Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus


Archive for September, 2011
September 13th, 2011

Three strikes and you’re out

Don’t worry, this article is not about baseball, something which I find boring (well, reading sporadic gossip from Virus Lab might be boring as well). We are talking about “unwise” people here. Frankly, I would like to use some harder adjective (unwise is a real euphemism), but it’s up to you to give them a proper name :-). So, let me show you the chain of events that resulted in these strikes — and let you make your own decision.

FP submissions

Read more…

September 13th, 2011

avast! FREERIDE: Scanning speed of 5.9 m/s

The avast! FREERIDE t-shirts have been produced – and have been officially in action. The best four among us – that is to say, the best four cyclists who volunteered to participate – represented AVAST in the mountain bike cross-country race IT CHALLENGE 2011 and did indeed very well.
Read more…

Categories: Marketing, Uncategorized Tags:
September 12th, 2011

Loyola University of Maryland Visit

I’ve already mentioned this a few times, but to open this story I will say it again: AVAST doesn’t pay for any advertising. Our user base is growing and the word-of-mouth advertising from users is just priceless.

But here is the downside: not being busy creating advertising campaign leaves the marketing department with quite an amount of spare time on our hands. Therefore, we welcome any distraction that brings a change into the otherwise monotone flow of time. Two weeks ago – sorry I was too busy to cover this story sooner – we had a visit from Loyola University of Maryland.

Roughly 20 MBA students and faculty were – I quote – “visiting leading companies in the region to learn about the companies’ strategies to successfully approach international markets with an innovative business models and unique marketing activities.” Read more…

Categories: Marketing Tags:
September 9th, 2011

Microsoft Re-branding?

For those who have not visited our AVAST office in Prague, I need to explain that we are located south of the historic center in a business-like area with the standard attire:  modern office buildings, couple of ‘skyscrapers’ (well, a Czech version of skyscraper with 27 floors), good restaurants, shopping centers and so on.   Lots of businesses and banks have their headquarters here.  It is really nice.

Among others, Microsoft happens to have its office right in front of our office windows.  Of course we don’t spend our working time staring from the windows – most of the time we are actually staring at Windows – nevertheless, the latest development at the Microsoft building is too big to be missed.  Microsoft is REBRANDING! Read more…

September 9th, 2011

Breaking through flash obfuscation

When analyzing flash malware, you can be sure that sooner or later a sample shows up that tries very hard to hide its purpose from anyone who wants to look under the hood. This is one of the things that make them suspicious and interesting to analyze. Today, I will show you a sample which is like an onion – every time you get rid of one layer of protection, you will find another one.
Read more…

September 7th, 2011

Unpacking the “Unitrix” malware

The “Unitrix” exploit takes several Unicode features designed for right-to-left languages and uses them to mask malicious executables as safe text or video files. Here is a short list of the main options.

We described Unitrix in a recent release Hackers flip filenames to create “safe” file extensions. But, this was just the start of the detective work. Analysis of this exploit showed that the hackers do not directly takeover the infected computers. Instead, they have a “pay per installation” network that provides outsourced infection and malware distribution services for other cybergangs – apparently based in Russia and the Ukraine  – after giving each infected computer its own identification number. And, this gang has the ability to change the final payload thanks to its downloader: rootkit today, tomorrow something else.

We’ve titled this malware W32:Fivfrom. It’s a malware downloader which, after activation, connects to several distribution centers to download and install malware to the infected computer.  We analyzed over fifty separate files, all of which initially looked quite different. But when we looked inside, Read more…

September 2nd, 2011

Recognizing our top 10 communities – in 2 ways

Yesterday (1 Sep 2011) we made a Facebook post recognizing avast! antivirus users in particular towns in the USA, towns that because of their names have a special affinity with where avast! originated:

Czech communities in the USA (Source: Wikipedia)

“Since we’re headquartered in Prague, Czech Republic, we’d like to say a big ‘Dobry den’ to avast! users in the following US towns: Prague, Nebraska… Prague, Oklahoma… New Prague, Minnesota… and Praha, Texas.”


These North-American towns all began as Czech communities (or at the time Czech, Moravian, and Slovak communities) in the ‘new world’ about a century ago. Even today, a lot of Czechoslovak festivals are held in these regions and many others (see


Today, however, we want to recognize avast! users in our top 10 COUNTRY markets: Read more…