Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

June 13th, 2014

Everything you always wanted to know about avast! GrimeFighter, but were afraid to ask!

In April 2014, we introduced avast! GrimeFighter in 14 languages, offering our product to millions of users. Ever since then, avast! GrimeFighter became one of the most popular new products among our users. However, many of you still don’t know the benefits of it or what avast! GrimeFighter does. Therefore we have prepared a series of articles to show you the functionality of our grime-fighting minions! Learn everything you always wanted to know about avast! GrimeFighter, but were afraid to ask!

1. Who are the minions?

They might look like funny characters from an animated movie. The minions, however, are serious warriors against all kind of dirt that accumulates on your computer over time. Removing “Grime” is quite a sophisticated process, and it must be done properly. Our minions must be very careful not to remove unnecessary items, as well as look through the entire system so as not to miss something.  Each of the characters play an important role in the cleaning process, to achieve one common goal: Speed up your PC and optimize it’s performance.  Meet the “mean and lean” GrimeFighter crew:

Grime crew1

Grime crew Read more…

June 10th, 2014

Keep your phone safe from hackers and thieves while on vacation

Traveling to Brazil for the 2014 FIFA World Cup, or just headed out to your local beach for a daytrip? You remember to pack your sunglasses, a hat, and plenty of sunblock, but don’t forget that your mobile gadgets need protection too.

world-cup-hackers Here’s a couple more items for your packing list:

  • avast! SecureLine VPN to protect against dodgy public WiFi
  • avast! Mobile Security and Anti-Theft to protect against thieves

That free WiFi HotSpot could get you in hot water!

Spectators at the 2014 FIFA World Cup Brazil will have lots of choices of free WiFi. At least 6 of the 12 World Cup stadiums have access to free WiFi built in, and planners have created WiFi hotspots across 2,300 access points, including parks, squares, and public transit stations. Fans not watching in person will check scores on their phone or watch live streaming matches by connecting to free WiFi at hotels and bars.

“A WiFi attack on an open network can take less than 2 seconds,” tweeted @ExtremeNetworks recently. Cybercrooks can access and steal your personal data when you connect to these unprotected networks. Having your identity stolen and bank account emptied out while on vacation could ruin any trip – even one to paradise!

“Hackers target public hotspots, where it’s easy to follow every move that users of the WiFi connection make, allowing them to access emails, passwords, documents, and browsing behavior,” said Vincent Steckler, Chief Executive Officer of AVAST Software.

Use a VPN service to make sure that doesn’t happen. avast! SecureLine VPN protects your privacy by making your logins, emails, instant messages, and credit card details invisible to spying.

Read more…

Comments off
June 9th, 2014

Are hackers’ passwords stronger than regular passwords?

Hackers use weak passwords just like the rest of us.

librarian_dict_sm

Nearly two thousand passwords used by hackers were leaked this week, when I tried to decode a PHP shell without knowing the key. Because I did not know the exact content of the encoded file and searching the key could take me years, I chose a different approach. I decided to find out how strong passwords used by hackers are and create a dictionary. :)

Over the years of fighting malware, the avast! Virus Lab has gathered many samples of various back-doors, bots and shells. Some of them are protected with a password encoded in MD5, SHA1 or in plain text, so it was good way to start. I looked at 40,000 samples of hackers’ passwords and found that nearly 2,000 were unique and 1,255 of those were in plain text. Another 346 passwords were easily cracked from MD5 hashes, because they were shorter than 9 characters. That gave me a total of 1,601 passwords and 300 hashes. I created statistics from those words, and here are my findings.

1Passwords that nobody will guess

Percentage of characters used in hackers' passwords

About 10% of the passwords were beyond normal capabilities of guessing or cracking. Of those, I found words as long as 75 characters, probably generated by a computer. Some of them were in long sentence form mixed with special characters such as lol dont try cracking 12 char+. Too bad it was stored in plain text. ;)

There were also passwords that don’t use characters from an English keyboard. But there was still a 90% chance it could be a normal word, maybe with some number in it. No less than 9% of the passwords could be found in an English dictionary.

The table on the right shows which characters are used in hackers’ passwords. The first row means that 58% of passwords contained only lower-case alphabet characters a-z. Read more…

June 5th, 2014

SimplLocker does what its name suggests: Simply locks your phone!

