Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘security’
July 14th, 2014

Common passwords inspire uncommon dress

password dress

Lorrie Cranor models her famous Password dress in front of the “Security Blanket” quilt.

Weak passwords make for creative design.

If you use 123456 or password as your password, you may as well wear it for all to see. It’s THAT easy to crack.

To illustrate this point, Lorrie Cranor, quilt artist, and oh yeah,  director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University, designed fabric based on the extensive research she and her students conducted on the weaknesses of text-based passwords. The quilt she made is aptly named “The Security Blanket,” and is designed from a word cloud of the 1,000 most commonly found passwords from the 2010 RockYou.com hack. Professor Cranor made a Password dress to go with the password quilt. The fabric is available for purchase from Spoonflower.

Iloveyou, you little monkey

The most popular password, 123456, forms a backdrop across the whole quilt. But what intrigued Cranor was not the “the obvious lazy choices,” but what else people choose as passwords. She went through the list and organized the passwords into themes. Many passwords fell into multiple themes, so she tried to think like a RockYou user and extract some meaning from their choices.

Love is a strong theme, and the research found that love-themed words make up the majority of non-numeric passwords. Iloveyou in English and other languages is common. The names of pets are common, and Princess showed up in the top 1,000 and simultaneously on lists of popular pet names. Chocolate is the most frequent of the food-related passwords, with chicken and banana(s) coming up often.

Chicken was a surprise to me, as was monkey, the 14th most popular password. Could RockYou users have an affinity for monkeys because of a game, or do they just like monkeys? Is it related to bananas? Do gamers eat more bananas?

Some things we’ll just have to speculate about…

Swear words, insults, and adult language showed up in the top 1000 passwords, “but impolite passwords are much less prevalent than the more tender love-related words,” wrote Cranor in her blog.

Numbers are even better. Three times as many people chose 123456 over password, and 12345 and 123456789 were also more popular choices. It seems that when required to use a number in a password, people overwhelmingly pick the same number, or always use the number in the same location in their passwords.

Top 10 worst passwords

Security developer SplashData published the Worst Passwords of 2013. Check the list to see if you use any of these:

Rank Password Change from 2012
1 123456 Up 1
2 password Down 1
3 12345678 Unchanged
4 qwerty Up 1
5 abc123 Down 1
6 123456789 New
7 111111 Up 2
8 1234567 Up 5
9 iloveyou Up 2
10 adobe123 New

Tips and tricks

1. Use a random collection of letters (uppercase and lowercase), numbers and symbols

2. Make it 8 characters or longer

3. Create a unique password for every account

Read more from the AVAST blog

Do you hate updating your passwords whenever there’s a new hack?

Are hackers’ passwords stronger than regular passwords?

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

July 11th, 2014

Six ways to secure your smartphone

AR AMSpost-enI bet you would be lost without your smartphone. It’s your lifeline to contacts, emails, and personal information, not to mention all those apps that you use for fun, entertainment, and business. You probably have bought something using your phone, so your credit card information is there, as well as your account log ins. In other words, it would be disastrous to lose it to a thief or be infected with a data-stealing app.

Keep reading for some solid tips that will help you secure your Android smartphones and tablets.

1. Install security software

Protect your smartphone or tablet from malicious attacks. Malware targeted at Android devices is increasing daily, and we project that it will be at PC levels in the next 4 years. Avast! Mobile Security stops malware, plus it help you locate your device if it is lost or stolen with avast! Anti-theft.   Install avast! Mobile Security and Anti-theft from the Google Play store, https://play.google.com/store/apps/details?id=com.avast.android.mobilesecurity

2. Use trusted stores to install apps

The major app stores like Google Play and Amazon are the safest places to go for apps. These have strict vetting procedures, so they are reliable sources most of the time. The ones you need to watch out for are the unregulated third party app stores, often originating from Asia or the Middle East.

For an extra safeguard on your Android device, disable the installation of apps from unknown sources by going to Settings>Security and unchecking the “Unknown Sources” option. Also check the “Verify Apps” option to block or warn you before installing apps that may cause harm.

