Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘malware’
February 7th, 2014

Research buzz: Undercover technology

darth-vader

The Force is not strong with this one

Question of the week: What is the antivirus setting called DeepScreen?

DeepScreen is a new technology inside avast! Antivirus 2014. When you are about to run a suspicious program which is not yet known to the other core antivirus technologies, DeepScreen is invoked. Its task is to simply distinguish between good and bad software. Although it seems obvious and simple, it is not.

How DeepScreen uses The Force for good

This (magic) technology is served by two software components (the Jedi, if you will) which work hand-in-hand. One of them is well known from the past: The avast! Sandbox.

When a file is “DeepScreened,” it is actually run in the Sandbox, which is mainly responsible for keeping things isolated while watching for various high-level events and behavior of the program running. For example, it monitors the system call invocation and overall behavior of the program which is being executed. This seems to be just enough to distinguish between the Dark Side and the Light Side of the Force, but unfortunately, it is not that simple.

Firstly, how can you tell good and bad behavior apart? There are plenty of legitimate software products that use “weird” techniques to protect themselves. On the other hand, there is a bunch of malware samples that look innocent and behave well.

Secondly, malware is used to hiding away from the vigilant eyes of the Sandbox. The most common and powerful technique is encryption. In fact, there are more ways of encrypting and packing these well - known bad guys and rendering them undetectable than there are distinct malware samples.

SafeMachine: The new Jedi Order

deepscreenNow, let me introduce you to our new good guy: SafeMachine 2, a dynamic binary instrumentation tool and generic unpacker. Yes, a real Jedi Knight!

With the latest version of avast! Antivirus 2014, this technology is fully involved in fighting the bad guys. Whenever DeepScreen runs something in the Sandbox, it also performs binary instrumentation of the process.

Read more…

February 6th, 2014

Going to the Olympics? Prepare to be hacked

If you are one of the thousands of visitors headed to Sochi, Russia for Friday’s 2014 Winter Olympics opening ceremony then you will be hacked. Richard Engel, from NBC news, reported that it’s not if you get hacked, it’s when, and he discovered that it starts from the moment you turn on your device.

In an experiment conducted by NBC Nightly News, their just out-of-the-box computer and smartphone were hacked in seconds while in Sochi. “The State Department warns that travelers should have no expectation of privacy; even in their hotel rooms. And as we found out, you are especially exposed as soon as you try and communicate with anything,” reported Engel.

“As tourists and families of athletes arrive in Sochi…if they fire up their phones at baggage claim, it’s probably too late to save the integrity of their electronics and everything inside them. Visitors to Russia can expect to be hacked,” said NBC’s anchorman Brian Williams as he introduced the report.

Watch the video report of NBC’s experiment (there’s an ad first, so give it a few seconds):

widget

Protect yourself with avast! SecureLine VPN

Wherever you travel – whether to Sochi or your neighborhood coffee shop –  you are sure to use public WiFi, which is full of security risks. That’s why we came up with a solution -  have avast! SecureLine VPN installed on your devices. avast! SecureLine is available for PCs, and just recently we released avast! SecureLine for Android and iOS devices.

How to get avast! SecureLine

avast! SecureLine for PC is available as an add-on to avast! Antivirus. Get it from our website, or open the AVAST interface, click on the Store tab and get a free trial or one-month, one-year, or two-year subscription.

avast! SecureLine VPN for your smartphone or tablet is available as a monthly or yearly subscription for Android on Google Play and for iOS in the Apple App Store.

UPDATE: NBC has taken some criticism for the story since this report, with claims that it was misleading and promoted scaremongering. The experts they worked with released a white paper describing how each new device, without the protection of antivirus software, was compromised. NBC responded by stating that their experiment was designed to “show in general how easily a non-expert can fall victim.”

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , , , , ,
January 27th, 2014

Malformed FileZilla FTP client with login stealer

Beware of malformed FileZilla FTP client versions 3.7.3 and 3.5.3. We have noticed an increased presence of these malware versions of famous open source FTP clients.

The first suspicious signs are bogus download URLs. As you can see, the installer is mostly hosted on hacked websites with fake content (for example texts and user comments are represented by images.)

web_01 web_02 web_03

 

Malware installer GUI is almost identical to the official version. The only slight difference is version of NullSoft installer where malware uses 2.46.3-Unicode and the official installer uses v2.45-Unicode. All other elements like texts, buttons, icons and images are the same.

