Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘malware’
August 19th, 2014

Reveton ransomware has dangerously evolved

The old ransomware business model is no longer enough for malware authors. New additions have made Reveton into something even more powerful.

Reveton

The latest generation of Reveton, the infamous “police” lock screen/ransomware, targets new black market business. The authors upped the ante of the despised malware from a LockScreen-only version to a dangerously powerful password and credentials stealer by adding the last version of Pony Stealer.  This addition affects more than 110 applications and turns your computer to a botnet client.

Reveton also steals passwords from 5 crypto currency wallets. The banking module targets 17 German banks and depends on geolocation. In all cases, Reveton contains a link to download an additional password stealer. The most common infection is via the well-known exploit kits, FiestaEK, NuclearEK, SweetOrangeEK, etc.

Pony stealer module

Reveton use one of the best password/credentials stealer on the malware scene today. Pony authors conduct deep reverse engineering work which results in almost every password decrypted to plain text form. The malware can crack or decrypt quite complex passwords stored in various forms.

The stealer includes 17 main modules like OS credentials, FTP clients, browsers, email clients, instant messaging clients, online poker clients, etc and over 140 submodules.
Reveton modules

Read more…

August 4th, 2014

AVAST blocks all malware in real-world test

avast! Free Antivirus blocked 100% of malware attacks in AV-Test’s “Real World” detection test.

AV-Test-June-2014Respected IT Security and Antivirus Research lab, AV-Test, put 23 antivirus products designed for the home user to the test for real-world malware blocking and detection of false positives in June. The testing scenario replicated the set-up of almost a quarter of AVAST’s 200 million users who still use Windows XP (SP3, 32-Bit, English). Just like your antivirus protection at home, the products were allowed to update themselves at any time and query their in-the-cloud services.

av-test_cert_2014_Consumer_06Avast! Free Antivirus scored 100% in protection against malware infections, such as viruses, worms or Trojan horses. AV-Test used widespread and prevalent malware discovered in the last 4 weeks, including malicious email attachements.

Avast! Free Antivirus had zero false positive detections, giving it a perfect score of 100%. False positives happen when your antivirus software erroneously identifies a file or a download as being malicious. The test included false warnings or blockages when visiting websites or when installing and using legitimate software.

Our customers are concerned about the impact antivirus protection has on their computer speed when visiting websites, downloading software, installing and running programs, and copying data. AV-Test measured the influence of each product in daily usage. On a scale with 5 being the lowest possible impact and 25 the highest impact, avast! Free Antivirus has minimal impact on system performance, scoring a very low 8.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

June 17th, 2014

AVAST kills Android ransomware with new app

avast! Ransomware Removal app eliminates Android ransomware and unlocks encrypted files, for free!

ransomware-removal-suitcase

Ransomware, the terror of Windows that locks computers, encrypts the files, then demands a hefty payment to unlock them, has made its way to Android smartphones.

“The ransomware problem is growing like hell – and it’s no longer just threatening users – the new versions actually do encrypt your files,” said Ondrej Vlcek, Chief Operating Officer at AVAST Software.

AVAST Software just released a new app called avast! Ransomware Removal that will eliminate the malware from an infected device. Get it free for your Android smartphone and tablet from the Google Play Store.

avast! Ransomware Removal will tell you if your phone has ransomware on it. If you are infected, it will eliminate the malware. Android users who are clean, can use the free app to prevent an infection from happening.

This short video shows you what actually happens when ransomware infects your Android smartphone.

The next wave of attacks

Savvy malware writers know where the next round of victims can be found. With Android at a whopping 80% worldwide market share, as well as “billions” of remaining mobile subscribers ready to upgrade to smartphones, the targets are numerous.

After detecting the massive growth of ransomware on PCs, this spring AVAST Virus Lab researchers saw the malware migrating to the Android platform. Analysts identified fake government mobile malware, and early this month a new ransomware called SimplLocker proved to be successful. This proof-of-concept worked so well encrypting photos, videos, and documents stored on smartphones and tablets, that the Virus Lab immediately ordered a tool from our mobile development team to combat it - avast! Ransomware Removal.