3. Use a PIN or password and lock your apps

Your Android phone has its own security settings, so we recommend that you set a PIN number with a strong number code to lock the screen. To set your PIN or a pattern, go to Settings>Lock screen.

Read more…

June 25th, 2014

FNATIC talks to Avast about DDoS attacks targeting E-Sports

At the beginning of 2014, gaming platforms such as League of Legends and other video-game servers were brought down by distributed denial-of-service (DDoS) attacks. These attacks cost professional gamers thousands in advertising revenue. FNATIC Senior Features writer, Davor ‘Dendra’ Miljkovic, spoke to Jiri Sejtko, the Director of the AVAST Virus Lab, about how to handle DDoS attacks. Here is a reprint of the original article that appeared on the FNATIC website.

 avast! protects over 219 million active devices on all inhabited planets

avast! protects over 219 million active devices on all inhabited planets

The threat is real

The internet realm is becoming increasingly troublesome, as the encyclopedia of viruses, worms, trojans and other malicious creations only keeps growing. However, when it comes to gamers it seems that one particular annoyance tops that list nowadays – Distributed Denial-of-Service (DDoS) attacks. Whether it’s a TS server lagging for no apparent reason or an entire gaming server overloading, chances are you’ve experienced a DDoS attack before.

Dating back to 2000, DDoS attacks have been used to make a machine or network resource unavailable to its intended users and there are several methods to accomplish this. One of the more popular methods is to flood a targeted system with incoming traffic to the point it cannot respond to legitimate traffic or only respond very slowly. This very method is the premium choice among disgruntled gamers who aim to sabotage a server or one particular system of another gamer they dislike for whatever reason.

So what can you do if you find yourself targeted by one such disgruntled gamer?

What can be done?

To see what can be done to help you deal with a DDoS attack or a potential one, we spoke to Jiri Sejtko, the Director of Viruslab Operations at Avast Software:

Q: What kind of security measures are available to protect yourself from a DDoS attack?

A: Basically, there is no protection if an attack is well done, however you can always do some steps to defend your system once the attack has happened.When you know how the attack is done, it’s possible to tweak (setup) your system and to try to find out where the attack came from.

Q: Can you elaborate on these steps?

A: One of the steps would be to configure your router to filter IPs or even protocols used in the attack – this step will help if the attacker didn’t use the whole bandwith of the given Internet connection. Best ask your Internet Service Provider to do this for you.

Q: So which ISPs would you recommend?

Read this answer and the entire article on the FNATIC website.

 

avast! Internet Security is the official antivirus software of the FNATIC team

avast! Internet Security is the official antivirus software of the FNATIC team

 

avast! Internet Security is the official antivirus software of the FNATIC team. avast! offers a massive 40% discount to FNATIC fans! Purchase your discounted avast! Internet Security from the dedicated FNATIC page at avast.com.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

June 5th, 2014

SimplLocker does what its name suggests: Simply locks your phone!

A new Android mobile Trojan called SimplLocker has emerged from a rather shady Russian forum, encrypting files for ransom. AVAST detects the Trojan as Android:Simplocker, avast! Mobile Security and avast! Mobile Premium users can breathe a sigh of relief; we protect from it!

malware, mobile malware, Trojan, SimplockerThe Trojan was discovered on an underground Russian forum by security researchers at ESET. The Trojan is disguised as an app suitable for adults only. Once downloaded, the Trojan scans the device’s SD card for images, documents and videos, encrypting them using Advanced Encryption Standard (AES). The Trojan then displays a message in Russian, warning the victim that their phone has been locked, and accusing the victim of having viewed and downloaded child pornography. The Trojan demands a $21 ransom be paid in Ukrainian currency within 24 hours, claiming it will delete all the files it has encrypted if it does not receive the ransom. Nikolaos Chrysaidos, Android Malware Analyst at AVAST, found that the malware will not delete any of the encrypted files, because it doesn’t have the functionality to do so. Targets cannot escape the message unless they deposit the ransom at a payment kiosk using MoneXy. If the ransom is paid the malware waits for a command from its command and control server (C&C) to decrypt the files.

