After the takedown of a major botnet, users have a “two-week window” to protect themselves against a powerful computer attack that ransoms people’s data and steals millions of dollars from unsuspecting victims.
If you read our blog, you are familiar with the dangers of the Zeus Trojan and ransomware, and how people get infected. Here’s a quick review:
1. The victim opens a carefully crafted email which is designed to look like it came from their bank or a well-known company.
2. The victim clicks on and runs an email attachment.
3. Malicious software like the one making the news now, Gameover Zeus, releases a Trojan which searches the computer for passwords and financial data.
4. Once Gameover Zeus finds what it’s seeking, cybercrooks instruct CryptoLocker, ransomware software, to hijack the computer, encrypt the files, and demand payment for it to be unlocked. To get access to your computer again, you must pay a ransom within a set amount of time.
5. Once infected, the computer becomes part of the global botnet.
The good news
Led by the FBI, agents from Europol and the UK’s National Crime Agency (NCA) brought two computer networks that used the Gameover Zeus botnet and Cryptolocker ransomware to infect up to a million computers and cost people more than $100 million under control of the good guys.
The bad news
Why the two-week window?
This window is based on the amount of time the FBI thinks they can ”hold the upper-ground against the cybercriminals.” Two weeks should be enough time for computer users to update their operating system software and security software and disconnect infected computers.
Steps to take now to protect your computer
The FBI, along with the Department of Justice, announced a multinational effort on their website that has disrupted a botnet called GameOver Zeus. GameOver Zeus has infected millions of Internet users around the world and has stolen millions of dollars.
The UK’s National Crime Agency (NCA) has worked closely with the FBI to crack down on the GameOver Zeus botnet. The NCA has given infected users a two week window to get rid of the malware and those lucky enough to have thus far been spared, the opportunity to safeguard themselves against future attacks. The two week window is an estimation on how long it will take cybercriminals to build a new botnet. The FBI has stated on their website that GameOver’s botnet is different from earlier Zeus variants in that the command and control infrastructure communicates peer-to-peer, rather than from centralized servers. This means that any infected computer can communicate controls to other infected devices. If cybercriminals build a new botnet, which will likely happen, the new botnet can resurrect dormant infected machines and continue to infect new users while stealing financial and personal information from innocent victims.
Do you really have two weeks, and what should you do?
Who knows how long it may take for a new botnet to emerge; it could appear tomorrow or in two weeks. People should not take this threat lightly and should act immediately. Read more…
Security and privacy on Social Media is a big topic at AVAST. While our antivirus products protect your various devices from malware infection spread on social channels, your privacy is still exposed to the public.
It’s been a while, since we acquired Secure. me and it’s a superb product. Our team worked hard to integrate the privacy solution into our security portfolio. Now we are proud to introduce the result: Beta version of the avast! Facebook Security.
We are very excited to hear your feedback on the product. Experienced users are most welcome to participate in the Beta Testing. We await your feedback on the product features, user interface, bug reporting, your general experience, as well as your suggestions for the final name of the product. Moreover avast! Facebook Security is a part of the new avast! Account look and your feedback on it is more than appreciated.
To make your life easier, we will guide you through all the steps, starting from:
How to participate in beta testing?
1. Log in our new version of the AVAST account.
Have you ever been on a long road trip with your children? Then you will agree: It’s great to have something to entertain your children, to distract them from the boring drive. Today smartphones and tablets are a great source to keeping kids occupied for long periods of time, not only on the road. AVAST has found out that four out of five parents share their mobile devices with their kids. This is the result of a survey AVAST conducted amongst 1,500 parents in celebration of today’s International Children’s Day. Children are very tech-savvy and technology can be a great teaching tool, if kids use it appropriately. However, our survey results show that kids don’t always choose the most kid friendly apps and activities while using their parents’ devices.
11 to 15 year olds seem to be the most curious – and most at risk
Many kids do mischievous things once they get their hands on their parents’ devices, however our survey has shown that 11 to 15 year olds are most likely to use smartphones and tablets for risky activities. It’s not surprising that anything inappropriate is interesting to kids; 32% of parents admitted that their child has accessed adult content using their mobile device. More than half of these kids were between the ages of 11 and 15 years old. The risk here is not only the child getting in contact with adult content, but the whole device and other family members are at risk as well: Mobile sites and ads including adult content often lead to phishing sites or sites including malware that is downloaded with the tap of a finger.
