Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


September 3rd, 2014

Survey shows the person you trust the most may be spying on you

People expect that they are being watched online in cyberspace, but who would expect to be spied on by the people closest to them? You better watch out – your partner may be spying on you more than the NSA: One in five men and one in four women admitted to checking their partner’s smartphone in a survey with 13,132 respondents conducted by AVAST in the United States.

shutterstock_198273875

Playing detective

The survey found that while the majority of women check their partner’s device because they are nosey, a quarter of married women suspect their spouse is cheating on them and want to find evidence.

Married women are not the only ones who suspect their partner is cheating on them. The reason why most men pry on their partner is because they too are afraid their better half is being unfaithful and want to confirm their suspicions – especially if the relationship is fresh.

Caught red handed

One may think that people who snoop on their significant other to find evidence of cheating or lying are being paranoid. Unfortunately, the majority of them are not paranoid–their gut feeling is often correct. Seven out of ten women and more than half of men who turn to their partner’s device to find proof their partner is deceiving them, have found evidence. Which of the two sexes is more likely to confront their partner regarding their findings? Women. The survey revealed that women are 20% more likely than men to confront their partner with the facts.

“Picking” the mobile lock

Cracking their partner’s device passcode wasn’t necessary for the greater number of snoopers. A shockingly high percentage of respondents claimed they didn’t need a passcode to gain entry to their significant other’s device. Women did, however, have an easier time with 41% reporting their partner’s device did not have a passcode compared to the 33% of men. Coming in at a high second, both male and female respondents claimed to know their partner’s device passcode because their partner had shared it with them in the past, unknowingly setting themselves up to get caught. Read more…

Categories: General Tags: , ,

September 2nd, 2014

Think celebrities are the only ones that can get hacked? Think again…

News broke on Sunday that nude photos of female celebrities were posted on the photo sharing site 4Chan. Along with the news came many theories and discussions as to how the hacker managed to collect intimate photos and videos from a long list of celebrities. While figuring out how the hacker accessed these intimate files will hopefully patch vulnerabilities, there are general steps that everyone should take now to protect their personal data.

Don’t blame the cloud

shutterstock_208714210

One of the theories circulating on the Internet is that iCloud was hacked via a vulnerability in Apple’s “Find My iPhone” app. Kirsten Dunst, one of the celebrities whose private photos were hacked tweeted the following: “Thank you iCloud”. Should Kirsten and the other hack victims be blaming the cloud though? The iCloud hack theory is just a theory, the hackers could have gained access to celebrity accounts via phishing mails or gained passwords from celebrity insiders. The hackers could have gained access to celebrity email and password combinations through breaches like the recent eBay breach or Heartbleed, which affected nearly two-thirds of all websites, including Yahoo Mail, OKCupid and WeTransfer. If the celebrities whose photos have been exposed were affected by these breaches and used the same passwords on several accounts, including iCloud, it would have been easy for the hackers to steal their personal photos. Read more…

Categories: Android corner, Social Media Tags:

August 28th, 2014

Bad news for SMBs: Target’s “Backoff” malware attack hits 1,000 more businesses

PoS attacks

avast! Endpoint Protection can protect your network

U.S. merchants advised to protect themselves against same PoS hack that hit Target and Neiman Marcus last year.

More than 1,000 U.S. businesses have had their systems infected by Backoff, a point-of-sale (PoS) malware that was linked to the remote-access attacks against Target, Michaels, and P.F. Chang’s last year and more recently, UPS and Dairy Queen. In the Target breach alone, 40 million credit and debit cards were stolen, along with 70 million records which included the name, address, email address, and phone number of Target shoppers.

The way these breaches occur is laid out in BACKOFF: New Point of Sale Malware, a new U.S. Department of Homeland Security (DHS) report. Investigations reveal that cybercrooks use readily available tools to identify businesses that use remote desktop applications which allow a user to connect to a computer from a remote location. The Target breach began with stolen login credentials from the air-conditioning repairman.

Once the business is identified, the hackers use brute force to break into the login feature of the remote desktop solution. After gaining access to administrator or privileged access accounts, the cybercrooks are then able to deploy the PoS malware and steal consumer payment data. If that’s not enough, most versions of Backoff have keylogging functionality and can also upload discovered data, update the malware, download/execute further malware, and uninstall the malware.

