Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘hackers’
August 18th, 2014

A look into the future of mobile hacks

crystal ball 1

Mobile malware is maturing quicker than PC threats did.

Mobile malware analyst Filip Chytry looks into his crystal ball and predicts where cybercrooks are headed next.

The majority of mobile malware AVAST has in its database comes from unofficial app stores. As we wrote about in The Fine Line between Malicious and Innocent Apps, infiltrating official app markets like Google Play is rather difficult. Therefore, it is very likely that mobile malware authors will look for other ways to hack mobile devices, which contain a plethora of valuable and sensitive information.

App servers and base transceiver stations (BTS), which enable communication between mobile networks and devices, will most likely be targeted next by mobile hackers. Man-in-the-middle attacks via app servers mean that mobile hackers may redirect communication between mobile app users and the app’s server or infect app users’ by pushing malware onto user devices via the apps on their devices.

Mobile operators should be prepared for a BTS attack, as this may be possible in the near future. Not only would hackers be able to spread malware to mobile users via a BTS attack, but infected BTS could re-route all incoming mobile data.

Another possibility is that hackers could intercept communication between mobile users and app servers. Hackers could retrieve banking details if they intercept the communication between a user completing a transaction using a mobile banking app.

Mobile malware is in its infancy; at the moment comparable to a toddler. Mobile users, security providers, app markets, and mobile operators should brace themselves for the teenage version of mobile attacks.

AVAST will continue to be one step ahead of mobile malware authors, protecting avast! Mobile Security users from malware and other mobile security risks. Download avast! Mobile Security for free.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

August 7th, 2014

Russian hackers steal 1 billion passwords – now what?

Change your passwords every six months or after news of a breach

Change your passwords every six months or after news of a breach

Reports on “the biggest hack ever” recently surfaced. A Russian hacker group allegedly captured 1.2 billion unique username and password combinations.

With this latest security breach, AVAST encourages consumers to take necessary precautions. Change your passwords immediately and if you’re using the same password somewhere else, you must change it there, too. Choose complex passwords so it will be more difficult for hackers to de-encrypt them. In general, we recommend changing passwords every three to six months, or after news of a breach.

A password manager like avast! EasyPass helps encrypt and protect personal information online, with random, strong passwords. avast! Easy Pass generates complex passwords and removes the inconvenience of having to remember them.

If financial and credit card data is compromised in an online threat, AVAST advises users to monitor and check their accounts for unauthorized charges and to immediately report any suspicious activities to their bank or card provider.

Interested in reading more?

Try our articles on creating strong passwords:  Do you hate updating your passwords whenever there’s a new hack? and My password was stolen. What do I do now?

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

June 9th, 2014

Are hackers’ passwords stronger than regular passwords?

Hackers use weak passwords just like the rest of us.

librarian_dict_sm

Nearly two thousand passwords used by hackers were leaked this week, when I tried to decode a PHP shell without knowing the key. Because I did not know the exact content of the encoded file and searching the key could take me years, I chose a different approach. I decided to find out how strong passwords used by hackers are and create a dictionary. :)

Over the years of fighting malware, the avast! Virus Lab has gathered many samples of various back-doors, bots and shells. Some of them are protected with a password encoded in MD5, SHA1 or in plain text, so it was good way to start. I looked at 40,000 samples of hackers’ passwords and found that nearly 2,000 were unique and 1,255 of those were in plain text. Another 346 passwords were easily cracked from MD5 hashes, because they were shorter than 9 characters. That gave me a total of 1,601 passwords and 300 hashes. I created statistics from those words, and here are my findings.

1Passwords that nobody will guess

Percentage of characters used in hackers' passwords

About 10% of the passwords were beyond normal capabilities of guessing or cracking. Of those, I found words as long as 75 characters, probably generated by a computer. Some of them were in long sentence form mixed with special characters such as lol dont try cracking 12 char+. Too bad it was stored in plain text. ;)

There were also passwords that don’t use characters from an English keyboard. But there was still a 90% chance it could be a normal word, maybe with some number in it. No less than 9% of the passwords could be found in an English dictionary.

The table on the right shows which characters are used in hackers’ passwords. The first row means that 58% of passwords contained only lower-case alphabet characters a-z. Read more…

May 21st, 2014

eBay becomes victim of security breach

Auction giant eBay requests 128 million users to change their passwords after hack.

tweet ebay

In a blog post from the company, eBay Inc. said a cyberattack “compromised a database containing encrypted passwords and other non-financial data.” There is no evidence that the compromise resulted in users’ financial or credit card information being stolen, but the company is telling all users to change their passwords.

