Last month we wrote about a flaw in Microsoft’s Internet Explorer that could allow cybercrooks to take control of a Windows-based computer if the user browses to a malicious website. The website making news for that attack was the US-based think tank, the Council on Foreign Relations (CFR). Avast Virus Lab has since discovered that two Chinese human rights sites, a Hong Kong newspaper site, a Russian science site, and weirdly, a Baptist website (see the recent tweet) are also infected with the Flash exploit of IE8.
You can imagine the interesting audience that frequents sites such as these. The CFR, for example, attracts high ranking government officials including former presidents and secretaries of state, ambassadors, journalists, and leaders of industry. These sites were chosen on purpose; instead of targeting the general masses, like in a phishing attack, the perpetrators of a so-called “watering hole attack” target specific topics like defense or energy and lie in wait for persons of interest to visit, similar to a predator at a watering hole waiting for its victims to come to it. Read more…
A flaw in Microsoft’s Internet Explorer (IE) 6, 7 and 8 could allow hackers to take control of a Windows-based computer if the user browses to a malicious website. Security Advisory 2794220 was issued over the weekend and soon after a team blog reported that, “We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.”
Microsoft has made a temporary fix available for the zero-day vulnerability until it can deliver a formal patch.
Be particularly careful if you are using versions 6, 7 or 8 of the IE browser. Versions 9 and 10 are not affected by the vulnerability. Check which version of IE you’re running by opening IE, click the Help question mark icon on the right and choose About Internet Explorer. To upgrade an older version of IE, go to Start > Control Panel > Windows Update.
We recommend switching browsers for a more secure one like Google Chrome. In addition to being more secure than IE 8, it is also faster and supports HTML 5, giving you a better browsing experience. Download free Google Chrome here.
Congratulations on your wonderful gift, and Merry Christmas! You are wise to think about security for your tablet, because cybercrooks are producing malware for these devices in increasing numbers.
avast! Mobile Security prevents malware and viruses on Android devices at no cost to you. You get Anti-theft protection, remote control and remote memory wipe, plus privacy reports, anti-spyware, network management, Web protection and a firewall. avast! Free Mobile Security is available for download either via Google Play (Android Market) or our website.
Once you have downloaded, do not forget to set your PIN Recovery in the ‘Settings’ section. The PIN Recovery feature is the way to get access to your device in case you lose or forget your avast! PIN. You have to set it in Settings or on the avast! Portal. You can use the avast! Portal for controlling your device remotely in case it is stolen. For this operation your device must be paired with your avast! account – if you do not have one, please sign in on dedicated pages.
Have fun with your new Galaxy tablet, and please share avast! Antivirus with your friends. Happy New Year!
The latest version of Android 4.2, code-named “Jelly Bean” has been released some time ago. While being just an incremental update to the major 4.0 release “Ice Cream Sandwich”, Google introduced some major new features within that update. While offering multi-user support and improved notifications, a new feature which is being promoted heavily, is the built-in app scanner which should protect Android devices from being infected by malware.
The client side app scanner of Android 4.2 is the next step in Google’s attempts to protect their Android ecosystem from malware threats, after introducing Bouncer, a server-side malware scanner used by Google to analyze apps that are being uploaded to Google Play Store. Bouncer was announced in February 2012 and is Google’s approach to prevent malware from being uploaded to the Google Play store as a first line of defense.
Now, some authors claim that third party mobile security tools are most likely not needed anymore, because Google now already pre-checks all mobile apps. I’ve been closely monitoring all those changes and improvements because I wanted to make my own mind on how successful these attempts by Google would be and to find out how our Android antivirus scanner delivered within our free avast! Mobile Security suite (http://www.avast.com/free-mobile-security) would stack up to what the operating system vendor itself would be able to provide.
