be temporarily unavailable by flooding the targeted website with traffic until the site’s servers are overloaded. Yesterday, customers started reporting on SiteDown that they were having trouble accessing the Wells Fargo and Bank of America websites.
The banks that experienced outages have confirmed that no sensitive financial information or personally identifiable information about customers was exposed, supposedly because the attacks were motivated by politics, not fraud.
A hacktivist group called “Cyber fighters of Izz ad-din Al qassam” are taking credit for the attacks, but experts say that this group has not historically been affiliated with hacktivism. The variety and scale of the attacks have experts doubting that the group was involved, citing the massive bandwidth used in the attacks.
Collaboration among banking institutions, online-banking platform providers, other vendors, industry associations and the government, has been stronger than ever because of these attacks, reports BankInfoSecurity. “There definitely seems to be more of a community effort for the first time here to address this issue. And now we are seeing a real-life situation where we’ve had to pull together and be prepared,” says a security and fraud executive at a $4 billion banking institution in the U.S. who wishes to remain unidentified.
Early warnings about attacks aimed at these institutions were issued by the FBI and the FS-ISAC benefiting the entire industry. However, there is criticism that banks have not done enough to communicate with consumers about what is causing the outages. They might be legally barred from releasing details, however, since an ongoing investigation is in progress. The best you can expect is a “Sorry for the inconvenience.”
At this point it doesn’t appear that the DDoS attacks put your money in danger besides being unable to access your account for periods of time. Once you can access your bank’s website, check the security of your account. For those of you wanting to take precautions when conducting online financial transactions, Avast offers extra protection to keep your transactions private. Avast! SafeZone (available in avast! Pro Antivirus and avast! Internet Security) creates full desktop isolation so that other applications don’t see what’s happening – perfect for secure banking or online shopping– and leaves no traces once it’s closed. Check out the Deal of the Week for savings on our premium protection.
Update, October 12: Regions Bank was attacked today and Capital One and SunTrust were hit earlier this week. Izz ad-din Al qassam, the group taking credit for the attacks, warned about them in advance, saying it expects to spend the weekend developing plans for more attacks next week. The group claim the reason behind all this mischief is because of a YouTube movie trailer believed by the group to be anti-Islam. If the group repeats their established pattern, banks could expect more attacks next Tuesday, Oct. 16. No fraud activity has been reported by the banks.
Researchers have determined that an attack which can wipe data from Samsung Android devices when visiting a malicious website can also be used to lock the SIM cards or completely wipe all of the data from many other Android phones. In addition to web pages, the attack can be triggered through SMS, or by a rouge NFC tag or QR code.
Mobile geek Dylan Reeve explains how the attack works. Computerworld summarizes it like this, “The attack can be launched from a Web page by loading a “tel:” URI (uniform resource identifier) with a special factory reset code inside an iframe. If the page is visited from a vulnerable device, the dialer application automatically executes the code and performs a factory reset.”
Check if your smartphone is vulnerable
Here is a way for you to check if your phone is vulnerable to this remote wipe threat: Visit http://dylanreeve.com/phone.php on your Android device, and if your phone is vulnerable, you’ll immediately see your phone’s IMEI number pop up. I checked my HTC Google Nexus One this way, and it came back as being vulnerable. Other phones reported to be affected include the HTC One X, Motorola Defy, Sony Experia Active, Sony Xperia Arc S, and the HTC Desire. Reeve says that Samsung fixed the USSD/MMI code execution issue for Galaxy S III devices, but it appears that all 4.1-based builds are safe, and some 4.0.4 builds as well.
Currently avast! Mobile Security is actively blocking URLs containing malicious code that triggers the exploit. Our Android users can expect an update containing protection against this kind of attack soon. We’ll let you know when that is released.
Edit: We are pleased to confirm that the newest update of avast! Free Mobile Security protects against USSD attacks, without installing additional tools. All you need to do is to accept the program update offered by avast! on your smartphone. Please share this message with your friends who are Android smartphone owners. They might need avast! Mobile Security too. Thank you.
This week we welcomed our Estonian translator Lauri Säde to our office in Prague, after a long 24-hour drive from his hometown of Tartu in south-east Estonia.
Estonia, bordering the Baltic sea in north-east Europe, is a country of around 1.3 million inhabitants, of which over 125,000 (nearly 10%) use avast! Antivirus. Thanks to Lauri, over 35,000 of them are now able to use avast! in their native Estonian.
Currently studying production engineering at the Estonian University of Life Sciences, Lauri has a keen interest in computers and has been involved in translating a number of security applications. He also has his own website dedicated to online security (www.ekaitse.ee), currently only in Estonian.
Lauri was first involved in translating avast! 5.0 into Estonian, but he had been using avast! for some years prior to that. He was keen to create an Estonian version, although with a wry smile he admits that in the beginning he did not fully realize the scale of the task he was about to start! As all our translators soon discover, to fully localize the program from scratch is a major project and involves far more than simply translating the screen that you see when you first open the program. There are many layers to the program and much of what needs to be translated is not even visible until certain events are triggered. In total there were nearly twenty thousand words to translate, but he stuck to the task and finally the Estonian version was completed. Since then, he has continued to refine and improve the translation, as well as translating the regular program updates.
