Today we are going to talk to those of you who use Bitcoin digital currency to pay for a variety of goods and services – along with a warning about yet another source of Bitcoin miners – the sharing services. You may think that if you avoid cracks and keygens while browsing the web you will be safe. Well, we would recommend that you reconsider that position. Recently we found that on the uloz.to file sharing service someone uploaded a lot of fake files containing Bitcoin miners!
Bitcoin Mining service
First a little background for the uninitiated: Bitcoins can be obtained by trading real currency, goods, or services with people who have them or alternatively, through mining. The mining process involves running software that performs complex math problems for which you’re rewarded a share of the income. There are a finite amount of Bitcoins to be had, and mining for them can be compared to extracting gold or diamonds from the earth. The more you get, the fewer there are to be had, so it becomes increasingly harder and more expensive. Here’s a descriptive article about mining.
Bitcoin mining services such as bitminter.com use shared computer resources of their users to mine new Bitcoins. In order to participate, the mining users have to create an account and then register their computers (workers) with the service. Then they simply run the Bitcoin miner program provided with their credentials on as many computers as they have. In the end, if they had enough computation power and time they might end up with a few Bitcoins.
It can be expected that some people will not be satisfied just using their own machines so they will try to use the computing power of unsuspecting victims. And that’s exactly what the authors of this malware are doing: They use hardware that does not belong them to generate more money.
It’s not a Bitcoin problem; it’s a people problem
We must stress that there’s nothing wrong with Bitcoin or its mining services. The problem is that some greedy people are misusing them.
Some of them can be seen on the following image. The word “cestina” means that the file should contain Czech localization of the referenced program. All of them contain a hidden feature, and sometimes the name is a complete fabrication. For example, The-Night-of-the-Rabbit-cestina.exe contains a crack for Call of Duty 4. Notice too, that all these files have an elevated popularity; no doubt a result of tampering. Some downloaders already suspect something fishy about these files.
PC Magazine awarded avast! Mobile Security the Editors’ Choice Award for free Android security apps thanks to its “huge array of powerful tools and fine-grained controls.”
A major concern for smartphone owners is the increasing threat of malicious software targeting Android OS. Max Eddy, software analyst for PC Magazine, writes that, “avast! is well-positioned to guard against new threats that use novel attack vectors we’ve yet to imagine.”
Running quietly in the background, with no system slow-down or stuttering, “avast! will also keep an ever-vigilant eye on your device, warning you as soon as it detects something it doesn’t like,” he writes in his June 2013 review.
But these days, it’s more likely that you will fall victim to theft and loss instead of malware. Eddy explains, “In this department, avast! has an impressive slate of features and controls.”
In case your phone walks off somewhere, you can use the my.avast web portal where you can remotely locate, lock, or wipe your device, and set off the alarm. Eddy said, “I was particularly impressed that the alarm was not only loud, at 96 dB, but also highly illustrative. ‘This phone has been lost or stolen,’ said my S III, cycling between that phrase and what sounded like a Star Trek warning klaxon.”
Make sure you install avast! Mobile Security, the Editors’ Choice for free Android security suites, on your smartphone and tablet. It is available for free in the Google Play store.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on Facebook, Twitter, Google+ and Instagram.
Recently we identified a threat which uses Twitter and Facebook to spread. The origin of the infection begins by clicking malicious tweets or Facebook posts.
In the “real world” of monthly bills and rising expenses, a decision about antivirus protection often comes down to the best protection for the money – and that’s where avast! Free Antivirus wins out over the rest.
In the May 2013 Real-World Protection Test by AV-Comparatives, avast! Free Antivirus was up against 19 paid-for internet security suites which could cost the customer up to $60 per year. avast! Free Antivirus passed the tests with honors and was the only free solution to receive the Advanced+ rating!
The test created a real-world scenario using a typical setup that many of us have; Windows 7 and software such as Adobe Flash and Acrobat Reader, Java, etc. To show how well antivirus products protect the user’s computer when surfing the web, the testers pitted AVAST and the others against threats we encounter in everyday life. They used 431 current dangerous exploits, URLs with known malware, and even a few malicious files from email attachments. avast! Free Antivirus blocked 99.3% of the threats.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on Facebook, Twitter, Google+, and now, Instagram.
This is a loose sequel to the Cutwail botnet analysis blogpost published on the malwaremustdie.blogspot.com. In this blogpost I will primarily focus on the downloaded PE executable itself (SHA256: 5F8FCC9C56BF959041B28E97BFB5DB9659B20A6E6076CFBA8CB2D591184C9164) and the network traffic that it generates. I will also reveal a hidden C&C server.
