Half of all avast! users are running an older versions of Adobe Reader on their computers that are vulnerable to a variety of malware attacks.
The avast! Virus Lab found that 49.41% of avast users were using the older Adobe Reader versions as of end-April. The number was also surprisingly stable, dropping by around five percentage points from the early March level of 55.71%.
“The numbers were a surprise to us,” said Jiri Sejtko, head virus analyst. Read more…
Virus definition update 110411-1 contained an error that resulted in a good number of innocent sites being flagged as infected. Generally, all sites with a script in a specific format were affected.
Our virus lab staff discovered the problem quickly after releasing the bad update and immediately started working on a fix. The fix was released about 45 minutes after the problematic update and has version number 110411-2. Anyone who still has this problem is kindly asked to manually update the definitions to the latest version, e.g. by right-clicking the avast taskbar icon (the orange (a) ball), and selecting Update -> Engine and Virus Definitions.
We sincerely apologize for the inconvenience. As this typically only affected remote sites (and not local files), simply updating to the latest definitions should completely solve the issue (no local files have been quarantined).
I don’t know much about Lukas, other than that he is respected and liked by his colleagues (or they wouldn’t have suggested him as a potential interviewee). On facebook, I discovered he has an interest in photography. In communicating with him for this interview, I found him to be unassuming, communicative, and laid-back. Considering I’m no software developer (and only a very amateur kind of geek), I would say that those are qualities that have contributed well toward the avast! software we all use and love. –Jason Mashak
1: You’ve been at AVAST since there were only a few handfuls of employees… what, for you, are some of the more memorable moments in the company’s history since you’ve been here?
I joined AVAST seven years ago  when there were around 20 employees. Some of the core team members of today were still at university, studying along with their work. You would see them in the office only once or twice a week. This was a big difference from the 140-something we have today, when we hardly fit into any room all at once. For example, there used to be a habit to celebrate birthdays together in the offices. But as the number of employees grew, we would have to celebrate almost every other week. And we also started to have problems fitting into any one room, so the tradition was abandoned over time.
Moving into a new building, the one we are now in, was also quite exciting. We watched it being built, visiting it several times before it was finished. One of the last things moved were our company servers Read more…
The AV-Comparatives Security Survey 2011 (pdf) released by AV-Comparatives.org in mid-March reveals that, from a list of 70 well-known security solutions, avast! ranks second in terms of which products respondents wish to continue to see reviewed.
Notably, 5 of the top-7 requested brands are based in Central and Eastern Europe. Read more…
As of January 19, we have lived 25 years with malware. The first ever virus for the personal computer was written by two Pakistan brothers, Basit and Amjad Farooq Alvi. ©Brain was the name of this virus, it infected the MS-DOS FAT boot sector and it was harmless. This MBR rootkit just promoted their company with following text:
Welcome to the Dungeon © 1986 Basit * Amjad (pvt) Ltd. BRAIN COMPUTER SERVICES 730 NIZAM BLOCK ALLAMA IQBAL TOWN LAHORE-PAKISTAN PHONE: 430791,443248,280530. Beware of this VIRUS.... Contact us for vaccination...
We would reach 3 millions of detections in our virus database (VPS) this week, but … this huge number means that when you put all the detections together, there is no difference between sophistical algorithmic detection and “temporary” machine generated detection.
Our users are sometimes confused what can some malware name mean. In fact – there are some names without an special meaning – they are mostly related to short-lived pieces of malware. Contrary to this daily stuff there are some malware families (long-lived, widespread or highly dangerous), which should have some unique name. One of the reasons could be the possibility of effective seeking through the results of search engines (check the difference when you type “Win32:Trojan-gen” and “Win32:Fasec” in your search engine). There’s not a mandatory naming convention applicable to all AV vendors. Our names contain these parts:
- platform (or file type) prefix
- malware name
- malware type
Swizzor is the detection name for a highly sophisticated, long lived piece of malware / adware. It’s based on a huge distribution network and is made by highly skilled bad-guys. At first sight, Swizzor looks like the usual modern software. The bad code is divided into small pieces and is distributed in the whole file by some code-generator. This technique makes analysis and detection difficult.
Let’s look at Swizzor from the other side… What is the first thing the common user sees before running some file? Yes, it’s an icon. The icon is code-generated as well as the whole file. And here inter alia can be seen the mathematical skill of the bad-guys. As Swizzor evolves and each generation becomes harder to detect, the icon becomes more sophisticated too. It’s interesting to see bad-guys producing nice art.
A patch is a utility that can be used to change a few bytes in the original file. It’s usually used to bypass license validation or to enable a hidden function. These patches are normally used with the knowledge and agreement of the user. However, another group of patches is actually malware which is used to perform the same functions without the user’s knowledge or agreement. In this case, system files are patched to gain backdoor access to a system (i.e. by changing the startup key to run the malware after booting). These files are detected by avast! as Win32:Patched.
The difference between file infectors (viruses) and patches is shown in the picture below. Patches just change a few bytes and can’t spread themselves. File infectors infect (patch) the victim file and add a virus body to perform a malicious action and can infect other files.
Are you always sure that what you are downloading is safe? Every day, many of our users report “false positive alerts” to us. I use quotes, because most of them are actually malware. See the picture below. The reported “wrong-detection” is Win32:Ardamax-LV [Spy].
Ardamax is a well known legitimate keylogger, but the “bad guys” often use it to steal account information. In this case, keylogger is a part of some hack. This is the reason why 90% of antivirus programs detect this keylogger as suspicious (VirusTotal report).
So, do you put your trust in unknown web sources such as RapidShare, MegaUpload etc. or in your antivirus program?