SimplLocker blocks access to files contained on mobile devices. Without our free ransomware-removal tool, infected users have to pay $21 to regain access to their personal files,” said Vlcek. “SimplLocker is the first ransomware that actually encrypts these files, so we developed a free tool for people to restore them.”

Find. Kill. Prevent.

Install avast! Ransomware Removal to find out if your Android devices are infected and to get rid of an infection. Anyone infected by SimplLocker, Cryptolocker, or any other type of ransomware can download the free avast! Ransomware Removal tool, and then install the app remotely on the infected device. Once installed, you can easily launch the app to scan the device, remove the virus, and then decrypt your hijacked files.

To keep your devices protected from Cryptolocker, SimplLocker, and other ransomware, make sure to also install avast! Free Mobile Security & Antivirus from the Google Play store. It can detect and remove the malware before it is deployed.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

 

May 15th, 2014

Author brings old friend back to life

Richard Skorupski is a writer and author living in South Dakota.

Richard Skorupski is a writer and author living in South Dakota.

avast! GrimeFighter cleaned “Grime” away and gave an author his beloved laptop back.

Writers have their rituals and their favorite ways to write. For example, author Truman Capote always wrote while stretched out on his couch or bed with cigarettes and drinks (mint tea in the morning; martinis at night) within reach. Philip Pullman, author of The Golden Compass famously writes in a shed by hand, using a ballpoint pen on narrow lined A4 paper (with two holes, not four). Douglas Adams typed Hitchhiker’s Guide to the Galaxy on his old Hermes 8 typewriter.

So it wasn’t much of a surprise to hear from author Richard Skorupski about the decline of a trusty “old friend.” The surprise was how avast! GrimeFighter brought that friend out of retirement. Here’s the story Richard shared with us:

A story about an old friend

For a man I can compare it to a favorite tee shirt or faded work jeans. For a woman I can compare it to a favorite pair of comfortable shoes.

That’s right I love my old laptop. It has been with me and served me well through years of blogs, rants, surfing and (of course) the writing of my books. Both Flyover County and The Fred Weber Story were written entirely on that laptop. The two books together are more than a million words. Add that to the other things I have written over the years and there is no wonder why the letters are worn off the keys. It is like having a best friend at my fingertips. My fingers fell in just the right place.

Sure the case is scratched, the battery is shot and I’m on the second screen, but it was still my favorite writing tool. That is until it got too old. As time wore on the my old friend got slower and slower. I understood, this old XP machine was born nine years ago in 2005, that has to be at least one hundred thirty in computer years. It finally got to the point where I put it out to pasture. I kept it around for the files it remembered, and picture memories it held, but I didn’t ask it for hard work anymore.

Now the turn of events. I was with my wife at an Expo Vender show in Huron, South Dakota over the weekend. There was a guy there who sells repaired and refurbished used computers. I knew him because he sold me my replacement computer a few months back. I was talking to him about my old laptop and how it now took over forty five minutes to boot up. I told him I couldn’t play with my old friend anymore because it was simply too slow. He said he may be able to fix it, no guarantees, for a fifty dollar service fee.

That got me thinking. I have seen those commercials on television for speeding up older computers. I wasn’t sure about them enough to trust what they were telling me. I had another answer. I use Avast! Antivirus software on all my home computers. They have recently produced GrimeFighter. They told me that they could make my old friend run like new again. Since I had confidence in Avast! as a company, I bought their product.

I installed the software and (after a couple calls to a very helpful customer service) the thing was off and running. Grime Figher jumped in and started cleaning. The thing took two hours to clean up years of gunk. In the end the report told me I was good to go (other than a very old battery – something I already knew).

So here I am this morning, sharing quality time with my old friend. He is feeling much better, he is spry and chipper and faster than he has been in years. I’m looking forward to all the stories we will tell together in the months (and perhaps years) to come.

Thank you Avast! Now, if you could just find a rejuvenator for humans…

avast! GrimeFighter can help you bring your own “old friend” back from the dead. Read more about how GrimeFighter can speed up your old laptop. Scan your computer for free, then buy your own GrimeFighter license, and purge Grime from your PC.

It’s been a few days since Richard let the minions clean “Grime” from his old laptop and he says, “I haven’t touched the new computer since I ran Grime Fighter on this one.”

Learn more about Richard and buy his first book from Amazon.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our avast! Business Solutions.