Users need to be alert even after their passwords have been changed. After a breach like this the risk that hackers will use their personal information to commit identity fraud and launch phishing attacks increases. As always, do not click on links in emails, or give personal information over the phone. If you need to discuss your account information, please contact eBay’s customer service by phone or via their website.

“The eBay breach is yet another password issue like Heartbleed. It is really important that people take this seriously, ” said Ondrej Vlcek, Chief Operating Officer of AVAST Software. “Data from our recent survey shows that nine out of ten people intended to change their passwords after Heartbleed, but only 40% took action. This careless attitude is completely irresponsible; people have to take the initiative to protect themselves.”

A password manager like avast! EasyPass helps encrypt and protect personal information online, with random, strong passwords. Learn about creating strong passwords by reading our blog, My password was stolen. What do I do now?

Two weeks ago, eBay discovered that cyberattackers broke into their corporate network through a small number of employee log in credentials. They revealed that the database was actually compromised in late February and early March, and included eBay customers’ name, encrypted password, email address, physical address, phone number and date of birth. However, the database did not contain financial information or other confidential personal information.

Another eBay compromise yesterday

Yesterday in an unrelated attack, eBay’s UK and French advertisement network was compromised and showed fake Java and Flash updates. This malicious advertising replaced the visited page and an installer offered a Potentially Unwanted Program (PUP).  As of last night, they were working to resolve the issue. avast! Antivirus detected the compromise and alerted users.

“Third party ad networks are useful to attackers because the number of connections delays taking malicious content down,” explained Honza Zika, malware analyst in the avast! Virus Lab. “Instead of a normal ad, the attacker deploys a code that redirects to the attacker’s page. It’s designed to look like an official Flash or Java page, but installs unwanted toolbars, addons, extensions or other PUPs. avast! detected this and protected our users.”

Thanks to independent researcher Malekal for his work on this compromise. Read more on his blog.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , ,
February 24th, 2014

avast! SecureLine VPN protects you from the Apple Exploit

A major Apple security flaw allows cybercrooks and spies to grab personal information like email, credit card numbers, and other sensitive data. Apple confirmed researchers’ findings that the same SSL/TSL security flaw fixed with the latest iOS 7.0.2 update is also present in notebook and desktop machines running OS X.

Please apply the patches as advised in this post.

It is clear that we need constant protection to cover flaws that will always exist; flaws that we are not even aware of. Reuter‘s reported that

The bug has been present for months, according to researchers who tested earlier versions of Apple’s software. No one had publicly reported it before, which means that any knowledge of it was tightly held and that there is a chance it hadn’t been used.

But documents leaked by former U.S. intelligence contractor Edward Snowden showed agents boasting that they could break into any iPhone, and that hadn’t been public knowledge either.

It’s very public now, and that means the race is on between cybercrooks to exploit the flaw and Apple to fix it. You are exposed until the bugs are identified by the vendor, a patch is created, and it’s pushed out or you install it. Your vulnerability increases when you use public WiFi Hotspots.

Your best protection is constant protection

ios-vpn (1)

 

It’s precisely because we put ourselves at risk by using free WiFi, and we don’t know when the next security crisis is coming that we need constant protection. SecureLine VPN is that protection. Read more…

Categories: General, Mac Tags: , , , , , ,
February 8th, 2014

My password was stolen. What do I do now?

howto2_en

Update: The new eBay hack has customers changing passwords again. If you’re sick of changing your password every month after yet another breach, it’s time to consider a password management program like avast! Easy Pass.

The massive hack against Target, in which 40 million credit and debit card numbers were stolen, began with stolen login credentials from the air-conditioning repairman. This illustrates the old adage, “a chain is only as strong as its weakest link.”

While consumers can’t control why a third party contractor would have external network access at a major retailer, there are some things you can do to protect yourself.

How can I be notified if my email address or password was hacked?

Every two seconds in the US, someone becomes a victim of identity fraud. With 13.1 million victims last year and multiple companies (Facebook, Target, Neiman Marcus, Adobe) being exploited, there is a good chance you could be among them. You can use the have i been pwned notification service to learn if your email address was included in a large data breach. This service allows you to enter an email address and will notify you if your address appears in any databases added to the service. I learned that my email address was stolen from the Adobe breach, but thankfully, I haven’t been notified of anything else.

pwned

What’s your weakest link?

You can’t stop shopping, but there are things you can do (other than paying cash only) if you’ve become the victim of hacking.

