Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘malware’
January 23rd, 2014

WhatsApp bogus email tries to install Zeus Trojan on your computer

whatsapp-logoHave you received an email from WhatsApp? No? That’s because the company usually sends their users messages directly via the app itself, typically notifying them of updates. If you have received an email from WhatsApp recently, we urge you to not open it and to delete it immediately. The email is a hoax that contains malware.

Within the last few days, an email with the subject line “Missed voice message” has spread with the sender name “WhatsApp Messenger.” The message asks recipients to “please download attached file,” a file named “Missed-message.zip.”

Our antivirus lab expert, Peter Kálnai, told us, “It has never been WhatsApp’s strategy to send you missed voice messages in an email and they haven’t started to do so now. Instead of a voice message, it includes a zipped attachment with an executable file under the same name missed-message.exe. This file is able to download any malware attackers want to load onto their victim’s computer, including the Zeus Trojan, also known as one of the most dangerous banking trojans.”

Zeus lies silently on users’ computers until they log on to a banking website. Once on a banking site, Zeus collects the users’ personal data and online banking information. Read more about how avast! Antivirus blocks Zeus Trojans.

The popular mobile messaging service, WhatsApp, recently announced they now have more than 430 million Android and iPhone users. This is a great success for WhatsApp, but at the same time makes it an attractive target for cybercriminals, as the amount of potential victims is huge.

Does avast! Antivirus protect against the WhatsApp malware?

Yes! AVAST detects the executable files spread in the ZIP file in different versions and protects all of its more than 200 million users from this threat. Besides using AVAST, we recommend users use common sense and think twice when they receive an email from an app that usually never chooses to address its users via email. Also, in general, trustworthy companies don’t send attachments unless you have requested specific documents, so do not open any email attachments if you haven’t requested them, and always use caution when downloading files from the Internet.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , ,
Comments off
January 17th, 2014

Has the NSA installed spyware on your new computer before you opened the box?

nsaAn article in German magazine Der Spiegel stated that the NSA is capable of installing backdoors on devices by Juniper Networks (firewall manufacturer), Cisco and Huawei (giant network device manufacturers), and also, Dell. According to the article, a special hacking team intercepted some new computer deliveries to secretly install spyware in these machines. Der Spiegel did not reveal how they got access to this information, although it’s public that they have access to secret information leaked by the former NSA contractor, Edward Snowden.

The magazine has access to secret documents describing a method of direct attack on an end-user device called “interdiction.” If a person was being investigated and bought a new computer, the Tailored Access Operations division (TAO) of the NSA could have access to it. They collect online information using a tool called XKeyscore, like the British journal The Guardian revealed last July. They also are able to redirect the internet traffic to their own servers. Der Spiegel said that this redirection occured with high success (50%) when people were browsing the professional network LinkedIn.

But I’m not interesting enough…

Ok. You’ll say that you’re not included in the “interesting” people to be investigated by the NSA. What you need to know, quickly, is that there are tons of spyware and behavior monitoring tools being distributed all over the world. Our team detected more than 6 million of them disguised as toolbars for browsers. These nasties monitor everything from your browser habits to your personal information.

Similar to NSA, some “security companies” do this dirty job of monitoring. Did you read about avast! BrowserCleaner yet? You can get rid of spyware toolbars using this tool inside avast! Antivirus products, or you can download the standalone version here. Learn more about it in this blog entry. And, of course, do not forget to alert your friends and family.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Categories: General Tags: , , , ,
January 8th, 2014

Mobile malware a real threat in 2014

50m_enSecurity industry experts from around the world must have been looking in the same crystal ball to make their predictions for the new year, because everyone agreed that mobile exploits and malware would drive growth for the industry in 2014. Mobile attacks will include malicious software that steals data from legitimate apps, spyware, ransomware and software installed via NFC.

Ondrej Vlček, AVAST’s Chief Technology Officer, agrees with the others, and has evidence to back it up, “We see nearly 2,000 new malware samples on Android every day, and this is up from maybe 50 a year ago. It’s quite likely that the trend will continue.” He explained in an article in SC Magazine that Android has reached a critical mass in terms of penetration and market share, therefore it’s an attractive target for cybercrooks.