Since months before the release of avast! Mobile Security in December 2011, our virus lab was working on setting up the initial state of our Android malware database. The database contains signatures of all the malicious files our virus lab guys find over time and is being extended day-by-day to contain definitions of the newest threats in real-time. Currently, tens of millions of Android devices owned by our users download those definitions every day to their avast! client side scanners. So I just went to our virus lab and asked the guys there to provide me with some statistics on the growth of our Android malware database.
As I already stated, Bouncer was thought to be the first line of defense, and tries to protect the main source of app downloads from malicious offerings. Could it be that as a result of introducing Bouncer, our malware database stopped growing or started to decline in size when Bouncer was introduced? Has Google been successful? See for yourself:
Android Malware Database History (Click to enlarge)
Obviously, since February 2012, our Android malware growth has not started to decline; it has not even stalled its growth, but has been continuously growing since that point in time. Read more…
AVAST Software has teamed up with Facebook to help you and your friends stay safe. AVAST is sharing its Virus Lab data with Facebook in the combined attempt to prevent malware being shared unknowingly by Facebook users. Whenever someone clicks a link within Facebook, Facebook checks the URL in the AVAST cloud, in real time. If the URL is infected, the user sees a message warning of the potential threat.
Nearly half of the world’s Internet users log onto Facebook each month to share interesting things, play games, check in to shops and restaurants, tag photos, and most of all, connect with their friends. Facebook’s networks of more than a billion people make it attractive to cybercrooks who try to gain access to our accounts and passwords. Once in, crooks use our connections to spread hoax messages or malicious apps to our friends, attempting to trick them into sending money or sharing personal information. Who among us hasn’t been curious about celebrity death rumors, tempted by free gift cards, or concerned because our friend was mugged and stranded in a foreign country?
“We’ve seen that the most prominent way of spreading malware now is through links to infected websites, rather than the traditional method of emailing infected files,” said AVAST Software CEO Vince Steckler. “Our Virus Lab has tracked about 2 million infected websites just in the last 12 months and the best way to stop these infections is to prevent links to them being shared.”
Over 160 million people use avast! for their PCs, Macs and Android devices, and they work together in a vast network of anonymous security sensors called CommunityIQ. These sensors provide information about possible suspicious files which allow new threats to be detected and neutralized almost as soon as they appear.
“Nothing is more important to us than the safety of our users and their data. Beginning today, Facebook will be able to leverage Avast’s feed of malicious URLs to augment our existing site integrity systems and those in our community will be able to download Avast’s software to better protect themselves and their devices. We look forward to working with Avast to provide an even more secure experience for those who use our service,” said Joe Sullivan, CSO of Facebook.
As we have recently mentioned on our blog, October is National Cyber Security Awareness Month. And I’m sure we will post more to raise awareness of the risks you personally face, the risks to the institutions you do business with, and to the government itself.
Today, though, I want you to start to broaden your outlook on this issue. While you are getting acquainted with new threats like nation-state funded attacks, cyber-terrorism, and hactivism, I’d also ask you to look at some of the things our legislatures have been proposing in the name of cybersecurity. This includes early efforts to protect critical industry sectors our energy grid or banking systems against cyberattack, and requirements that we move beyond passwords when we access Web sites where we perform transactions or access personal data. As all these initiatives come with costs, none have universal support. But some cybersecurity proposals have generated more controversy than others, including: like the SOPA and PIPA bills that coddled the media industry by conflating digital piracy with cybersecurity and whose proposed remedies would have create a regime of censorship, or the federal development and control of a so-called “Internet Kill Switch“.
There will continue to be a lot going on here legislatively, and anything that changes the government’s role in the Internet will affect you as well. So let’s make also do our job as responsible, informed citizens. Let’s make October National Cybersecurity Policy Awareness Month. Let’s get educated, and involved.
avast! Free Antivirus just earned another VB100 award, this time in the August 2012 Virus Bulletin comparative review for Windows 7 – with a perfect score of 100%.