 

May 13th, 2014

Who protects your smartphone from cybercrooks?

Android malware analyst Filip Chytrý will be speaking at the CARO Workshop

Android malware analyst Filip Chytrý will be speaking at the CARO Workshop 2014

The avast! Virus Lab professionals work together to stop malware from attacking your Android mobile phone.

 

Filip Chytrý, an analyst in the avast! Virus Lab will Declare war against Android Malware, together with his colleague, Peter Kalnai, at the 8th International CARO Workshop held in Melbourne, Florida this week. CARO (Computer Antivirus Research Organization) is a technical gathering of malware experts from around the world who share case studies of mobile attacks, do real life attack demonstrations, and present plans for the identification and investigation of coordinated mobile threats.

Along with his specialized knowledge in Android malware, Filip is a really fun guy. I asked him a few questions, so that you could meet one of the AVAST professionals directly responsible for keeping tens of millions of Android smartphone users safe from threats.

DEBORAH Thanks for taking time during your preparations for CARO to meet our users via the AVAST blog. Your job analyzing Android-targeted malware didn’t even exist when you were a little boy. What early experiences with technology influenced your career path?

SAAB-(2)

Filip has worn cool shoes all his life

FILIP Define early. :) I’ve been addicted to PCs since childhood. I had my very first PC when I was 8 years old; some old piece of junk which was at that time probably older than I, but I still have remarkable memories of that time. So from that time on, I was influenced by technology. Even in my leisure activities, I concentrated on PCs. I went on to graduate from the School of Applications Cybernetics in Hradec Králové in Czech Republic.

DEBORAH  Protecting people’s desktop computers is how AVAST started, and now we’ve added free mobile security to our product offerings. How do we teach people to keep their smartphones and tablets safe just like their computers?
FILIP
Most people still do not realize that their smartphones actually have more computing power and abilities than the computer they had in their homes five-ten years ago. The capabilities of their devices are incredible. Data in portable devices may say more about you than data from your PC. You have location data there, pictures, social media information and so on. Read more…

Comments off
May 7th, 2014

Fake government ransomware holding Android devices hostage

Ransomware, which has already made its rounds on Windows, is now increasingly targeting the Android operating system. A new piece of mobile malware claiming to be the government under the name Android: Koler-A is now targeting users.

We have full control of your phone – give us $300 and we’ll give it back

Obrázek 1-1

The ransomware is pushed automatically from fake porn sites visited by Android users via a malicious .apk file that appears in the form of an app. The innocent appearance of the app deceives users and is a powerful social engineering tactic used by malware developers to trick people into installing malicious apps. The form of delivery is not the only thing that makes the app suspicious and potentially dangerous, but the access it seeks are highly unusual and alarming. The ransomware requests full network access, permission to run at startup and permission to prevent the phone from sleeping. Once installed the granted access allows the ransomware to take control of the device. The full network access allows the malicious app to communicate over the web and download the ransom message that is shown on the captive device. The permission to run at startup and prevent the phone from sleeping fully lockdown the phone, preventing victims from escaping the ransom message.

The ransomware localizes fake government messages, depending on the users GPS location, accusing them of having viewed and downloaded inappropriate and illegal content. What does the ransomware do next? Demands ransom of course! The ransom to regain access to the device including all of its apps, which it claims are all encrypted, is set at around $300 and is to be paid through untraceable forms of payment such as MoneyPak.

avast! Mobile Security safeguards against ransomware

Both AVAST’s free and premium mobile security apps, avast! Mobile Security and avast! Mobile Premium, protect customers from falling for the devious apps containing ransomware. AVAST detects this ransomware under the name Android: Koler-A and blocks its execution.

We recommend that everyone be cautious when downloading apps, especially from unofficial app markets. We also urge users to not open any files that have been downloaded to their device without their consent. Always check what apps want to access and in addition to being cautious, we advise people download antivirus to protect their devices. This new ransomware appearing on Android is the perfect example of how malware is starting to move away from the PC environment and into our pockets and there are no signs of this slowing down.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news and product information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.