This news has not escaped security journalists, and many are recommending security apps to protect Android devices. TechAdvisor, powered by PC Advisor, the UK’s number one technology magazine website, recently recommended avast! Mobile Security as one of it’s Best Android antivirus: 6 best cheap and free Android security apps.

avast! Mobile Security is a comprehensive suite of security and backup tools, with a particularly strong set of anti-theft features that could well catch a thief in the act.

Digital Trends looked at three of the top Android security apps. Avast! Mobile Security was their top choice.

If you’re looking for a security solution for your Android smartphone, and your primary concern is malware and safe browsing, then this could be the right app for you.

AV-Test certification Nov2013

Avast! is a trusted choice – over 50 million devices are protected.

The November 2013 mobile security evaluation conducted by AV-TEST, certifies that avast! Mobile Security provides 100% protection against malicious apps with zero impact on your device’s performance. That means no impact on your battery life, the app doesn’t slow down your device, and it generates negligible traffic.

Read more…

Comments off
December 23rd, 2013

AVAST scans what bugged us this year and will continue to buzz alarm in 2014

by Caroline James, AVAST Software’s U.S. PR manager

The top three security trends of 2013 will only strengthen in 2014. Hackers abusing new payment options, browser toolbars spreading extensively, and new privacy issues have defined this year’s trends of security threats and nuisances.

malware02

Online fraud goes viral on mobile

2013 has been the year of new payment methods, including SMS, WAP and NFC payment – and with these new options, hackers have increased their efforts to develop new ways to steal users’ money.

AVAST detected an average of 1,839 new mobile malware samples a day, about 60 to 70% of which were designed to send and charge mobile users for premium SMS.

AVAST this year has also seen more targeted attacks where the goal is to steal users‘ financial transaction data and ultimately their money. This for example includes hacking specific banks by manipulating their Internet banking interfaces to steal the customer’s personal data.

toolbars02

Unwanted toolbars cling like ivy to browsers

Another trend that snuck up on users in 2013 and strikes instant recognition among people who have experienced it, are browser extensions. The numbers AVAST has collected so far are enormous. The antivirus software company has identified more than 6.1 million different browser extensions for Internet Explorer, Firefox, and Chrome in just eight months.

Unwanted toolbars are a pain everyone can relate to and we would argue they are the first major consumer security outbreak since spyware.

Our experts at AVAST say that we are in the era of new ‘spyware’, but this time it’s even more insidious especially since many players in the security space are actually in the game themselves by pushing the toolbars onto customers.

NSA has people spooked about privacy – who is watching you?

Read more…

Categories: General Tags: , , , , ,
December 13th, 2013

How do I know which antivirus is the best?

howto2_enQuestion of the week: How do I know which antivirus is the best for my computer? I mostly use it for staying in touch with my friends, doing schoolwork and watching videos. Is your free product good enough to protect me?

We receive questions like yours on our Facebook page frequently. We understand how difficult choosing which security product is right for you when the technology is unfamiliar and the marketing messages are similar.

That’s where independent testing labs like AV-Comparatives can help. A few times a year, these experts set up a “real-world’ test in their lab where they test dozens of antivirus products on identical computers.

AV-C_adv+_dec2013avast! Free Antivirus was the only free product to receive AV-Comparatives highest award in the ADVANCED Plus category because of exemplary results in protecting against malicious samples with a small incidence of false positives (wrongly blocking domains or files). The other Advanced Plus recipients were paid-for products (that shows how good avast! Free Antivirus is! ;-)).

For this “real-world” test, AV-Comparatives, together with the University of Innsbruck’s Computer Science department, set up identical Dell computers with Windows 7, Office, Adobe Reader, Flash, Java, QuickTime, Firefox, and a constant  internet connection – basically, like most of us have at home. Twenty-two products, of which only two were free, including avast! Free Antivirus, were tested. As you can see from the award, avast! Free Antivirus held it’s own, so yes, this product is more than good enough to protect your computer.

