Question of the week: I have avast! Free Antivirus on my computer and I love it, but isn’t antivirus for a smartphone overkill? I mean, there are not so many threats to a phone, are there?
This is a question being asked by lots of security firms lately, and the answer is a resounding, YES. As smartphones and tablets become increasingly popular, so do threats that target mobile devices exclusively. Two particular studies published lately have pointed to an increase in mobile malware over the past year.
Android is in the bull’s eye
Make sure you friend Avast on Facebook so you won’t miss our original comic strip, MALWARE ATTACKS!!. Here’s a quick catch-up in case you missed the first installment -
We meet unfortunate aliens fleeing their embattled home world in search of help against the evil Malware Empire. The fate of their planet rests on their success.
Alien visitors come to Earth seeking help from Avast against the evil Malware Empire.
The desperate aliens visit Avast headquarters to ask for help to defeat the evil Malware Empire. Just like 177 million Earthlings who use Avast to protect themselves, the aliens find what they are looking for.
Armed with avast! Free Antivirus 8, the aliens race back to their home planet. Victory against the evil Malware Empire is assured.
Thanks to avast! Free Antivirus 8, the galaxy is once again protected against Malware. Our heroes are awarded with the medal for bravery, and avast! 8 takes its place of honor in history.
Protect your world with avast! 8. From avast! Free Antivirus to our newest top-tier suite, Avast Premier 8, it can all be found on http://www.avast.com
Recently we encountered a very suspicious piece of code on some Joomla-powered webpages. The code looks as if garbled and without any special meaning, and starts like this:
A serious new vulnerability notice about Java exploits has been issued by the Department of Homeland Security’s Cybersecurity Division. Java 7 Update 10 and earlier contain a vulnerability that can allow a remote attacker to execute malware on vulnerable systems.
A French researcher called Kafeine discovered that a number of websites using the exploit are able to download files directly to the victim’s computer, and execute actions such as installing ransomware. “Hundreds of thousands of hits daily where i found it,” he wrote on his blog. “This could be a mayhem.”
Disable Java in web browsers
Some webpages may include content or apps that use the Java plug-in. There is no fix for this yet, so it is recommended that you protect yourself by disabling Java in your particular browser. Please see our previous blog How do I disable Java in my browser for instructions.
For a higher level of security, it is possible to entirely prevent any Java apps from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. Disabling Java through the Java Control Panel will disable Java in all browsers.
The latest version of Android 4.2, code-named “Jelly Bean” has been released some time ago. While being just an incremental update to the major 4.0 release “Ice Cream Sandwich”, Google introduced some major new features within that update. While offering multi-user support and improved notifications, a new feature which is being promoted heavily, is the built-in app scanner which should protect Android devices from being infected by malware.
The client side app scanner of Android 4.2 is the next step in Google’s attempts to protect their Android ecosystem from malware threats, after introducing Bouncer, a server-side malware scanner used by Google to analyze apps that are being uploaded to Google Play Store. Bouncer was announced in February 2012 and is Google’s approach to prevent malware from being uploaded to the Google Play store as a first line of defense.
Now, some authors claim that third party mobile security tools are most likely not needed anymore, because Google now already pre-checks all mobile apps. I’ve been closely monitoring all those changes and improvements because I wanted to make my own mind on how successful these attempts by Google would be and to find out how our Android antivirus scanner delivered within our free avast! Mobile Security suite (http://www.avast.com/free-mobile-security) would stack up to what the operating system vendor itself would be able to provide.
Since months before the release of avast! Mobile Security in December 2011, our virus lab was working on setting up the initial state of our Android malware database. The database contains signatures of all the malicious files our virus lab guys find over time and is being extended day-by-day to contain definitions of the newest threats in real-time. Currently, tens of millions of Android devices owned by our users download those definitions every day to their avast! client side scanners. So I just went to our virus lab and asked the guys there to provide me with some statistics on the growth of our Android malware database.