A new Android mobile Trojan called SimplLocker has emerged from a rather shady Russian forum, encrypting files for ransom. AVAST detects the Trojan as Android:Simplocker, avast! Mobile Security and avast! Mobile Premium users can breathe a sigh of relief; we protect from it!

malware, mobile malware, Trojan, SimplockerThe Trojan was discovered on an underground Russian forum by security researchers at ESET. The Trojan is disguised as an app suitable for adults only. Once downloaded, the Trojan scans the device’s SD card for images, documents and videos, encrypting them using Advanced Encryption Standard (AES). The Trojan then displays a message in Russian, warning the victim that their phone has been locked, and accusing the victim of having viewed and downloaded child pornography. The Trojan demands a $21 ransom be paid in Ukrainian currency within 24 hours, claiming it will delete all the files it has encrypted if it does not receive the ransom. Nikolaos Chrysaidos, Android Malware Analyst at AVAST, found that the malware will not delete any of the encrypted files, because it doesn’t have the functionality to do so. Targets cannot escape the message unless they deposit the ransom at a payment kiosk using MoneXy. If the ransom is paid the malware waits for a command from its command and control server (C&C) to decrypt the files.

What can we learn from this?

Although this Trojan only targets a specific region and is not available on the Google Play Store, it should not be taken lightly. This is just the beginning of mobile malware, and is thought to be a proof-of-concept. Mobile ransomware especially is predicted to become more and more popular. Once malware writers have more practice, see that they can get easy money from methods like this, they will become very greedy and sneaky.

We can only speculate about methods they will come up with to eventually get their malicious apps onto official markets, such as Google Play, or even take more advantage of alternative outlets such as mobile browsers and email attachments. It is therefore imperative that people download antivirus protection for their smartphones and tablets. Mobile devices contain massive amounts of valuable data and are therefore a major target. 

Ransomware can be an effective method for criminals to exploit vulnerable mobile users, many of which don’t back up their data. Just as in ransomware targeting PCs, this makes the threat of losing sentimental data, such as photos of family and friends or official documents, immense.

Don’t give cybercriminals a chance. Protect yourself by downloading avast! Mobile Security for FREE.

June 4th, 2014

Black marketed Windows banking & POS Trojan Minerva turns in-the-wild

10309990_1418461665091456_1542203837_oThe path from the creation of malicious program to its delivery onto victims’ computers is long nowadays and involves many different players with the same goal – to make a financial gain. Malware authors usually offer their software to cyber criminals who in turn distribute it via underground forums. This is the how they keep their anonymous status. We have previously seen many famous malicious programs start this way.

In the past, the Russian banking Trojan Carberp was heavily advertised on shady forums. In the beginning of the year, an attempt to sell a new ransomware called Prison Locker was reported. Last year, we blogged about Trojan Solarbot which choose to promote itself through a well- designed website, appearing very official.

However, we don’t always know all the details about every piece of malware, from the code to how it is being distributed. The Trojan dubbed i2Ninja, for example, made headlines last year, but we never received a real sample containing all the functionalities the media reported on. Or do you remember the Hand of Thief Trojan for Linux desktops? Its variant for the Android platform was also advertised, but again, we never encountered it in our Virus Lab. These advertisements could have lacked the real code behind them or may have gone under in the pile of cyberthreats.

In March 2013 a new banking Trojan dubbed Minerva was introduced on a Russian forum. We will see that it is awfully successful in what it promised to do. Read more…

June 4th, 2014

How to protect yourself from the coming virus apocalypse

After the takedown of a major botnet, users have a “two-week window” to protect themselves against a powerful computer attack that ransoms people’s data and steals millions of dollars from unsuspecting victims. 

Zeus_Banner_blhd01
If you read our blog, you are familiar with the dangers of the Zeus Trojan and ransomware, and how people get infected. Here’s a quick review:

1. The victim opens a carefully crafted email which is designed to look like it came from their bank or a well-known company.
2. The victim clicks on and runs an email attachment.
3. Malicious software like the one making the news now, Gameover Zeus, releases a Trojan which searches the computer for passwords and financial data.
4. Once Gameover Zeus finds what it’s seeking, cybercrooks instruct CryptoLocker, ransomware software, to hijack the computer, encrypt the files, and demand payment for it to be unlocked. To get access to your computer again, you must pay a ransom within a set amount of time.
5. Once infected, the computer becomes part of the global botnet.