What can we learn from this?

Although this Trojan only targets a specific region and is not available on the Google Play Store, it should not be taken lightly. This is just the beginning of mobile malware, and is thought to be a proof-of-concept. Mobile ransomware especially is predicted to become more and more popular. Once malware writers have more practice, see that they can get easy money from methods like this, they will become very greedy and sneaky.

We can only speculate about methods they will come up with to eventually get their malicious apps onto official markets, such as Google Play, or even take more advantage of alternative outlets such as mobile browsers and email attachments. It is therefore imperative that people download antivirus protection for their smartphones and tablets. Mobile devices contain massive amounts of valuable data and are therefore a major target. 

Ransomware can be an effective method for criminals to exploit vulnerable mobile users, many of which don’t back up their data. Just as in ransomware targeting PCs, this makes the threat of losing sentimental data, such as photos of family and friends or official documents, immense.

Don’t give cybercriminals a chance. Protect yourself by downloading avast! Mobile Security for FREE.

May 26th, 2014

AVAST forum offline due to attack

The AVAST forum is currently offline and will remain so for a brief period. It was hacked over this past weekend and user nicknames, user names, email addresses and hashed (one-way encrypted) passwords were compromised. Even though the passwords were hashed, it could be possible for a sophisticated thief to derive many of the passwords. If you use the same password and user names to log into any other sites, please change those passwords immediately. Once our forum is back online, all users will be required to set new passwords as the compromised passwords will no longer work.

This issue only affects our community-support forum. Less than 0.2% of our 200 million users were affected. No payment, license, or financial systems or other data was compromised.

We are now rebuilding the forum and moving it to a different software platform. When it returns, it will be faster and more secure. This forum for many years has been hosted on a third-party software platform and how the attacker breached the forum is not yet known. However, we do believe that the attack just occurred and we detected it essentially immediately.

We realize that it is serious to have these usernames stolen and regret the concern and inconvenience it causes you. However, this is an isolated third-party system and your sensitive data remains secure.

Sincerely,

Vince Steckler

CEO AVAST Software

May 26th, 2014

Your child on Facebook: learn about the privacy settings

Security matters to everyone, however security of our children is our top priority. We make sure that they are safe at school, home, and on the streets. Equally we need to provide them with a safe experience in the cyberworld. Recently, we published a blog about general online security of the children, which suggested that you take time and help your child with privacy settings on Facebook. Don’t worry, if you have no clue where to start, we will guide you through the labyrinth of sophisticated security and privacy settings settings. Follow our tips to secure yourself and your child on the most popular social network.

Privacy settings

Like other Internet giants, Facebook has been especially vulnerable to criticisms about privacy. In particular, critics have complained that even if you deactivate your account, the information can still remain on the network and be subject to web searches.~ comments Mashable in the article on recent Facebook privacy update

Following users’ complaints regarding privacy issues, Facebook decided to change the default settings of your status updates to be the visible for Friends only instead of Public. This however applies to Facebook newbies only! So if you and your children are already users, you still have a job to do! :)
Security shortcut

Facebook regularly updates its settings and as a result your profile settings can be restored to the default. In terms of  privacy it means: Everything is PUBLIC. Therefore it’s extremely important to review your profile regularly . You will not be able to influence everything, however there are an advanced number of settings that can be fully controlled by you. The three basic areas that you should focus on are:

  1. 1. Who can see your posts and images?
  2. 2. Who can contact you?
  3. 3. How you can help your child block harassing Facebook friends.

You will find this setting in the right top corner on the blue bar, in the Privacy Shortcuts section. Click on the See More Settings to open the window below and follow our suggestions.

Advacne privacz settings Read more…

May 21st, 2014

Heartbleed: Almost Everyone Plans to Protect Themselves, but Less than Half of People Actually Have

Have you heard about Heartbleed? Yes? Then you belong to a minority. Following the Heartbleed threat, the bug that took advantage of a vulnerability in OpenSSL, AVAST conducted an online survey with 268,000 respondents worldwide and found that three out of four people were not aware of the the Heartbleed threat, which affected millions of sites and mobile apps.