The installed malware FTP client looks like the official version and it is fully functional! You can’t find any suspicious behavior, entries in the system registry, communication or changes in application GUI.

The only differences that can be seen at first glance are smaller filesize of filezilla.exe (~6,8 MB), 2 dll libraries ibgcc_s_dw2-1.dll and libstdc++-6.dll (not included in the official version) and information in “About FileZilla” window indicates the use of older SQLite/GnuTLS versions. Any attempt to update the application fails, which is most likely a protection to prevent overwriting of malware binaries.

about_windows

Read more…

January 23rd, 2014

WhatsApp bogus email tries to install Zeus Trojan on your computer

whatsapp-logoHave you received an email from WhatsApp? No? That’s because the company usually sends their users messages directly via the app itself, typically notifying them of updates. If you have received an email from WhatsApp recently, we urge you to not open it and to delete it immediately. The email is a hoax that contains malware.

Within the last few days, an email with the subject line “Missed voice message” has spread with the sender name “WhatsApp Messenger.” The message asks recipients to “please download attached file,” a file named “Missed-message.zip.”

Our antivirus lab expert, Peter Kálnai, told us, “It has never been WhatsApp’s strategy to send you missed voice messages in an email and they haven’t started to do so now. Instead of a voice message, it includes a zipped attachment with an executable file under the same name missed-message.exe. This file is able to download any malware attackers want to load onto their victim’s computer, including the Zeus Trojan, also known as one of the most dangerous banking trojans.”

Zeus lies silently on users’ computers until they log on to a banking website. Once on a banking site, Zeus collects the users’ personal data and online banking information. Read more about how avast! Antivirus blocks Zeus Trojans.

The popular mobile messaging service, WhatsApp, recently announced they now have more than 430 million Android and iPhone users. This is a great success for WhatsApp, but at the same time makes it an attractive target for cybercriminals, as the amount of potential victims is huge.

Does avast! Antivirus protect against the WhatsApp malware?

Yes! AVAST detects the executable files spread in the ZIP file in different versions and protects all of its more than 200 million users from this threat. Besides using AVAST, we recommend users use common sense and think twice when they receive an email from an app that usually never chooses to address its users via email. Also, in general, trustworthy companies don’t send attachments unless you have requested specific documents, so do not open any email attachments if you haven’t requested them, and always use caution when downloading files from the Internet.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , ,
Comments off
January 17th, 2014

Has the NSA installed spyware on your new computer before you opened the box?

nsaAn article in German magazine Der Spiegel stated that the NSA is capable of installing backdoors on devices by Juniper Networks (firewall manufacturer), Cisco and Huawei (giant network device manufacturers), and also, Dell. According to the article, a special hacking team intercepted some new computer deliveries to secretly install spyware in these machines. Der Spiegel did not reveal how they got access to this information, although it’s public that they have access to secret information leaked by the former NSA contractor, Edward Snowden.

The magazine has access to secret documents describing a method of direct attack on an end-user device called “interdiction.” If a person was being investigated and bought a new computer, the Tailored Access Operations division (TAO) of the NSA could have access to it. They collect online information using a tool called XKeyscore, like the British journal The Guardian revealed last July. They also are able to redirect the internet traffic to their own servers. Der Spiegel said that this redirection occured with high success (50%) when people were browsing the professional network LinkedIn.

But I’m not interesting enough…

Ok. You’ll say that you’re not included in the “interesting” people to be investigated by the NSA. What you need to know, quickly, is that there are tons of spyware and behavior monitoring tools being distributed all over the world. Our team detected more than 6 million of them disguised as toolbars for browsers. These nasties monitor everything from your browser habits to your personal information.

Similar to NSA, some “security companies” do this dirty job of monitoring. Did you read about avast! BrowserCleaner yet? You can get rid of spyware toolbars using this tool inside avast! Antivirus products, or you can download the standalone version here. Learn more about it in this blog entry. And, of course, do not forget to alert your friends and family.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , , ,
January 8th, 2014

Mobile malware a real threat in 2014

50m_enSecurity industry experts from around the world must have been looking in the same crystal ball to make their predictions for the new year, because everyone agreed that mobile exploits and malware would drive growth for the industry in 2014. Mobile attacks will include malicious software that steals data from legitimate apps, spyware, ransomware and software installed via NFC.