Notable among the test results is Microsoft Security Essentials, which placed last. AV-Comparatives only used it as a basis of comparison, because Microsoft withdrew it from testing this year.  This product provides only basic malware protection and has been the source of much conversation since earlier this year when Microsoft advised Windows users to use a third-party antivirus instead of counting on MSE. Since then they have changed their statement. Nevertheless, MSE’s scores in malware detection have continued to slide.

We hope you choose avast!, the most trusted antivirus in the world

No matter which antivirus product you decide to go with, make sure you keep it up-to-date, as well as keeping the software and apps on your machines updated. We hope you will choose avast! Free Antivirus or one of our premium products. You can see a comparison of all the choices on our website. If you want to see how avast! stacks up against others, then check out the avast! comparison tool on our Facebook page.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

Comments off
December 12th, 2013

Christmas time! Do you want a malware present?

DHLspoofChristmas time is essentially connected with buying presents. There’s a lot of stuff to be done and a lot of opportunities to buy a present in an e-shop to save time. Who doesn’t know someone who buys a Christmas gift online?

The malware authors know and are very keen to take advantage of it. We see scam emails containing order or delivery details every day and they have a lot of common. In fact, it’s nothing new. Such methods are used constantly during the year, it’s nothing special connected to Christmas. However, Christmas is the reason why many people might be fooled. Let’s look at them in detail.

Imagine you are customer waiting for a present to be delivered. You get anxious and check your email waiting for order details. You are probably the most vulnerable at this time. Then you get an email from DHL, the well-known parcel delivery service, with a notice saying that the shipping details are in an attachment. In that moment of relief, you click on the email attachment. It turns out to be a zip file containing a file named DHL-parcel.exe. The strange thing is the file extension looks like regular PDF file because it has the same icon. In fact, it is malware.

Read more…

Comments off
November 19th, 2013

Can avast! protect me against CryptoLocker?

howto2_enQuestion of the week: I have read frightening stories about CryptoLocker locking computers. I don’t have $200 to pay blackmailers for my own files. How do I protect myself from getting attacked? Does avast! protect from CryptoLocker?

 

“Avast! Antivirus detects all known variants of CryptoLocker thanks to our automated processing and CommunityIQ,” said Pavel Sramek, researcher and analyst for the avast! Virus Lab. “There are less than a dozen; this doesn’t seem to be a case of rapidly mutating malware.”

CryptoLocker EN

 

 

 

 

 

 

 

 

 

 

What is CryptoLocker?

CryptoLocker is malware known as “ransomware” that encrypts files on a victim’s Windows-based PC. This includes pictures, movie and music files, documents, and certain files on local or networked storage media. A ransom, paid via Bitcoin or MoneyPak, is demanded as payment to receive a key that unlocks  the encrypted files. The victim has 72 hours to pay about $200; after that the ransom rises to over $2,200.

How to get CryptoLocker?

The CryptoLocker virus is often attached as an executable file disguised as a PDF attachment to an official-looking “spoofed” email message which claims to come from banks, UPS or FedEx claiming to be a tracking notification. When someone opens the email, they are asked to download a Zip file that contains an executable file (.exe) that unleashes the virus.  There is also evidence that CryptoLocker started with infections from the ZeuS or Zbot banking Trojan and is being circulated via botnets to download and install CryptoLocker.

How to protect your computer from CryptoLocker?

AVAST users should be safe from infection during the short period when the malware is new and “undetected” as long as AutoSandbox and DeepScreen are active. “The infection is prevented by means of a dynamic detection,” said Sramek.

“We also automatically add detections for each new sample that passes our backend filters,” said Jiri Sejtko, Sramek’s colleague in the avast! Virus Lab.

“Against future threats like this, having a backup is always a good idea – who knows when CryptoLocker v2.0 will be released, and every antivirus solution is reactive by nature,” said Sramek. “The encryption used is virtually unbreakable, there is zero chance of recovering files after infection.”

Avast! BackUp is an online backup and recovery service that allows you to select sets of data or individual files you want to back up. Try avast! BackUp free for 30 days; after that you can choose a subscription based on your storage needs.