Sending messages in their parents’ name, behind their parents’ backs also seems to be a fun thing for kids to do, with 19% of parents claiming their child has hit the send button. Again, the sneakiest age group is 11 to 15 years old, 45% of messages were sent by them. If children send text or social media messages in their parents’ name, this can lead to embarrassing situations – or cause real damage, e.g. if a child sends an email from their parents’ business email address.
In addition to this, 7% of kids accessed apps that contained banking or credit card information and 6% used their parents’ device to make purchases without their parents’ knowledge. Once again the age group 11 to 15 years was the one caught red-handed the most – 44% of the 7% of kids that accessed apps containing banking and credit card information and 52% of the 6% of kids that made purchases were 11 to 15 years old.
Many children and teenagers have their own devices
AVAST asked the 20% of parents who don’t share their devices with their kids, why they choose not to do so. Of these, 38% said their kids have their own devices, 40% think their kids are too young (between the ages of 0 to 10 years old), and 22% don’t trust their kids. Out of the 22% that said they don’t trust their kids with their devices, 11 to 15 years old was the most mistrusted age group. Despite this, of the 38% parents that said their kids have their own devices, 48% are between the ages of 11 and 15. Based on what parents caught their 11 to 15 years doing with their mobile devices, can you imagine what these kids may be doing if they have their own device?
Safety tips for kids using mobile devices
Be aware of the sites your children are visiting. The Internet contains everything from cute cats to adult films – do you know which your kids are accessing? Talk to your kids, let them know that not everything online is necessarily safe and keep an eye on what they’re doing online. Also, often apps and ads with adult content can link to malicious sites– so make sure your device is safe. Install an antivirus app like avast! Mobile Security on your phone to protect you and your family.
Lock apps that can make purchases. Any apps containing banking information or that have credit card information saved to make purchases should be password protected, whether your child has their own mobile device or borrows yours. App stores such as Google Play and iTunes make it easy to purchase apps, all you have to do is type in your account password. Even if you don’t think your child knows the password, make sure you add a second layer of protection by password-locking certain apps.
Talk to them about messaging apps. In one of our recent blog posts we discussed the importance of talking to your kids about cybersecurity, especially when it comes to messaging apps and social media. Whether they are borrowing your phone or using their own device, talk to your kids about what information they should share, who they should talk to online and how they should be talking to others.
Talk to them about the value of money. Kids may not realize that the things they order or download online cost actual money. The fact that they can’t visualize online transactions makes it seem like the things they are ordering online must be free! Come up with an agreement, either allow your kids to make purchases online if they consult with you first, or if in the instances of apps, they are free. You could even give your kids app store gift cards as their allowance.
Well, most often thanks to word-of-mouth. It goes something like this:
Step 1: The need
A PC user with an expiring or troublesome antivirus figures out he has a need for new security. (This does not happen to Mac users because of course they DO know Macs don’t need any AV…
Step 2: The call
A PC user calls his favorite geek or IT friend who knows EVERYTHING about computers. Yes, a PC user could also make the effort and learn about it himself, read some reviews, check some comparative tests, and so on, but that takes too much time.
Step 3: The advice
“get avast free antivirus …” OR “download avast free” OR “install avast home version”. Then your friendly geek hangs up because his time is valuable.
Step 4: The what?
The PC user is not really sure what it was he needs to do or where to go or how to spell it, but for this we have Google. So, he googles it out. Voila! Easy!
Step 5: Download
Google lists out the search results, the PC user goes to any of the top links, clicks-through to AVAST page and downloads avast! Free Antivirus. Some 15 million people do this every month, and right after they would choose install>accept>next>next>finish>thank you. Read more…
The World Cup in Brazil is just two weeks away, are you in the soccer spirit? The AVAST mobile malware team and I have tournament fever and have been downloading games and other soccer related apps from the Google Play store. We unfortunately noticed that some of the fun apps we downloaded weren’t as entertaining as we thought they would be…
AVAST detects fake soccer gaming app: Android:FakeViSport
Some of the Android gaming apps we downloaded primarily displayed ads instead of letting us play. Let me just point out a few from many. We were unable to play Corner Kick World Cup 2014 at all because it displayed nothing but a white screen, with ads popping up now and then. This app struck me as odd from the get go. When I checked the size of the app I noticed it was really tiny, less than 1MB. What kind of game can you expect from an app this size?! What is even more interesting is that the game is made by a developer called VinoSports. If you check the rest of his apps offered on Google Play they are all the same – just blank applications stuffed with advertisements.
