Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘infection’
February 14th, 2013

Malware: Dollar Equals Tilde Square Brackets

Recently we encountered a very suspicious piece of code on some Joomla-powered webpages. The code looks as if garbled and without any special meaning, and starts like this:

original

Upon closer observation, several strange things are to be noted. First, there are no alphanumerical symbols to be seen in any part of the code. Second, on the line before this code starts, there is actually an HTML tag indicating a start of Javascript code (<script>), preceded by 37 tabs. Therefore, when opening an infected file in a text editor, one cannot normally see the starting tag, because it is shifted all the way to the right. To be able to see it, you either have to horizontal scroll, or have word wrap on. The same trick is performed with the script closing tag as well. Why would anyone try to hide these tags? The answer is simple, to trick people into thinking this is not actually a Javascript code.

Read more…

Comments off
September 21st, 2012

MSIE 0day – continued (with a bit of Flash as well)

While we were researching the websites currently serving the new Microsoft Internet Explorer (IE) zero-day threat, we found that the new attack is being piggybacked on a slightly older attack aimed on industrial companies’ websites.

The hacked legitimate websites contain on their main pages a hidden iframe.

Read more…

Comments off
September 19th, 2012

New Microsoft IE Zero-day attack

It was brought to our attention by this thorough Eric Romang article that a new zero-day exploit (an exploit actively used by cybercriminals in the wild) targets a bug in Microsoft’s Internet Explorer (IE) 7 & 8, and with some help from Java, it could be also exploited on IE 9, as confirmed by the Metasploit firm. At this time, as there is yet no patch from Microsoft, what can you do?

Read more…

October 19th, 2011

The last frontier – Infected…

I’m not sure if I mentioned this already, but my wife went for a week-long holiday with friends last Friday therefore I’m quite busy babysitting this week, taking care of the kids and household, and, not surprisingly, running out of steam. That is my excuse for just having a very short post today.  But back to the subject:

Do you know what is the ultimate irony in the life of a virus analyst?

This is when he needs some books about coding (actually, a book on subject “language of math”) and the special online shop that deals with this kind of literature is itself infected…   The bug name is “VBS:Obfuscated-gen” and because the site is still infected, I won’t disclose its name. Who knows.  You might get tempted to go look around the site for some math or coding literature.

… and Michal (the victim) thank you for the tip ;)

August 17th, 2011

avast! Free Antivirus – yes, it’s that good

New Zealand’s state MetService website was hijacked by malware (apparently a fake antivirus) during a particularly high time for traffic, according to a stuff.co.nz news article. The article has prompted more than 100 comments in the first day, mostly from understandably upset site visitors who may have picked up the malware on their computers.

Here, however, I just want to show you one comment, as it’s nice to see this sort of feedback in the real world. It’s no secret that we typically offer our free version in tests against our competitors’ paid-for versions, but even the results from independent testing facilities don’t feel as rewarding as  feedback like this from our user community:

Fortunately for those MetService users who were not using avast!, they can install it now and run the avast! boot-time scan — and that should do the trick. ;)

 

June 3rd, 2009

gumblar.cn summary

In the previous month the World Wide Web was subject to one of the heaviest attacks since it first came into existence. Thousands of legitimate websites were attacked by the Trojan horses JS:Redirector-H and JS:Redirector-J, the aim of which was to infect millions of unsuspecting users.  avast! was the first antivirus program to detect the infection right at the start and all users of avast! were protected throughout the duration of the attack. Now, more than a month after the attack was first detected, it is possible to assess the attack.

Read more…

Comments off