Lauri has been a registered avast! Forum user (Lord Ami) since August 29, 2009. Thanks to the effort and commitment of Lauri and all our other translators who translate avast! on a voluntary basis in their own time, avast! now speaks over 40 languages and can be downloaded by users in even more countries around the world in their own native language. Together with the avast! CommunityIQ, which enables us to respond to new threats as soon as they appear, this is another example of the close cooperation between avast! and its ever-expanding user community, to provide a better experience for everyone. Thanks to you all.
A full list of all the available languages and the avast! translators can be found on our website, http://www.avast.com/translators
To register your interest in joining the avast! translation community, you can visit our forum and leave a message here: http://forum.avast.com/index.php?topic=59095.0
We face quite a dilemma every time we have something worthwhile to celebrate here at AVAST. For example, when we reached 100M and then 150M PCs users, when we launched a new product, or when this new free product achieves better detection scores than paid-for competition. Since we now have a solution for mobile security we of course also celebrated the launch last December and then we celebrated reaching 10M protected phones less than a year later. We celebrated seeing our Facebook fan club growing by 300 000 in a single day and sure enough we will celebrate when our fan club reaches 2 million as it is getting closer to every day.
The problem is… celebrated with WHAT? Read more…
According to study by NSS Labs (here), avast! Internet Security and 3 other security products out of total 13 tested protect users against Microsoft vulnerability withing XML Core Services and against vulnerability in IE 8 (IE8 has approx. 15% share). Both exploits were patched by Microsoft in June and July respectively but users who failed to update are of course at risk. A good news for avast! Free Antivirus users… you have the same protection against those exploits as users of the paid-for avast! Internet Security suite.
PS: having everything up-to-date and patched is of course one of the golden stay-secure-rules.
Those of you who manage Windows servers and endpoints for SMBs or enterprise will be interested to read the latest review of avast! Endpoint Protection Suite from eSecurity Planet. Technology journalist Paul Rubens looked into the nuts n’ bolts of our business product and found the same award-winning multi-layered protection approach as the consumer products –with the addition of server protection and a choice of two central management consoles, Small Office Administration or Enterprise Administration.
The web-based Small Office Administration console is designed for companies with up to 200 end users. Unskilled administrators have a user-friendly central window which controls all functions of endpoint and server security. Despite its simplicity, it offers remote installation and updates of endpoint software, scanning and remote running of scan jobs, and virus activity reporting. There’s also an auto-discovery of new/unprotected or “rogue” machines connected to your company network.
The Enterprise Administration console is accessed as a Windows application and offers sophisticated functionality for skilled IT staff. Admins manage devices organized in a hierarchical tree structure based for example, on the geographical or organizational structure of their network, which makes it possible for them to assign administration access rights and policies. It also includes customizable alerting so they can receive a warning by email regarding activity on your network that warrants their attention.
Nice review from Digitaltrends.com of top Android security apps. And the winner is: avast! Free Mobile Security!
I love this quote: “if you do want to go ahead and get an Android security app, Avast is your best bet”.
The author of the review – Simon Hill – is at the end asking a (rhetorical) question that we might introduce a fee for the product. Well, this is certainly not going to happen. avast! Free Mobile Security will continue to be offered loaded with features and for free. Just priceless
Sometimes, the use of simple scams and well-known brands are used to trick people into giving up login names and passwords. By making people aware of these scams, we can better protect against the hackers.
You don’t need any obfuscated scripts or blackhat SEO tricks. Sometimes it is as easy as creating a Google document and sending it to trusting users. Anyone can create a simple form without any checks and this can be as a link to docs.google.com. This form is seeded at social sites and via emails. The hackers then wait for responses from any visitors.
Scams involving bogus telephone callers tricking users into divulging private information or parting with money for useless software are not new. However, it is worth reminding people of how the crooks are updating their tricks to better protect the innocent.
We received some emails from our users telling us that they spoke with some guy from ‘Microsoft’ who called to tell them that their computer is badly infected with malware and need repairs. The ‘Microsoft’ guy convinces the victims to use Ammyy remote administrator software to allow the ‘Microsoft guy’ to repair the computer. Ammyy remote admin is legitimate non-malicious program but it is a really easy way for scammers to connect to the victims’ computers and convince them that they are helping.
The crooks then they try to force victims to buy support service. In the first call reported to us they offered a “cheaper” service for only $177.00 plus tax for lifetime support. In the second case, the price had gone up to €300 for 5 years support.
The biggest problem with phone call scams is that the only protection is a common sense. Antivirus can protect against malware from websites and downloads but no software can offer protection when victims allowed access to their computer and are tricked into to paying for fake ‘support & service’.
You might have noticed the little revolution announced some time back by ICANN with respect to the new unlimited horizons in Top Level Domain registrations. Instead of the standard generic domains (i.e. .com, .biz, .org, and so on) or country specific domains (such as .uk, .fr, or others), it is possible now to register pretty much anything. For example, www.milos.korenko – which I will certainly not do, because the registration costs is WHOPPING $185,000 plus an extra $25,000 annual fee.
Over 1,900 domains were applied for (a nice $357M business for ICANN and obvious brand names such as Amazon, Apple, or BBC have applied. But I was wondering who from the antivirus industry would apply for generic TLD with their brand name. And as far as I could see, only Symantec came forward with application for .symantec and .norton. But surprise, surprise, aside from their brand names they want also:
.protection, and (!)
I’m sure they can afford it, but what makes Symantec believe they have the best right to own the .antivirus domain is a little mystery to me.