As I already stated, Bouncer was thought to be the first line of defense, and tries to protect the main source of app downloads from malicious offerings. Could it be that as a result of introducing Bouncer, our malware database stopped growing or started to decline in size when Bouncer was introduced? Has Google been successful? See for yourself:
Android Malware Database History (Click to enlarge)
Obviously, since February 2012, our Android malware growth has not started to decline; it has not even stalled its growth, but has been continuously growing since that point in time. Read more…
Lots of smartphone users are still unaware of the actual risks arising from the use of smartphones based on operating systems, and they have a tendency to underestimate their security risks. Be honest, how many of you check if an application you install on your phone comes from a trusted source? Do you check which permissions the applications has? How many of you install applications that have “cool icons” and don’t check anything else?
I’ve asked a few people these questions, and was totally surprised by their answers! Even IT geeks don’t read permissions of applications and they just click and install whatever they find. What’s WORSE is that most of them think they are secured without any security application.
Do you remember my last article? We identified something very similar, also coming from blog and upload services such as 4shared. It’s really strange how many hijacked and infected applications are offered through those services.
One month ago, I pointed out a really nasty malware that pretends to be a Google Play app. I looked into what the creators of that malware have been doing for the last month. They definitely haven’t been lazy.
For the last two weeks, we saw more mutations of similar malware, with similar behavior. It sends numerous paid SMS messages to premium numbers without the user being aware of it. They try to pretend it is some kind of wanted application, but you obviously don’t want that.
This malware hide themselves under legitimate-sounding names like Flash Player, Talking Tom Cat, Kaspersky Lite, etc. But many of the apps have something in common: The package name is the same in hundreds of them. But don’t worry, all of them are detected.
My phone is infected! What can I do?
This leads me to the most important point of this blog post. For those who still believe they are fine without antivirus protection on their smartphone, there are a few steps to follow when you realize your phone is acting strangely.
1) Switch off GSM module or take out your SIM card immediately. (This should disconnect your phone from the mobile network and prevent losing your money.)
2) Restore your phone back to factory setup. (Malware should be removed, as well as all your data.)
3) Put your SIM card back, and you can use your phone again.
Is there a safer and easier way to protect my smartphone?
Luckily, yes. Malware that we meet comes mostly from untrusted sources. People often put the name of a wanted application in their browser and just click on the first URL that comes up. That practice is, of course, really dangerous. The viruses mentioned above come from file sharing servers such as 4shared.com, filestube.com, rapidshare.com, fake blogs, or from fake Android stores. Those file sharing servers are suspicious sources and one should not download applications from there. Even on Google Play you can find a dangerous application once in a while, so you should be cautious even when you look for applications there!
Here’s a quick example. When you search for popular games, for example, “Asphalt 6 adrenaline скачать бесплатно” (free download in Russian language) in one of the top pages on Google you will find a pretty nasty blog full of repacked games but with a small gift in the form of a malware.
My recommendation is to use an antivirus program on your phone – for example, avast! Free Mobile Security – and download applications from less dangerous sources – for example, Google Play, Amazon.com, etc.
The avast! Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. Programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files. This feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab.
Here’s how it works: By default, if an application is started and avast! detects anything suspicious, it will automatically run the application in the Sandbox. The advantage of running an application in the Sandbox is that it allows you to check suspicious applications while remaining completely protected against any malicious actions that an infected application might try to perform.
The browser or other application will then open in a special window with a red border, indicating that it is being run inside the Sandbox. When the Sandbox is closed, it will be restored to its original state and any downloaded files or changed browser settings will be automatically deleted.
You can change the AutoSandbox settings, so that avast! will ask you first before putting an application in the Sandbox. In the settings, the AutoSandbox can also be disabled completely, or you can specify any files or applications that should be excluded and never run automatically in the Sandbox. In the “Browser Protection” tab, you can further specify that your browsers should always be run in the Sandbox to ensure you are protected while surfing the web.
To learn more about the AutoSandbox, please read our previous blog, AutoSandbox – why are you annoying me?
You can ask questions, make comments, learn about security issues, or just say hello on our avast! Antivirus page on Facebook. Over 2 million people have “liked” us. Will you please Like avast! today?
Avast! Free Antivirus won the top rating for malware removal from independent research organization AV-Comparatives last month, and this month is the only antivirus solution that also received the ADVANCED+ award for performance. The latest performance test measured the impact on system resources and speed of 19 antivirus products, and avast! Free Antivirus was the best scoring FREE product again.