Comments off
April 16th, 2014

Are software “Easter eggs” safe?

eggs02Easter egg hunts are a favorite activity for kids and adults alike, and on Easter Sunday, backyards, church grounds and even the White House will host their own competitions. Cyberspace has its own Easter eggs (a hidden message in software applications), and the hunt for them is just as fun as for real eggs. I asked Filip Chytrý, a researcher in the avast! Virus Lab specializing in mobile malware, about his favorite Easter eggs.

“I hate boiled eggs,” Chytrý joked, “but revealing Easter eggs in applications is pretty fun especially if you just have a clue, but don’t have any idea where to start.”

Can Easter eggs be malicious?

We’re not too keen on hidden code that no one knows about here at AVAST, so I thought it was a good question. Filip explained that to successfully make an Easter egg, the programmer has to hide the surprise from his fellow team mates and his employer, as well as the end user. It occurred to me that if programmers can hide fun things, it’s not a huge leap to hiding malicious things. Backdoors, for instance?

“We have not seen an Easter egg that might be considered as malware. There are plenty of original apps for Android which are modified to distribute malware by adding some kind of a downloader, but it’s without the user’s interaction. Easter eggs have remained harmless; Android apps – not so much,” said Chytrý.

Are there Easter eggs in mobile software?

Android developers have hidden Easter eggs within Android OS.

Easter eggs found in older version of Android OS

“There are Easter eggs in the latest versions of Android,” said Chytrý. “To access the Easter egg in your device, open the settings screen and tap About phone at the bottom of the screen. Locate Android’s version number on the about screen and quickly tap it several times.”

It worked with Android KitKat on my Nexus 4, but may not work in the modified OS of some device distributors. Find out how to access older Android OS Easter eggs.

Read more…

March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

March 27th, 2014

Pretty women. Which one will infect you?

which_one_will_infect_you

Malware which opens pictures of attractive women to entice its victims has been around for some time. Last month there were more than usual, so I decided to research malware that pretends to be a regular picture, and the results are pretty interesting.

We looked for executable samples with two distinct characteristics: 1. .jpg in their name, and 2. no older than the last three months. About 6,000 unique files which matched this criteria were found. From these samples, we noticed that pretending to be an image is not a family specific criteria but we identified that Win32:Zbot is represented more than other malware e.g. MSIL:Bladabindi-EV, Win32:Banker-JXB,BV:Bicololo-CY, etc.

The important message is that most of these samples are distributed by scams which are sent by email or posted on social media sites. An example of an email scam is pictures below. If you are interested in what the social media scam looks like and how to protect yourself, you should read one of our previous blog posts.

scam_mails

Read more…

February 7th, 2014

Research buzz: Undercover technology

darth-vader

The Force is not strong with this one

Question of the week: What is the antivirus setting called DeepScreen?

DeepScreen is a new technology inside avast! Antivirus 2014. When you are about to run a suspicious program which is not yet known to the other core antivirus technologies, DeepScreen is invoked. Its task is to simply distinguish between good and bad software. Although it seems obvious and simple, it is not.

How DeepScreen uses The Force for good

This (magic) technology is served by two software components (the Jedi, if you will) which work hand-in-hand. One of them is well known from the past: The avast! Sandbox.

When a file is “DeepScreened,” it is actually run in the Sandbox, which is mainly responsible for keeping things isolated while watching for various high-level events and behavior of the program running. For example, it monitors the system call invocation and overall behavior of the program which is being executed. This seems to be just enough to distinguish between the Dark Side and the Light Side of the Force, but unfortunately, it is not that simple.

Firstly, how can you tell good and bad behavior apart? There are plenty of legitimate software products that use “weird” techniques to protect themselves. On the other hand, there is a bunch of malware samples that look innocent and behave well.

Secondly, malware is used to hiding away from the vigilant eyes of the Sandbox. The most common and powerful technique is encryption. In fact, there are more ways of encrypting and packing these well - known bad guys and rendering them undetectable than there are distinct malware samples.

SafeMachine: The new Jedi Order

deepscreenNow, let me introduce you to our new good guy: SafeMachine 2, a dynamic binary instrumentation tool and generic unpacker. Yes, a real Jedi Knight!

With the latest version of avast! Antivirus 2014, this technology is fully involved in fighting the bad guys. Whenever DeepScreen runs something in the Sandbox, it also performs binary instrumentation of the process.

Read more…