Ondrej Vlček, AVAST’s Chief Technology Officer, agrees with the others, and has evidence to back it up, “We see nearly 2,000 new malware samples on Android every day, and this is up from maybe 50 a year ago. It’s quite likely that the trend will continue.” He explained in an article in SC Magazine that Android has reached a critical mass in terms of penetration and market share, therefore it’s an attractive target for cybercrooks.

This news has not escaped security journalists, and many are recommending security apps to protect Android devices. TechAdvisor, powered by PC Advisor, the UK’s number one technology magazine website, recently recommended avast! Mobile Security as one of it’s Best Android antivirus: 6 best cheap and free Android security apps.

avast! Mobile Security is a comprehensive suite of security and backup tools, with a particularly strong set of anti-theft features that could well catch a thief in the act.

Digital Trends looked at three of the top Android security apps. Avast! Mobile Security was their top choice.

If you’re looking for a security solution for your Android smartphone, and your primary concern is malware and safe browsing, then this could be the right app for you.

AV-Test certification Nov2013

Avast! is a trusted choice – over 50 million devices are protected.

The November 2013 mobile security evaluation conducted by AV-TEST, certifies that avast! Mobile Security provides 100% protection against malicious apps with zero impact on your device’s performance. That means no impact on your battery life, the app doesn’t slow down your device, and it generates negligible traffic.

Read more…

Comments off
December 23rd, 2013

AVAST scans what bugged us this year and will continue to buzz alarm in 2014

by Caroline James, AVAST Software’s U.S. PR manager

The top three security trends of 2013 will only strengthen in 2014. Hackers abusing new payment options, browser toolbars spreading extensively, and new privacy issues have defined this year’s trends of security threats and nuisances.

malware02

Online fraud goes viral on mobile

2013 has been the year of new payment methods, including SMS, WAP and NFC payment – and with these new options, hackers have increased their efforts to develop new ways to steal users’ money.

AVAST detected an average of 1,839 new mobile malware samples a day, about 60 to 70% of which were designed to send and charge mobile users for premium SMS.

AVAST this year has also seen more targeted attacks where the goal is to steal users‘ financial transaction data and ultimately their money. This for example includes hacking specific banks by manipulating their Internet banking interfaces to steal the customer’s personal data.

toolbars02

Unwanted toolbars cling like ivy to browsers

Another trend that snuck up on users in 2013 and strikes instant recognition among people who have experienced it, are browser extensions. The numbers AVAST has collected so far are enormous. The antivirus software company has identified more than 6.1 million different browser extensions for Internet Explorer, Firefox, and Chrome in just eight months.

Unwanted toolbars are a pain everyone can relate to and we would argue they are the first major consumer security outbreak since spyware.

Our experts at AVAST say that we are in the era of new ‘spyware’, but this time it’s even more insidious especially since many players in the security space are actually in the game themselves by pushing the toolbars onto customers.

NSA has people spooked about privacy – who is watching you?

Read more…

Categories: General Tags: , , , , ,
December 13th, 2013

How do I know which antivirus is the best?

howto2_enQuestion of the week: How do I know which antivirus is the best for my computer? I mostly use it for staying in touch with my friends, doing schoolwork and watching videos. Is your free product good enough to protect me?

We receive questions like yours on our Facebook page frequently. We understand how difficult choosing which security product is right for you when the technology is unfamiliar and the marketing messages are similar.

That’s where independent testing labs like AV-Comparatives can help. A few times a year, these experts set up a “real-world’ test in their lab where they test dozens of antivirus products on identical computers.

AV-C_adv+_dec2013avast! Free Antivirus was the only free product to receive AV-Comparatives highest award in the ADVANCED Plus category because of exemplary results in protecting against malicious samples with a small incidence of false positives (wrongly blocking domains or files). The other Advanced Plus recipients were paid-for products (that shows how good avast! Free Antivirus is! ;-)).

For this “real-world” test, AV-Comparatives, together with the University of Innsbruck’s Computer Science department, set up identical Dell computers with Windows 7, Office, Adobe Reader, Flash, Java, QuickTime, Firefox, and a constant  internet connection – basically, like most of us have at home. Twenty-two products, of which only two were free, including avast! Free Antivirus, were tested. As you can see from the award, avast! Free Antivirus held it’s own, so yes, this product is more than good enough to protect your computer.