The good news

Led by the FBI, agents from Europol and the UK’s National Crime Agency (NCA) brought two computer networks that used the Gameover Zeus botnet and Cryptolocker ransomware to infect up to a million computers and cost people more than $100 million under control of the good guys.

The bad news

As we explained in our blog post yesterday, GameOver Zeus May not be as Over as You Think, cybercrooks could conceivably build another botnet to replace the ones that were shut down.

Why the two-week window?

This window is based on the amount of time the FBI thinks they can ”hold the upper-ground against the cybercriminals.” Two weeks should be enough time for computer users to update their operating system software and security software and disconnect infected computers.

Steps to take now to protect your computer

Read more…

Comments off
June 3rd, 2014

GameOver Zeus May not be as Over as You Think

The FBI, along with the Department of Justice, announced a multinational effort on their website that has disrupted a botnet called GameOver Zeus. GameOver Zeus has infected millions of Internet users around the world and has stolen millions of dollars.

AVAST detects and protects its users from CryptoLocker and GOZeus.

Everyone should have up-to-date antivirus protection on their computer. AVAST detects and protects its users from CryptoLocker and GOZeus.

 

The UK’s National Crime Agency (NCA) has worked closely with the FBI to crack down on the GameOver Zeus botnet. The NCA has given infected users a two week window to get rid of the malware and those lucky enough to have thus far been spared, the opportunity to safeguard themselves against future attacks. The two week window is an estimation on how long it will take cybercriminals to build a new botnet. The FBI has stated on their website that GameOver’s botnet is different from earlier Zeus variants in that the command and control infrastructure communicates peer-to-peer, rather than from centralized servers. This means that any infected computer can communicate controls to other infected devices. If cybercriminals build a new botnet, which will likely happen, the new botnet can resurrect dormant infected machines and continue to infect new users while stealing financial and personal information from innocent victims.

Do you really have two weeks, and what should you do?

Who knows how long it may take for a new botnet to emerge; it could appear tomorrow or in two weeks. People should not take this threat lightly and should act immediately. Read more…

June 3rd, 2014

New avast! Account with Facebook Security is here. Join Beta testing

Security and privacy on Social Media is a big topic at AVAST. While our antivirus products protect your various devices from malware infection spread on social channels, your privacy is still exposed to the public.

Not anymore!

It’s been a while, since we acquired Secure. me and it’s a superb product. Our team worked hard to integrate the privacy solution into our security portfolio. Now we are proud to introduce the result: Beta version of the avast! Facebook Security.

We are very excited to hear your feedback on the product. Experienced users are most welcome to participate in the Beta Testing. We await your feedback on the product features, user interface, bug reporting, your general experience, as well as your suggestions for the final name of the product. Moreover avast! Facebook Security is a part of the new avast! Account look and  your feedback on it is more than appreciated.

To make your life easier, we will guide you through all the steps, starting from:

How to participate in beta testing?

1. Log in our new version of the AVAST account.

Facebook Security

Read more…

June 1st, 2014

Kids use their parent’s smartphones, not to call grandma, but to visit sites with adult content

Have you ever been on a long road trip with your children? Then you will agree: It’s great to have something to entertain your children, to distract them from the boring drive. Today smartphones and tablets are a great source to keeping kids occupied for long periods of time, not only on the road. AVAST has found out that four out of five parents share their mobile devices with their kids. This is the result of a survey AVAST conducted amongst 1,500 parents in celebration of today’s International Children’s Day. Children are very tech-savvy and technology can be a great teaching tool, if kids use it appropriately. However, our survey results show that kids don’t always choose the most kid friendly apps and activities while using their parents’ devices.

11 to 15 year olds seem to be the most curious – and most at risk

Many kids do mischievous things once they get their hands on their parents’ devices, however our survey has shown that 11 to 15 year olds are most likely to use smartphones and tablets for risky activities. It’s not surprising that anything inappropriate is interesting to kids; 32% of parents admitted that their child has accessed adult content using their mobile device. More than half of these kids were between the ages of 11 and 15 years old. The risk here is not only the child getting in contact with adult content, but the whole device and other family members are at risk as well: Mobile sites and ads including adult content often lead to phishing sites or sites including malware that is downloaded with the tap of a finger.