This is unfortunately a quite common and sneaky way for developers to make some money. With applications like this, the only person who benefits from them are the developers. They may get some money if you actually click on the ads their apps display. We decided to block apps from VinoSports. From now on, they will be detected as Android:FakeViSport. They are fake applications in that they pretend to be something desirable, but they aren’t.
Some apps are in the gray zone
The second app I would like to mention is Fifa 2014 Free – World Cup. The app comes from a pretty big developer, “Top Game Kingdom LLC”, who has plenty of apps on Google Play and other stores. This however does not mean the app should be trusted. Fifa 2014 Free – World Cup, can be considered, at the very least, suspicious.
As for the app Football World Cup 14: The application’s installation package name doesn’t have anything to do with the name of the app itself. The app is called Football World Cup 14, yet its installation package is called “com.topgame.widereceiverfree”.Football World Cup 14, also known as “Widereceiverfree” requests access to information that has nothing to do with the app’s function, like location, call log, and to other accounts on the phone.
Weirdly enough the Football World Cup 14′s developer has even more applications on the market, most of them behave similarly. They pretend to be something different than what they really are. In the end you might get something that can be considered a game, a game with plenty of obstacles such as and with permissions that could easily misuse personal information.
Apps that display ads are not necessarily malicious. Plenty of apps, especially free apps, are funded by ads. They can, however, be annoying, particularly when they don’t go away and prevent you from using the app itself. Apps that access more information from your phone than they need to function seem harmless, especially since there is no visible evidence of this happening, but they can cause more harm than you may think.
We recommend you to take a closer look at the apps you download during tournament time, be it gaming apps, live streaming apps or apps that allow you to bet for your national team, to make sure you stay safe and as ad free as possible!
Things to look out for when downloading apps:
- Make sure you download from official apps markets. Many of our mobile malware samples come from unofficial app markets, only very few come from the official Google Play store.
- Download official apps you can trust. Google Play is an open and developer friendly platform, which is why it contains a plethora of apps. We totally understand why people are sometimes overwhelmed with all the apps they can choose from, we found over 125 vuvuzela apps on Play! We recommend users play it safe and download official apps from developers they can trust. Trusted developers appreciate their users, meaning they want to provide them with a quality product, not one that is flooded with apps. FIFA has a great live score/news appand EA Sports has an official FIFA gaming app.
- Compare app functionalities to the access they request. Some apps need access to certain data on your device, a map app needs access to your location so it can give you directions. App access requests start becoming suspicious when for example your vuvuzela app wants access to your location. Unless your new vuvuzela app uses your location to determine what country you are in to then play your country’s national anthem, why does it need to know your location? Always be cautious when giving apps access and make sure the requests make sense depending on what the app does. You don’t want to carelessly hand over sensitive information that could later be used against you.
- Read user comments. You can’t always trust what people write online, but if multiple people really appreciate or dislike an app you can get a good idea of whether or not you should download it based on the feedback they give.
Our mobile security app avast! Mobile Premium has an Ad Detector feature. Ad Detector finds out which apps are linked to ad networks and provides details of their tracking system, so you have a full overview of all the ad networks contained within your apps.
You can download avast! Mobile Security for free from Google Play or for additional features, like Ad Detector, you can download avast! Mobile Premium for $1.99 a month.
AVAST Software is a global leader in the security field. With nearly 220 million activly protected devices and its users we can call ourselves the most trusted antivirus company in the world, especially since 60% of our users install avast based on recommendation. This is already a solid reason to join the AVAST team, but is that all that AVAST is about? No!
1. AVAST has the X-factor. Voted Czech Republic’s Best Employer
If you are talented and creative and want to show it off, AVAST is the place for you! Become one of our code masters, product ninjas, customer care gurus, ecom commandos, marketing geniuses or an indispensable!
