Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘virus’
March 31st, 2014

The Gray-zone of malware detection in Android OS

Does the title of this blog post have a mysterious meaning? Not exactly.

In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.

MD5

Name \ Info

F1EF5B8C671B2146C2A2454ECF775E47

G锁屏冰雪奇缘之来自星星的你V1.0.apk

\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.

Current Status: Removed from Google Play

10bd28d4f56aff83cb6d31b6db8fdbd2

Cut_the_bird.apk

\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.

05ffb6f34e40bb1cf8f9628e5647d5e3

aini1314langmanzhutisuoping_V2.5_mumayi_700e0.apk

\PUP – A screensaver application that has permissions unrelated with the purpose of the app.

d6b40bbb79b54c09352a2e0824c0adba

3D职业乒乓球.apk

\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.

eefd2101e6a0b016e5a1e9859e9c443e

eefd2101e6a0b016e5a1e9859e9c443e.apk

\Malware – This app steal personal data and SMS messages from the user.

 

The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.

Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.

Folder structure

  Read more…

February 13th, 2014

INFOGRAPHIC: Love shouldn’t spam your inbox, it should spam your heart

heartVday2014Love is in the air! People are going out to buy boxes of chocolates and flowers for their loved ones, preparing for romantic dinners, and some are hoping that a secret admirer will confess their love. Some seek help from the Internet to make Valentine’s Day as romantic as possible and since many people check their emails first thing in the morning, spammers and other cybercriminals see this as the perfect opportunity to attack.

The ILOVEYOU virus from 2000 did just that, although it was sent on May 5th, not on Valentine’s Day. The virus, a computer worm also referred to as “Love Letter,” originated from the Philippines and was sent via email with the subject line “ILOVEYOU.” The virus went viral when users opened the “LOVE-LETTER-FOR-YOU.txt.vbs” attachment included in the email. The opening of the attachment activated the viral basic script, damaging the user’s computer, overwriting image files, and sending copies of itself to addresses in the user’s Microsoft Outlook address book. The virus reached the U.S. on Friday morning, just as people were checking their emails. Since it was sent from someone they knew, and we didn’t have the collective experience of viral spam yet, people trusted the email and opened the attachment. Perhaps they were excited to receive a love letter?

Read more…

June 6th, 2013

Facebook virus empties bank accounts

ZeuS Trojan

A dangerous Trojan named ZeuS is making its way among Facebook users. This old Trojan horse has infected millions of computers over the years, stealing banking credentials and other personally identifiable information. Zeus can lie dormant on infected computers until the unsuspecting victim logs into their bank’s website. Once you’re logged in, cybercrooks can steal your log in credentials and empty your account without your knowledge.

The virus is spread through phishing messages either from a funny or shocking video from a friend posted on their page or in a message to you, or through an ad for videos or products. If you click the link to watch the video, a notification will say that you need to update the player. When you click update, you are actually downloading the Trojan. Clicking the Play button automatically gives your “Like” to the virus page, and it’s through this action that the link will spread to all of your friends.

All avast! Antivirus products detect and block Zeus if a user tries to install or run the .exe file, but the best way to protect yourself is to avoid it! avast! SafeZone is recommended for safe banking, financial transactions, and shopping online. It gives you a private, secure, and isolated desktop which keeps you safe from keyloggers like the ZeuS Trojan. avast! SafeZone is available in avast! Pro, avast! Internet Security, and avast! Premier.

 

Please share this with your family and friends.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on FacebookTwitter,  Google+ and Instagram.

April 1st, 2013

ALERT: Binary Flu spreads from Computers to Humans

March 4th, 2013

Sneaky little bastard

It has been two or three months since I last blogged about Android malware. But that definitely doesn’t mean there aren’t any new threats. There are plenty! Here are two quick comparisons from the last two years: Growth of the malware problem of the platform in January 2012 compared with January 2013 is far from the ‘normal’ growth of other platforms. According to our statistics, it’s something around +850 percent! Add another year for an even more insane comparison – the growth from January 2011 to January 2013 gives us +3150 percent! The Android platform is definitely one of the most targeted malware platforms these days. But no worries, users of Avast! Free Mobile Security are safe. Read more…

Comments off
November 26th, 2012

Sality: A Nasty Binary Tracked Down from Download.com

What a weird positive we’ve just spotted on CNET’s Download.com…

Win32:SaliCode blocked

Read more…

Comments off
October 31st, 2012

Double Trouble

Android is one of the fastest growing platforms in the world. In the second quarter of this year there were more than 300 million active Android devices. The increase is almost 900,000 of new devices per day and still rising. These days Android occupies more than 60% of the mobile devices market!  By the way there is around 300,000 newborn children a day all around the world, and this number constantly decreases.