Sending messages in their parents’ name, behind their parents’ backs also seems to be a fun thing for kids to do, with 19% of parents claiming their child has hit the send button. Again, the sneakiest age group is 11 to 15 years old, 45% of messages were sent by them. If children send text or social media messages in their parents’ name, this can lead to embarrassing situations – or cause real damage, e.g. if a child sends an email from their parents’ business email address. 

In addition to this, 7% of kids accessed apps that contained banking or credit card information and 6% used their parents’ device to make purchases without their parents’ knowledge. Once again the age group 11 to 15 years was the one caught red-handed the most – 44% of the 7% of kids that accessed apps containing banking and credit card information and 52% of the 6% of kids that made purchases were 11 to 15 years old.

Many children and teenagers have their own devices

AVAST asked the 20% of parents who don’t share their devices with their kids, why they choose not to do so. Of these, 38% said their kids have their own devices, 40% think their kids are too young (between the ages of 0 to 10 years old), and 22% don’t trust their kids. Out of the 22% that said they don’t trust their kids with their devices, 11 to 15 years old was the most mistrusted age group. Despite this, of the 38% parents that said their kids have their own devices, 48% are between the ages of 11 and 15. Based on what parents caught their 11 to 15 years doing with their mobile devices, can you imagine what these kids may be doing if they have their own device?

Safety tips for kids using mobile devices

Be aware of the sites your children are visiting. The Internet contains everything from cute cats to adult films – do you know which your kids are accessing? Talk to your kids, let them know that not everything online is necessarily safe and keep an eye on what they’re doing online. Also, often apps and ads with adult content can link to malicious sites– so make sure your device is safe. Install an antivirus app like avast! Mobile Security on your phone to protect you and your family.

Lock apps that can make purchases. Any apps containing banking information or that have credit card information saved to make purchases should be password protected, whether your child has their own mobile device or borrows yours. App stores such as Google Play and iTunes make it easy to purchase apps, all you have to do is type in your account password. Even if you don’t think your child knows the password, make sure you add a second layer of protection by password-locking certain apps.

Talk to them about messaging apps. In one of our recent blog posts we discussed the importance of talking to your kids about cybersecurity, especially when it comes to messaging apps and social media. Whether they are borrowing your phone or using their own device, talk to your kids about what information they should share, who they should talk to online and how they should be talking to others.

Talk to them about the value of money. Kids may not realize that the things they order or download online cost actual money. The fact that they can’t visualize online transactions makes it seem like the things they are ordering online must be free! Come up with an agreement, either allow your kids to make purchases online if they consult with you first, or if in the instances of apps, they are free. You could even give your kids app store gift cards as their allowance.

Infographic: Here's what kids are doing with your smartphone

May 30th, 2014

Dear Download Scammers… GAME OVER

shutterstock_107284424I get asked this question pretty often: “Soooo IF you do not spend any money on advertising, or on retail presence, and nothing on pre-installations and OEMs, then how do you get new users?

Well, most often thanks to word-of-mouth. It goes something like this:

Step 1: The need

A PC user with an expiring or troublesome antivirus figures out he has a need for new security. (This does not happen to Mac users because of course they DO know Macs don’t need any AV…  ;)

Step 2: The call

A PC user calls his favorite geek or IT friend who knows EVERYTHING about computers. Yes, a PC user could also make the effort and learn about it himself, read some reviews, check some comparative tests, and so on, but that takes too much time.

Step 3: The advice

“get avast free antivirus …” OR “download avast free” OR “install avast home version”. Then your friendly geek hangs up because his time is valuable.

Step 4: The what?

The PC user is not really sure what it was he needs to do or where to go or how to spell it, but for this we have Google. So, he googles it out. Voila! Easy!

Step 5: Download

Google lists out the search results, the PC user goes to any of the top links, clicks-through to AVAST page and downloads avast! Free Antivirus. Some 15 million people do this every month, and right after they would choose install>accept>next>next>finish>thank you. Read more…

Categories: General, Marketing Tags: ,