According to the review, avast! “routinely elicits warm, affectionate smiles from the test team, with this month’s submission promising more of the same.” As well, we were told that “Avast earns another VB100 award fairly easily” in this case.
We offer much thanks to our beta testers, our developers, and our QA team for all their hard work in making software that is easy to stand behind.
A list of other awards and certifications earned by avast! in recent years can be found here: http://www.avast.com/awards-certifications (incomplete list)
When scrubbing toilets and doing other household chores is preferable to thinking of new user names or passwords, then you know it’s a burdensome thing. A new national survey from Janrain, a social software services company, reveals that American adults need to remember five or more unique online passwords. Thirty-eight percent are so frustrated that they think tasks like folding laundry or scrubbing toilets – even solving world peace – might be easier than coming up with another new user name or password combination.
The majority of those surveyed say they try to create strong passwords, using letter and number combinations instead of obvious names or words, like “password,” but the problem is recalling the complicated passwords. Nearly 37 percent have to ask for assistance on their user name or password from at least one website per month.
“With all of the different websites consumers login to on a regular basis – from email and social networks to online banking and e-commerce sites – it’s no wonder people are struggling to remember such a large number of passwords,” Janrain CEO Larry Drebes said. “What’s surprising is that consumers think cleaning their bathroom, or in the extreme cases trying to solve world peace, sounds preferable to adding yet another password to the list.”
If you are experiencing password fatigue, and would like to never worry again about remembering your passwords, then try avast! EasyPass. You get strong, unique passwords for every site you visit – with just one click. The best part is that you access your passwords using one Master Password, so you don’t have to remember lots of passwords or waste time asking websites for help. Download a free trial of avast! EasyPass now.
Thanks for reading the avast! blog. As Jiri Sejtko described in our blog today, serious security flaws in Java version 7 allow hackers to take control of PCs and Macs. The Avast Virus Lab is releasing generic detections and using behavioral and dynamical detection mechanisms to protect our users, however they also recommend that you disable Java in your browsers. The Virus Lab explains the exploit in details on our blog, and here are instructions on how to unplug Java from different browsers.
For Windows: go to Start > Control Panel, click the Uninstall a program link. Find Java on the list of programs. If you have version 7, uninstall it.
For Mozilla Firefox: From the main menu select Tools > Add-ons. In the Add-on management window, choose Plugins. Find any plugins on the list that say Java and click the Disable button. Restart Firefox.
For Google Chrome: Type “chrome://plugins/” (minus the quotes) into the browser address bar. Find any plugins on the list that say Java and click the Disable button.
For Internet Explorer: I have been told that disabling Java in IE is complicated. The U.S. Computer Emergency Response Team (USCERT) has some steps here. This may be a good time to switch to a different browser.
For Safari: Click Preferences > Security tab > uncheck the Enable Java option.
For Opera: Type “opera:plugins” (minus the quotes) into the browser’s address bar. Find any plugins on the list that say Java and click the Disable button.
For OS X 10.7 and 10.8: go to Macintosh HD/Library/Java/JavaVirtualMachines/ and remove the 1.7.0.jdk file. Older versions of OS X run Java 6.
Also, make sure that you have up-to-date avast! antivirus protection because avast! detects the latest Java zero day exploit in real time as Java:Dong-A [Expl] . We would appreciate your recommendation as well. We make it easy to share with your Facebook friends via our Recommend avast! app. Thank you!
edit: added Opera instructions
A Google alert just popped up this review from Android Authority titled: “The best just got better“. And I just love the writeup from the author Simon Hill…
“After trying a number of Android security apps and comparing their performance in independent tests it is easy to recommend Avast Mobile Security as your best option. The sheer variety of features is more in keeping with a premium app, but it is still completely free.”
So if you have an Android phone – and according to the latest data by Gartner there should be about 450 million of you out there – go to Google Play and get the best rated security app. For free.
I’m still having my old Nokia but I guess time has come to get the shiny Galaxy S3 and install as well