General steps SMBs and consumers can take to protect themselves

  • You should use a proper security solution, like avast! Endpoint Protection, to protect your network from hacking tools, malicious modules, and from hackers using exploits as a gateway to insert malware into your network.
  • Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate.
  • Change default and staff passwords controlling access to key payment systems and applications. Our blog post, Do you hate updating your passwords whenever there’s a new hack?, has some tips.
  • Monitor your credit report for any changes. You’re entitled to one free report per year from each of the three reporting agencies.

Read more…


August 27th, 2014

Self-propagating ransomware written in Windows batch hits Russian-speaking countries

Ransomware steals email addresses and passwords; spreads to contacts.

Recently a lot of users in Russian-speaking countries received emails similar to the message below. It says that some changes in an “agreement’ were made and the victim needs to check them before signing the document.

msg
The message has a zip file in an attachment, which contains a downloader in Javascript. The attachment contains a simple downloader which downloads several files to %TEMP% and executes one of them.
payload
The files have .btc attachment, but they are regular executable files.

coherence.btc is GetMail v1.33
spoolsv.btc is Blat v3.2.1
lsass.btc is Email Extractor v1.21
null.btc is gpg executable
day.btc is iconv.dll, library necessary for running gpg executable
tobi.btc is   Browser Password Dump v2.5
sad.btc is sdelete from Sysinternals
paybtc.bat is a long Windows batch file which starts the malicious process itself and its replication

After downloading all the available tools, it opens a document with the supposed document to review and sign. However, the document contains nonsense characters and a message in English which says, “THIS DOCUMENT WAS CREATED IN NEWER VERSION OF MICROSOFT WORD”.

msg2 Read more…


August 26th, 2014

U.S. schools give an F to 2014-15 IT budget

AVAST Free For Education saves school IT money

AVAST Free for Education protects schools while significantly decreasing IT costs for security.

The beginning of the 2014/2015 school year is here. Parents and children are ready after a long summer break, but are schools prepared for the start of the new academic year?

AVAST surveyed more than 900 school IT professionals who participate in the AVAST Free for Education program and found that in terms of technology, schools are not as well equipped as parents expect.

  • 8 out of every 10 schools surveyed by AVAST said they do not feel they have adequate funding to keep up-to-date with technologies
  • 1 out of 5 schools still run Windows XP, and 12% of these schools said they do not intend to upgrade the unsupported operating system

Failing to upgrade to the most up-to-date software not only makes machines vulnerable to attacks, but also hinders the amount of programs that can be used by teachers and students. Keeping up with the most current technology is vital, as it has become ubiquitous in daily life, making it a valuable skill for children to have for the future. Despite technology’s important place in education,

  • 4 out of 10 school’s IT budgets are slashed for the upcoming school year
  • More than a quarter of schools have a $0 IT budget for this year

Technology in schools is not limited to instruction. Sensitive information about faculty, staff, and students is stored on administrative computers. This information needs to be protected from cybercriminals, which is difficult for schools with little to no IT budget. Schools without adequate protection put local families, faculty, and expensive hardware at risk.

AVAST Free for Education helps schools by providing them with enterprise-grade antivirus protection for free, saving school districts an average of $14,285 a year. The AVAST Free for Education program saves school IT departments money they can spend on software and hardware upgrades or use for supplies and salaries.

EDU infograph August 2014

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.


August 25th, 2014

Win a free avast! Mobile Premium license

AVAST is celebrating 100 million downloads of avast! Mobile Security & Antivirus for Android.

We want to protect your Android phone and tablets, so we’re giving you the chance to win a free license for the most trusted Android security product in the world!

BLOG-en

How much do you know about your phone’s security?

Do you know all the ways to use avast! Mobile Security’s anti-theft feature to track your phone?

Do you know who is more at risk for getting malware on their mobile device?

Do you know how many phones are stolen every minute of every day?

Take the avast! Mobile Security quiz and find out! Answer all 5 questions correctly (don’t worry, we’ll give you hints) and you’ll be in the running to win a free 1-year license for avast! Mobile Premium! One lucky winner will win LIFETIME protection, and 10 lucky winners will receive a rare avast! teddy bear.