Hand in hand with this trend goes the rise of applications and viruses for this platform. In the past week we noticed one of them that was especially tricky. At first look, it’s trying to act like a regular Google Play application, but that’s just an illusion. It is a fake application which not only downloads other fraudulent application, but it is also able to send premium text messages without user’s knowledge

After the installation it replaces the original Google Play from the menu and just waits for a first start from the user.

Immediately after the first start you are asked to update the program and there your troubles continue “Critical update, install new version, click the continue”.

After this step follows another nasty download from this link shows up:

After the installation of second aplication, your phone turns into a money sucking machine. Without your knowledge it starts sending premium messages on paid numbers. Luckily we caught this threat and Avast! detects both samples as Android:OpFake-BV.

This file is  easily accessible from more than thirty malware pages, which are made to resemble various markets and download pages! But no worries Avast! users are protected even if you accidentally visit these pages.

SHA:

8CA2E64E008BA4FC667809D4DD9FA2CE98F8AF248F1DE7B280636555EF09EF40

DCE5A75092996B4388644B1E56A0F07FCB05F4C069E14AE269075EC2A33DA3FF

August 16th, 2012

How do I know avast! Antivirus is protecting me?

Question of the Week: How do I know my avast! Antivirus is protecting me against the latest viruses?

With avast! Antivirus 7, you get each virus signature sent to you in real-time via a connection to the AVAST Virus Lab cloud, rather than needing to wait for a traditional database update. Your database will be continuously updated with the latest definitions.

To ensure this works efficiently, the auto update should be turned ON so that your virus definitions are updated automatically whenever you are connected to the internet. When you open the program’s main window, it will tell you the current security status of your computer. By clicking on “Show details” you can see the current status of the virus definitions.

If you have reason to believe that your virus definitions have not updated, you can access various features of the program by clicking on the orange avast! icon located in your computer’s system tray instead of going through the main user interface. When you right click on the avast! icon, a short menu will appear. Click Update > Engine and virus definitions to see if your virus definitions are up-to-date.

Tell your friends on Facebook about how great avast! Antivirus protection is by clicking here. You could win an iPod Touch!

Categories: General, Marketing Tags: ,
November 11th, 2011

Hot on the trail of Duqu with Microsoft’s MAPP

The Duqu malware has raised the specter of Stuxnet II, with some in the security community claiming that this new Trojan is a reverse-engineered copy of Stuxnet – the infamous malware that may have sold more newspapers than it damaged nuclear centrifuges. Unlike Stuxnet, Duqu is designed to steal data from the targeted organization, not just destroy equipment. First noticed this summer, Duqu self-destructed after 30 days, than vanished again into cyberspace.
Read more…

Comments off
October 18th, 2011

Back to the Future?

I bet most of you have seen the ‘80s Back to the Future trilogy.  Back then it had great special effects, hi-tech equipment, impressive cars and tricks, but there was also a great theme in which the main hero goes back to the past…

You might be wondering how does it relate to avast! antivirus? Well all of us have a bit of nostalgia for the past, a time when we didn’t use PCs and there were no viruses. :)

So, the other day I asked my colleagues in our marketing/PR department: do you remember your first PC or the first virus you caught?

I was surprised what kind of discussion it has opened and how excited everyone was about it. So here we go (in alphabetical order):

Jason – Copywriter

First pseudo-computer I owned was Atari 2600 (circa 1984-5).

First real computer I ever used (at school): Commodore 64 (circa 1986-7) with a cassette-tape drive.

First real computer I actually owned was an HP desktop I bought in 1997 (with Windows 95 and McAfee antivirus (avast! engine!!)). I had it until 2002, when I upgraded to a Gateway desktop with Windows XP, which I think came with Symantec/Norton(?)… which I did not renew, instead using free antivirus software (ZoneAlarm, AVG, avast!) from then on.

Milos – Marketing Director

I was a poor kid from a poor village.  No computers.  Just socialism.  Left and right… everywhere you looked. Firsthand experience was the computer lab at school when I lived for a while in Modesto, California, in 1992/1993.   PC,  Macs and – listen carefully – Amiga.

I hated Mac because the only way to get the floppy disk out was through the software-eject button.  So when it crashed – and it was crashing all the time – your disk was in there and impossible to get out.

The PC on the other hand was excellent.  Crashed equally as often as the Mac, but there was a miracle hardware button, and when you pushed it the disk was out!  Lovely.

And of course the Amiga… I learned how to animate and draw on it.  It was THE computer for graphics!

Read more…