Read the warning issued to American computer users from US-CERT, and the warning to British users from NCA’s National Cyber Crime Unit.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

November 14th, 2013

Malvertising and OpenX servers

Monster-iconMalvertising is an abbreviation of malicious advertising and means that legitimate sites spread malware from their infected advertisement systems. There were many malvertising campaigns in last few years, some of them confirmed even on big sites like The New York Times, but most of them go unnoticed because they are well hidden and served only to selected users. Earlier this year, one of our top analysts found a stealth infection on a Czech entertainment site and began to watch it. We were able to obtain source code from infected sites, and I would like to show you how easily hacking is done and what can be done to secure your server.

In this case all infected servers contained OpenX (open source solution for advertisement) which has a rich history of vulnerabilities. Look, for example, at last three versions.

  • In version 2.8.9 and previous versions there was a SQL injection
  • Version 2.8.10 contained a hidden backdoor that allowed remote PHP execution
  • The latest version 2.8.11 offers more security, but there are known vulnerabilities

In summer 2013, OpenX was re-branded as Revive Adserver and several security flaws were patched. I strongly recommend you update to the latest version (currently 3.0.0) to secure your advertisement solution from being misused by hackers.

How do they get in?

An analysis of infected web pages revealed that the attacker used SQL injection to obtain administrator log ins and passwords from the database. Then he used credentials to log in and exploited another flaw to upload a backdoor with executable extension. Actually there were more backdoors and PHP scripts hidden in various places suggesting that this server was attacked multiple times.

mv-files

This picture shows all scripts and their dates of creation found on the infected page. The first three files are backdoors and tools for server control. The last two files are different; they serve as an interface to the database.

Files “inj” and “minify” seem to be two versions of the same script, which connects to the database and either removes injected scripts or add new ones. The result of this modification is an iframe appended to advertisement banners. The picture below shows a SQL query used to insert malicious java-script.

mv-sqlThe described infection is really hard to trace, because it’s not present on the server all the time, but only in predefined times and shows only to users coming from specific zone. Read more…

Comments off
October 28th, 2013

Facebook Clickjacking: Will You Like Me?

FB_meme“Who wouldn’t want to have more likes on their Facebook page?” This is the motivation of a very trivial code to get more likes, but while other methods usually comprise of adding better content or advertising, this one is a bit easier, and much dirtier. Why not show the like button directly beneath your mouse cursor as you browse a website, make it invisible, and move it as you move your mouse?

The only thing the victim has to do is click; if they are logged in to Facebook, they will automatically like the Facebook page. And of course, it is not only about the number of likes, but each like means the victim will get all the information about this page on their news feed (until they unlike the page), and all friends will also see that you like it – so why not check it out themselves?

FB_clickjack_Like_ButtonThis method is possible due to Like Button, a social plugin for Facebook, made by Facebook developers. It is used properly on many legitimate sites, but when combined with CSS hiding and JS moving, the victim has no other chance. If you want to know how to minimize the impact of such tactics, or if you are more into technical details, read on.

Read more…

Comments off
October 16th, 2013

Fake email spoofs AVAST

Malware samples received in the avast! Virus Lab Wednesday show that a spoofed email which looks like it has been sent from AVAST is spreading widely. Fortunately, AVAST detects this malware as Win32:Malware[Gen] and has been blocking the virus since 12:45 pm yesterday.

The email’s subject header says, “Your Order details and Additional information,” and the email message contains standard text that is sent when a person purchases a license from AVAST. The message includes an order number that is not authenticated and does not exist in the AVAST database.

The sender’s email address is noreply@avast.com. This is a fake email address and was not created by AVAST. The email contains an attachment titled avast-Antivirus-Order-Details.zip. The attachment is a file that includes two file extensions – *.PDF.EXE – which is malware.

Our worldwide CommunityIQ sensors automatically detected and provided information to the avast! Virus Lab about these suspicious files, and the new threat was detected and neutralized immediately. So far, our virus lab has received 12,500 malware samples.

Avoid this attack by downloading the new avast! Antivirus 2014 for free.