AV-Comparatives performance testing is a series of real-world scenarios that includes downloading, extracting, copying, and encoding files, installing and launching applications, in addition to an automated testing suite. The ranking system is three-levels: “Standard,” “Advanced” and “Advanced+” awards. To receive the “Advanced+” award, avast! Free Antivirus was compared to mostly paid-for antivirus suites based on how much impact the product has on system resources, including protection against ‘real-world’ zero-day malware attacks, detection of a representative set of malware discovered in the last 2-3 months, false positive rates, and scanning speed. Avast was the highest scoring free product and out-shined a host of paid-for products and other free products.
These results are proof that it is not necessary to pay for excellent quality antivirus protection. Avast! Free Antivirus provides award-winning high protection rates against malware without degrading the system performance or troubling users.
AVAST Software has teamed up with Facebook to help you and your friends stay safe. AVAST is sharing its Virus Lab data with Facebook in the combined attempt to prevent malware being shared unknowingly by Facebook users. Whenever someone clicks a link within Facebook, Facebook checks the URL in the AVAST cloud, in real time. If the URL is infected, the user sees a message warning of the potential threat.
Nearly half of the world’s Internet users log onto Facebook each month to share interesting things, play games, check in to shops and restaurants, tag photos, and most of all, connect with their friends. Facebook’s networks of more than a billion people make it attractive to cybercrooks who try to gain access to our accounts and passwords. Once in, crooks use our connections to spread hoax messages or malicious apps to our friends, attempting to trick them into sending money or sharing personal information. Who among us hasn’t been curious about celebrity death rumors, tempted by free gift cards, or concerned because our friend was mugged and stranded in a foreign country?
“We’ve seen that the most prominent way of spreading malware now is through links to infected websites, rather than the traditional method of emailing infected files,” said AVAST Software CEO Vince Steckler. “Our Virus Lab has tracked about 2 million infected websites just in the last 12 months and the best way to stop these infections is to prevent links to them being shared.”
Over 160 million people use avast! for their PCs, Macs and Android devices, and they work together in a vast network of anonymous security sensors called CommunityIQ. These sensors provide information about possible suspicious files which allow new threats to be detected and neutralized almost as soon as they appear.
“Nothing is more important to us than the safety of our users and their data. Beginning today, Facebook will be able to leverage Avast’s feed of malicious URLs to augment our existing site integrity systems and those in our community will be able to download Avast’s software to better protect themselves and their devices. We look forward to working with Avast to provide an even more secure experience for those who use our service,” said Joe Sullivan, CSO of Facebook.
Earlier this week, a new variant of the Dorkbot/Ruskill malware attacked users of the Skype video calling service. This malware can affect a huge amount of sites and online services and can attack almost all known web browsers such as Internet Explorer, Firefox, Chrome, Opera, Flock and other programs such as MSN, wlcomm.exe etc.
The avast! VirusLab analyzed this malware, which you can read about in articles published on the web, but none analyzed the new module that can hijack Skype messenger which is now the bigger threat to users. This module has a packed form around 70KB. After the removal of the custom packer / loader the pure size is 16 384b. The module is very small but includes 31 known language versions of phishing messages that appear in the Skype messenger window. This localization is based on OS language via GetLocaleInfo API. After bypass return value you can see different language mutations.
Sample of phishing messages in various languages:
- lol is this your new profile pic?
- hey é essa sua foto de perfil? rsrsrsrsrsrsrs
- hej je to vasa nova slika profila?
- hey c’est votre nouvelle photo de profil?
- ?hey esta es tu nueva foto de perfil?
- hey ini foto profil?
- hei er dette din nye profil bilde?
- hej to jest twój nowy obraz profil?
- hey ito sa iyong larawan sa profile?
- ?aquesta és la teva nova foto de perfil?
- hej detta är din nya profilbild?
- hej jeli ovo vasa nova profil skila?
- hey la anh tieucua ban?
- sa k’vo profili lusankary
- hey e la tua immagine del profilo nuovo? Read more…