  1. 1.  Change your passwords We’ve talked about it plenty of times, but here’s a reminder: Make passwords long and strong. Combine capital and lowercase letters with numbers and symbols to create a more secure password. eNcrYP0123tion$ is stronger than Encryption123. If you can’t remember different passwords for all the accounts you have, use a password manager like avast! EasyPass. Read more…
Comments off
February 6th, 2014

Going to the Olympics? Prepare to be hacked

If you are one of the thousands of visitors headed to Sochi, Russia for Friday’s 2014 Winter Olympics opening ceremony then you will be hacked. Richard Engel, from NBC news, reported that it’s not if you get hacked, it’s when, and he discovered that it starts from the moment you turn on your device.

In an experiment conducted by NBC Nightly News, their just out-of-the-box computer and smartphone were hacked in seconds while in Sochi. “The State Department warns that travelers should have no expectation of privacy; even in their hotel rooms. And as we found out, you are especially exposed as soon as you try and communicate with anything,” reported Engel.

“As tourists and families of athletes arrive in Sochi…if they fire up their phones at baggage claim, it’s probably too late to save the integrity of their electronics and everything inside them. Visitors to Russia can expect to be hacked,” said NBC’s anchorman Brian Williams as he introduced the report.

Watch the video report of NBC’s experiment (there’s an ad first, so give it a few seconds):

widget

Protect yourself with avast! SecureLine VPN

Wherever you travel – whether to Sochi or your neighborhood coffee shop –  you are sure to use public WiFi, which is full of security risks. That’s why we came up with a solution -  have avast! SecureLine VPN installed on your devices. avast! SecureLine is available for PCs, and just recently we released avast! SecureLine for Android and iOS devices.

How to get avast! SecureLine

avast! SecureLine for PC is available as an add-on to avast! Antivirus. Get it from our website, or open the AVAST interface, click on the Store tab and get a free trial or one-month, one-year, or two-year subscription.

avast! SecureLine VPN for your smartphone or tablet is available as a monthly or yearly subscription for Android on Google Play and for iOS in the Apple App Store.

UPDATE: NBC has taken some criticism for the story since this report, with claims that it was misleading and promoted scaremongering. The experts they worked with released a white paper describing how each new device, without the protection of antivirus software, was compromised. NBC responded by stating that their experiment was designed to “show in general how easily a non-expert can fall victim.”

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , , , , ,
July 18th, 2013

Six reasons to use avast! SecureLine VPN when traveling

Whether on business travel or vacation, you don’t want to worry about the security of your devices when you connect to the internet. Using a WiFi network in a café, airport, or hotel is a serious security risk that requires additional protection to secure your data and computer.

avast! SecureLine VPN is now completely integrated into all of AVAST’s free and premium products. Here’s the top 6 reasons why you should use avast! SecureLine VPN:

1. Hides your data from thieves – avast! SecureLine VPN encrypts your public WiFi communications. That means that someone snooping on you will see a bunch of gibberish instead of your email, files, passwords, etc.

2. Keeps eavesdroppers from listening to your VOIP calls – avast! SecureLine VPN makes your voice or video conversations through the internet using Skype or Viber, for example, safe and secure by encrypting your conversation. This allows you to talk to people without fear of being eavesdropped on by cybercrooks, your ISP, and even the government! Read more…

July 4th, 2013

The 4 sneakiest Facebook scams

social mediaMillions of people use social networks like Facebook and Twitter every day to share photos, comments, and ideas with their friends and followers. These popular platforms have become magnets for cybercrooks and are used to spread different types of scams. Hackers take advantage of the easy accessibility of data we put online to manipulate or steal them.

The security of AVAST users is a total priority for us. Therefore we monitor and warn you about new threats we discover on social media. We have noticed that while trying to be creative, scammers also run out of ideas and certain type of threats repeat periodically. Hence, we have gathered the top 4 sneakiest scams and prepared a summary of the most typical malicious behavior recently distributed via social networks.

Facebook Photo Scams

Most of us are softies and scammers know it. Who wouldn’t “like” a photo of a child in need if it could help them? Especially if it says: Each time you like the photo, you donate one cent to…, or If I collect 1,000,000 likes my parents will… Like my photo, please! Scammers count on our sympathetic hearts to respond to these calls for help, and we do by clicking like and share. Read more…

May 23rd, 2013

How do I protect my online accounts from being hacked?

How_toQuestion of the week:  First it was Facebook, then Living Social, then LinkedIn, now Twitter accounts have been hacked. How can I keep my business and personal accounts from being hacked, if the big boys can’t even protect theirs?

You are right. It seems like every week we hear about another major website or an account on a social network being hacked into. Your concern is genuine, because once hackers get in they can not only gain control of your account, but they can also get your email address, passwords, and even get access to your bank account.

There are some steps you can take.

Read more…