But first let’s quickly go through the things it does at the beginning:
- It registers an exception handler that will only start the process again using CreateProcess().
- It performs a check whether it has admin privileges.
- It checks or creates a mutex named “xoxkycomvoly” (hardcoded identifier used on multiple occasions).
- It checks or creates couple of registry entries under HKCU\Software\Microsoft\Windows\CurrentVersion.
- It checks if the process image filename is “xoxkycomvoly.exe” (it restarts for the first time).
- It nests into the system by creating autorun entry in registry under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
- It copies itself to the user’s profile directory named as “xoxkycomvoly.exe”.
Then on the first time an exception occurs and the sample is restarted from the user’s profile location named as “xoxkycomvoly.exe”.
After these initial steps, the sample starts communicating heavily over the network.
The title of this blog post may make you think that we will discuss the security of your Facebook account. Not this time. However, I will analyze an attack which starts with a suspicious email sent to the victim’s email account.
The incoming email has the following subject, ‘Hey <name> your Facebook account has been closed!‘ or ‘Hi <name> your Facebook account is blocked!‘. The email has a ZIP file attachment with name <name>.zip, which contains a downloader file named <name>.exe. <name> stands for a random user name. After a user downloads and executes the executable file, he is presented with the message saying that “Your Facebook connection is now secured! Thank you for your support!” It tries to convince you that there was a problem with your Facebook account, which was later successfully solved by executing the application from the email attachment.
Let’s look inside the executable file!
If you had the privilege to meet Android:Obad, which Kaspersky earlier reported to be the “most sophisticated android malware,” you are in a real bad situation and this will probably be the moment to which you’ll be referring to in the future as “The time I learned the hard way what better-safe-than-sorry means.” A few days ago we identified a new variant of that threat. There is a chance you bumped into this bad guy before we started detecting it, because if our generic detections don’t catch the malware there is always a short delay before it gets to us. In most cases, it isn’t a problem to get rid of a malicious app – you just uninstall it after you find it. This time, that won’t work.
The problem we are facing here is called “Device administrator.” After you launch an app infected with Android:Obad, you will be asked to make the app the current device administrator, which will be only a few buttons away so it isn’t hard to do. After you do so, there is no way back because this piece of malware uses a previously unknown vulnerability which allows it to get deeper into the system and hide itself from the device administrator list – the only place you can manage device administrators. You won’t be also able to uninstall the app via Settings, because all the buttons will be grayed out and will not function.
Lucky for you, avast! Mobile Security will save you from doing a factory reset and losing your data, which certainly is one of the solutions. But don’t worry, you are safe with us. Read more…
by Thomas Salomon, head of AVAST Software ‘s German Software Development team
In a previous blog post we wrote about the statistics from avast! Browser Cleanup. These statistics have become even worse:
- More than 1,000,000 (one million!) browser add-ons are available for the three main browsers
- More than 82% of all add-ons have a bad or very bad rating from our user community
- Two thirds of all add-ons in our database are from only three companies
- We see around 30,000 new add-ons per day of which 90% have a bad or very bad rating
As we can easily see the numbers are still rising. It’s now time to share some more details about the bad add-ons we’ve noticed so far. Read more…
More than 58 million American adults had at least one malware infection that affected their home PC’s performance last year. The cost of repairing the damage from those infections was nearly $4 billion. These findings are from the latest Consumer Reports’ Annual State of the Net Report published in the June issue of their respected magazine. The magazine is trusted by millions of US consumers to give honest appraisals of products.
“Our Annual State of the Net Report revealed that home computers are no safer than they were last year. Effective security software, like the ones we recommend in our latest Ratings, is essential to protect against online threats,” said Jeff Fox , Technology Editor, Consumer Reports.
Consumer Reports’ latest Ratings of Security Software revealed that some free products are sufficient for most users, offering very good protection from online threats. The full report is in the June 2013 issue of Consumer Reports and online at ConsumerReports.org. This press release gives you the highlights.
Question of the week: I have avast! Free Antivirus on my computer and I love it, but isn’t antivirus for a smartphone overkill? I mean, there are not so many threats to a phone, are there?
This is a question being asked by lots of security firms lately, and the answer is a resounding, YES. As smartphones and tablets become increasingly popular, so do threats that target mobile devices exclusively. Two particular studies published lately have pointed to an increase in mobile malware over the past year.
Android is in the bull’s eye