AVAST then explained Heartbleed to these respondents. When asked if they would change their passwords after checking which sites were affected, nine out of ten said they would take action. This high number is interesting from a psychological standpoint as it shows how people think when initially confronted with a threat. People immediately plan on taking the appropriate measures to protect themselves against future threats, but how many actually follow through with their plans? In reality, less than half of people follow through with their security plans: Only 40% of the respondents who were aware of Heartbleed said they had actually changed their passwords. This number closely matches Pew’s Heartbleed report which found that 39% of Internet users have changed their passwords or canceled accounts.

Heartbleed, free antivirus, password, security

“This kind of thing never affects me”

Many respondents, both those aware and unaware of the threat, said they don’t want to change their passwords because they don’t believe their accounts have been compromised. This makes one wonder if the 41% of respondents who were aware of the threat, but don’t believe they have been affected, either think the media has exaggerated the issue – or if they have a “this kind of thing never affects me” attitude. One in ten respondents believes that the next security breach will happen soon and they therefore don’t see the point in changing their passwords. This laissez-faire attitude could be caused by the fact that many have not seen concrete repercussions of the threat or have not yet been directly notified of the threat by the platforms they use. One of the most concerning facts revealed by the survey is that many people lack the know-how to protect themselves. One in ten respondents hasn’t changed their passwords because they don’t know how to change them. 

Furthermore, almost half of both respondents, aware and unaware of the threat, said they would change their passwords once the affected platforms have implemented patches and informed them of the changes.

Passwords are like keys that protect our sensitive data online, just as locks protect the precious objects in our homes. It is recommendable to stay away from affected sites that have not yet issued patches. Once sites have implemented the necessary fixes, passwords should be changed and strengthened with the same manner of urgency as you would change the locks on your home if you were to lose your keys or if your key were to get stolen.

Use a password manager to protect all of your accounts with ironclad passwords 

Changing and memorizing new passwords over and over again isn’t easy, especially since passwords should consist of at least eight characters – or according to latest recommendations even sixteen or more. They should include a mix of letters, numbers and symbols.

A password manager like our avast! EasyPass helps encrypt and protect personal information online. avast! EasyPass creates strong, random passwords of up to 512 characters and secures your information via military-grade encryption, making password management simple and secure. avast! EasyPass is currently available at a discounted price of  $9.99 a year.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

May 5th, 2014

The 10 Commandments of Mobile Privacy

From governments to thieves to your wife – it seems that everyone has access to your private data.

avast! Mobile Security anti-theft helps track your lost phone

If you have a smartphone or tablet, people around you can discover your most deeply held secrets. You put all your private data and personal information there and… it’s at risk. The possibility of losing your phone or getting robbed is a major concern.

Is there anything that we can do to protect our private data? Some skeptics say no. I’m an optimist; I think there is always a way. Working for a security company makes us think that there is always a way to protect ourselves, to avoid danger, and to care about other users.

Lock your apps for privacy with avast! Mobile SecurityI’ve being collecting info for what I call the 10 Commandments for mobile privacy. Here are simple steps to help protect your privacy:

  1. 1. Use a PIN, password or pattern in your device. I’m lucky to have a phone where the numbers change their position on the screen and make the lockscreen even more secure. There are some apps that make your password “random” (obeying rules you’ve previously set).
  2. 2. Lock your most private apps. Lock your log in data but also your own messages, emails, personal notes, contacts, everything is in your pocket. offers the feature to secure even more sensitive parts of your device with the avast! Mobile Security App Locker that automatically asks for a PIN when you start the app.
  3. 3. Do not save banking or credit card credentials in your phone or, at least, not in the mobile browsers. Some banks, at least here in Brazil, have their own mobile app that never saves the passwords or PINs. Now, for Android, there are free password managers that adds a new security layer while browsing.
  4. 4. Do not be a happy clicker. People who expose themselves to scams or spam links, who download each single app they see from any kind of source put themselves at risk. OK, you’ll say this is not you. But, do you think twice on clicking in social media links or shares?
  5. 5. Do not take, send, save or share nude photos. No, this is not a moral commandment. It’s a privacy one. Read more…
Comments off
April 10th, 2014

Behind the CARO conference’s curtains: Meet AVAST speakers!