Here’s what to do:

  • Become an AVAST fan on Facebook
  • Enter the quiz and answer 5 questions correctly
  • Write what you think is the most serious threat to your mobile security
  • Share the quiz with your friends

Take the avast! Mobile Security quiz now!

Make sure all the Android’s in your life have protection. Install avast! Mobile Security and Antivirus from the Google Play store, https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.


August 22nd, 2014

How to look like an idiot on Facebook and Twitter

Looking like an idiot on social networks like Facebook and Twitter is not too difficult. Many people have achieved this state of being without much thought at all. So c’mon! With a little effort and commitment you can lose your job, get arrested, or alienate your friends! ;)

Facebook idiot

Here are the top 3 ways you can look like a total nincompoop on social media.

  1. 1. Post rants and other fun messages. Anger is a completely natural, healthy emotion. Some people think it’s a good idea to try to control it so they won’t, for example, drive their fist through the wall or punch their co-worker in the nose. But now, you can release all that pent up emotion by communicating your feelings on social media!

Like this woman: After being passed over for a promotion at work, an Arizona woman posted an angry Facebook message in reaction. How good it must have felt to let her frustration out. Since she was friends with her co-workers, they all saw it. It said,

This place is a joke!!! I wonder if I passed up a good opportunity by being at this place. I absolutely hate fake and lazy ppl!!! Ugh, the ones who actually work are the ones to blame??? WTF? #TwistedMinds.”

Those co-workers of hers, not the fake or lazy ones,  were sure to surround her with support and encouragement after reading how distressed she was.

Oh. Oops. They couldn’t encourage her. She was fired shortly after that rant.

Here’s an example of a proud daughter bragging about her father. That’s really sweet, isn’t it? Most teenagers complain about their parents, but this Florida girl took to Facebook right away to express her joy about an $80,000 age-discrimination lawsuit her father won from a former employer, a posh private school. She had plenty of classmates at the school who saw the post. She wrote,

 Mama and Papa Snay won the case against Gulliver. Gulliver is now officially paying for my vacation to Europe this summer. SUCK IT.

It’s so nice that a young girl wants to travel in Europe for the summer…all that history and culture…and the food…

Oh. Oops. The school’s administrators and lawyers also got to see her message. The lawyers were not amused, so they invoked the confidentiality order and voided her father’s settlement.

Read more on our blog about dumb things people post.

TIPS

  • Before posting, take a moment to rethink what you just entered in the newsfeed. Re-read what you wrote before hitting the publish button.
  • Take advantage of Facebook Groups or Google+ circles to make sure your messages get to the right people.
  1. 2. Let it all hang out: Ignore your privacy settings. In the excitement of daily life, it’s easy to forget how many people can read your posts. From co-workers to your mom, even strangers; virtually anyone can read your angry rant, your drunken Tweet, or see Selfies of your trip to the mall when you were supposed to be home sick in bed. When I read about this guy, I knew you’d like it too – it’s so cute.

Read more…


August 21st, 2014

Employees using public Wi-Fi put sensitive business data at risk – VPN services provide proper protection

travel tipsJohn Smith works for a small business with ten employees. The company is sending John abroad to meet with potential investors. Being the productive employee that John is, he connects to the public Wi-Fi provided by the airport to do some work. He visits the investors’ websites and sends a few emails to his colleagues. On the flight, John continues to surf the web using the in-flight Wi-Fi. Once John lands he goes to a café before his first meeting. At the café he connects to the Wi-Fi to download a revised version of his presentation. After his meetings, John goes to his hotel for the night. There, John connects to the hotel’s Wi-Fi to send his boss a summary of the meetings and to catch up on some news from home. To John’s disappointment, local news videos are blocked due to geographic restrictions.

This sequence of events is typical for traveling business professionals. Connecting to public Wi-Fi frequently while on the go may be a great way to get work done, but it can be dangerous if employees don’t use a VPN (Virtual Private Network) connection.