Notable among the test results is Microsoft Security Essentials, which placed last. AV-Comparatives only used it as a basis of comparison, because Microsoft withdrew it from testing this year.  This product provides only basic malware protection and has been the source of much conversation since earlier this year when Microsoft advised Windows users to use a third-party antivirus instead of counting on MSE. Since then they have changed their statement. Nevertheless, MSE’s scores in malware detection have continued to slide.

We hope you choose avast!, the most trusted antivirus in the world

No matter which antivirus product you decide to go with, make sure you keep it up-to-date, as well as keeping the software and apps on your machines updated. We hope you will choose avast! Free Antivirus or one of our premium products. You can see a comparison of all the choices on our website. If you want to see how avast! stacks up against others, then check out the avast! comparison tool on our Facebook page.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
December 12th, 2013

Christmas time! Do you want a malware present?

DHLspoofChristmas time is essentially connected with buying presents. There’s a lot of stuff to be done and a lot of opportunities to buy a present in an e-shop to save time. Who doesn’t know someone who buys a Christmas gift online?

The malware authors know and are very keen to take advantage of it. We see scam emails containing order or delivery details every day and they have a lot of common. In fact, it’s nothing new. Such methods are used constantly during the year, it’s nothing special connected to Christmas. However, Christmas is the reason why many people might be fooled. Let’s look at them in detail.

Imagine you are customer waiting for a present to be delivered. You get anxious and check your email waiting for order details. You are probably the most vulnerable at this time. Then you get an email from DHL, the well-known parcel delivery service, with a notice saying that the shipping details are in an attachment. In that moment of relief, you click on the email attachment. It turns out to be a zip file containing a file named DHL-parcel.exe. The strange thing is the file extension looks like regular PDF file because it has the same icon. In fact, it is malware.

Read more…

Comments off
November 19th, 2013

Can avast! protect me against CryptoLocker?

howto2_enQuestion of the week: I have read frightening stories about CryptoLocker locking computers. I don’t have $200 to pay blackmailers for my own files. How do I protect myself from getting attacked? Does avast! protect from CryptoLocker?

 

“Avast! Antivirus detects all known variants of CryptoLocker thanks to our automated processing and CommunityIQ,” said Pavel Sramek, researcher and analyst for the avast! Virus Lab. “There are less than a dozen; this doesn’t seem to be a case of rapidly mutating malware.”

CryptoLocker EN

 

 

 

 

 

 

 

 

 

 

What is CryptoLocker?

CryptoLocker is malware known as “ransomware” that encrypts files on a victim’s Windows-based PC. This includes pictures, movie and music files, documents, and certain files on local or networked storage media. A ransom, paid via Bitcoin or MoneyPak, is demanded as payment to receive a key that unlocks  the encrypted files. The victim has 72 hours to pay about $200; after that the ransom rises to over $2,200.

How to get CryptoLocker?

The CryptoLocker virus is often attached as an executable file disguised as a PDF attachment to an official-looking “spoofed” email message which claims to come from banks, UPS or FedEx claiming to be a tracking notification. When someone opens the email, they are asked to download a Zip file that contains an executable file (.exe) that unleashes the virus.  There is also evidence that CryptoLocker started with infections from the ZeuS or Zbot banking Trojan and is being circulated via botnets to download and install CryptoLocker.

How to protect your computer from CryptoLocker?

AVAST users should be safe from infection during the short period when the malware is new and “undetected” as long as AutoSandbox and DeepScreen are active. “The infection is prevented by means of a dynamic detection,” said Sramek.

“We also automatically add detections for each new sample that passes our backend filters,” said Jiri Sejtko, Sramek’s colleague in the avast! Virus Lab.

“Against future threats like this, having a backup is always a good idea – who knows when CryptoLocker v2.0 will be released, and every antivirus solution is reactive by nature,” said Sramek. “The encryption used is virtually unbreakable, there is zero chance of recovering files after infection.”

Avast! BackUp is an online backup and recovery service that allows you to select sets of data or individual files you want to back up. Try avast! BackUp free for 30 days; after that you can choose a subscription based on your storage needs.

Read the warning issued to American computer users from US-CERT, and the warning to British users from NCA’s National Cyber Crime Unit.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.