AVAST is headquartered in Prague, one of TripAdvisor’s Top 5 Cities in the world for 2014. With the largest castle in the world and historic gothic churches, as well as a lively music scene complemented by top-tier restaurants, Prague is a city that has learned to dance easily between the ancient and modern. Not mention, the cheapest beverage you can get in the Czech Republic isn’t a tap water, its legendary Czech beer! :)
3. Size matters!
The AVAST team is the perfect size with approximately 400 people. We are not a large, anonymous corporation! There is a great chance you will meet new friends and perhaps even your soul mate ;). Amongst our employees 20% are women and we speak more than 40 languages, including everything from Chinese and Japanese to Arabic and Hebrew. We have 30 different nationalities on our team!
4. Your place to grow!
You will get a chance to develop professionally in many fields. Our experts visit and speak at prestiges conferences and trainings, we even offer Czech languages courses!
We’re sorry that you lost your phone. You are not alone. Over one hundred smartphones are lost or stolen every minute of every day, but unfortunately 34% of smartphone owners haven’t protected their phone like you did. Congratulations on taking the initiative to back-up your data! We found out that half of smartphone owners don’t back up their data, even though they are concerned about losing it. (This seems to be theme – same thing happens with changing passwords.)
If there’s no way to recover the device, then you are wise to use avast! Mobile Security to remotely wipe your phone of all your personal data.
Avast! Mobile Security and Anti-Theft has remote features that allow you to take certain actions. Wiping the phone can be carried out by SMS command. This is useful in your case when you do not expect to get your phone back and you do not want a thief to access your personal data. Read about how you can set up remote control on your Android phone.
Thorough wipe allows avast! to permanently and irreversibly delete the content of any SD card when wiping the phone. Wiping smartphones using up to Android 2.1 is somewhat restricted as a factory reset of the phone is not possible. However, avast! will try to delete as much as possible, for example contacts, call logs, SMS/MMS, browser history and SD card content, but not emails or apps.
From Android 2.2 onwards, a full factory reset is possible so you have full wipe capabilities. However, please be aware that this will also delete avast! Anti-Theft, unless it was installed as a rooted application.
The thorough wipe will take up to ten minutes, and will physically and irrecoverably delete the actual contents of your SD card. It is your choice whether to select the maximum level of security by using the thorough wipe option.
Protect your data with avast! Anti-Theft
To do a full wipe, avast! Anti-Theft needs to be configured in the advanced settings as a device administrator, otherwise applications, emails etc. will not be deleted. Download and install avast! Mobile Security and Anti-Theft from the Google Play store.
Don’t forget to backup your data with avast! Mobile Backup. It saves your contacts, call logs, SMS history, photos, and other irreplaceable data to your AVAST Account (and, optionally, Google Drive) to ensure that your priceless data is never lost. Download avast! Mobile Backup for free from Google Play.
All SMS commands, along with a short description how everything works is explained in our manual (PDF). It’s short and easy to understand.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.
The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.
This issue only affects our community-support forum. Less than 0.2% of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.
We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.
We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.
CEO AVAST Software
Security matters to everyone, however security of our children is our top priority. We make sure that they are safe at school, home, and on the streets. Equally we need to provide them with a safe experience in the cyberworld. Recently, we published a blog about general online security of the children, which suggested that you take time and help your child with privacy settings on Facebook. Don’t worry, if you have no clue where to start, we will guide you through the labyrinth of sophisticated security and privacy settings settings. Follow our tips to secure yourself and your child on the most popular social network.
Like other Internet giants, Facebook has been especially vulnerable to criticisms about privacy. In particular, critics have complained that even if you deactivate your account, the information can still remain on the network and be subject to web searches.~ comments Mashable in the article on recent Facebook privacy update
Following users’ complaints regarding privacy issues, Facebook decided to change the default settings of your status updates to be the visible for Friends only instead of Public. This however applies to Facebook newbies only! So if you and your children are already users, you still have a job to do!
Facebook regularly updates its settings and as a result your profile settings can be restored to the default. In terms of privacy it means: Everything is PUBLIC. Therefore it’s extremely important to review your profile regularly . You will not be able to influence everything, however there are an advanced number of settings that can be fully controlled by you. The three basic areas that you should focus on are:
- 1. Who can see your posts and images?
- 2. Who can contact you?
- 3. How you can help your child block harassing Facebook friends.
You will find this setting in the right top corner on the blue bar, in the Privacy Shortcuts section. Click on the See More Settings to open the window below and follow our suggestions.