During John’s journey he connects to four different hotspots. John works for a small business, so they do not have an IT administrator who set up a secure VPN for John to use. John therefore transferred valuable information, entered log in credentials, and browsed websites that reveal his business’ intentions without any protection. Anyone could observe which websites John visited, read messages he sent, and access files he transferred via unsecured sites with tools readily available online.

Unless you are visiting sites beginning with HTTPS, your communication is unencrypted. This means all your communication is out in the open for anyone to see, including log in credentials. Sharing information, such as files, via file transfer protocol (FTP) while connected to public Wi-Fi is also never a good idea. Like visiting non-HTTPS sites, files and data transferred via FTP are up for grabs.

Don't forgetSmall businesses, without a VPN network, should turn to VPN services, like avast! SecureLine VPN to protect their data. A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects business data, thus preventing hackers from accessing files and other sensitive information stored on the device. VPNs also anonymize location; an added plus for when business professionals who need access to content from home that may be blocked while traveling.

REMEMBER THIS!

With a VPN connection you can:

  • Protect your business data by preventing hackers from accessing files and other sensitive information stored on the device
  • Anonymize your location (IP address) online so you can access restricted content from home that might be blocked while traveling (Netflix, anyone?)
  • Hide your login details from snoops on public Wi-Fi. Avast encrypts all of your web use, including log ins and passwords.

avast! SecureLine VPN is available in packages of three, five or ten licenses and can be purchased from authorized AVAST resellers. avast! SecureLine VPN can also be purchased directly from the AVAST online shop.

Read more about VPN and avast! SecureLine from these blog posts:

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.


August 19th, 2014

Reveton ransomware has dangerously evolved

The old ransomware business model is no longer enough for malware authors. New additions have made Reveton into something even more powerful.

Reveton

The latest generation of Reveton, the infamous “police” lock screen/ransomware, targets new black market business. The authors upped the ante of the despised malware from a LockScreen-only version to a dangerously powerful password and credentials stealer by adding the last version of Pony Stealer.  This addition affects more than 110 applications and turns your computer to a botnet client.

Reveton also steals passwords from 5 crypto currency wallets. The banking module targets 17 German banks and depends on geolocation. In all cases, Reveton contains a link to download an additional password stealer. The most common infection is via the well-known exploit kits, FiestaEK, NuclearEK, SweetOrangeEK, etc.

Pony stealer module

Reveton use one of the best password/credentials stealer on the malware scene today. Pony authors conduct deep reverse engineering work which results in almost every password decrypted to plain text form. The malware can crack or decrypt quite complex passwords stored in various forms.

The stealer includes 17 main modules like OS credentials, FTP clients, browsers, email clients, instant messaging clients, online poker clients, etc and over 140 submodules.
Reveton modules

Read more…

Comments off

August 18th, 2014

A look into the future of mobile hacks

crystal ball 1

Mobile malware is maturing quicker than PC threats did.

Mobile malware analyst Filip Chytry looks into his crystal ball and predicts where cybercrooks are headed next.

The majority of mobile malware AVAST has in its database comes from unofficial app stores. As we wrote about in The Fine Line between Malicious and Innocent Apps, infiltrating official app markets like Google Play is rather difficult. Therefore, it is very likely that mobile malware authors will look for other ways to hack mobile devices, which contain a plethora of valuable and sensitive information.

App servers and base transceiver stations (BTS), which enable communication between mobile networks and devices, will most likely be targeted next by mobile hackers. Man-in-the-middle attacks via app servers mean that mobile hackers may redirect communication between mobile app users and the app’s server or infect app users’ by pushing malware onto user devices via the apps on their devices.

Mobile operators should be prepared for a BTS attack, as this may be possible in the near future. Not only would hackers be able to spread malware to mobile users via a BTS attack, but infected BTS could re-route all incoming mobile data.

Another possibility is that hackers could intercept communication between mobile users and app servers. Hackers could retrieve banking details if they intercept the communication between a user completing a transaction using a mobile banking app.

Mobile malware is in its infancy; at the moment comparable to a toddler. Mobile users, security providers, app markets, and mobile operators should brace themselves for the teenage version of mobile attacks.

AVAST will continue to be one step ahead of mobile malware authors, protecting avast! Mobile Security users from malware and other mobile security risks. Download avast! Mobile Security for free.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.