For seven years, the CARO Workshop has been hosted in Europe. It is an outstanding technical meeting, attended by some of the best malware researchers in the world. In 2014, the CARO workshop comes to America. ~CARO’s conference official website

We are proud and happy to introduce you to our AVAST speakers and Security Experts from the Virus Lab. Peter Kálnai and Filip Chytrý are going to CARO’s (Computer Antivirus Research Organization) workshop to“Declare war against Android Malware.” We sat together and talked about their presentation, mobile malware, and general trends in the security industry.

Meet our security experts: Peter and Filip.

 

The theme for this year’s CARO conference is Mobile Space: Malware in a mobile world. As security experts, what changes and specific trends in malware development have you observed?

FILIP Well, this may sound cliché,  but the amount of mobile threats are rising and more sophisticated attacks appear every day. A few years ago, we would observe mostly primitive malware with only one or two capabilities such as to send paid SMS or track your movements. Now, however we have malware that can root your phone and became a device administrator, or command and control Apps which take control of your device by attackers. That’s why I believe we can stay tuned for more conferences concentrated on Android malware.  CARO is first, but hopefully not the last, conference focused on Android and mobile threats.

PETER I can’t recollect a different example, but this year’s CARO Workshop seems to be the first IT security conference completely devoted to mobile malware. The topic of our talk reflects trends in the Android threat landscape. Security experts nowadays observe an increased ratio of total malicious Android packages to unique malware families. Two particular cases appear most: The expansion of usage of Android packers and repackaging benign application with malicious code, so called piggybacking. Read more…

April 10th, 2014

Do you hate updating your passwords whenever there’s a new hack?

Advice about changing passwords from AVAST.

Change your passwords as a precaution against the Heartbleed bug.

We reported yesterday about the serious Heartbleed  bug which allows hackers to steal encryption keys from nearly two-thirds of all websites.

“This is probably the worst bug discovered this year. We believed in the security of SSL/TLS, and now discover that it comes with a hole that allows anyone to read our personal information such as passwords, cookies or even server’s private keys,” said Jiri Sejtko, Director of the AVAST Virus Lab. “We, as end users, simply can’t do anything, but make sure we are as secure as possible.”

That means changing your passwords. Again.

If just thinking about changing all your passwords makes you want to jump out the window, then here are a few tricks to help make it a little less painful. At the end of this post, we’ll share a tip on how to make password creation, as well as remembering them all, as easy-as-pie. So go all the way to the end. ;)

Why do cybercrooks want your password?

It takes serious effort to hijack accounts, so there must be some payoff at the end for cybercrooks.  Obviously, it’s not to get your vacation photos. Money is the most common motivation. Your money.

There are many ways of turning stolen data into money, but one of them is worth highlighting. Research shows that 55% of us reuse passwords on different sites. It is likely that you use the same password for Facebook  that you use for your bank account.  This means that cybercrooks can steal your money much easier. Never use the same passwords on different sites, especially for really important services.

Password basics

1. Use a random collection of letters (uppercase and lowercase), numbers and symbols

2. Make it 8 characters or longer

3. Create a unique password for every account

Tricks and tips

Maximum password security requires at least seven characters, a mix of upper and lower case, a few symbols, and a sense of humor.

Create an acronym using a meaningful, easy-to-remember piece of information. Use a sentence like My wedding anniversary is 28 December, 2001. That phrase turns into this password, Mwai28/Dec.01.

Many sites require a special symbol like ` ~ ! @ # $ % ^ & * ( ) _ – + = { } [ ] \ | : ; ” ‘ < > , . ? /. Use some of those to replace letters. Your password can be this, M<>ai28/Dec.0!.

Read more…

Categories: General, How to Tags: , ,