Success of the last Hashtag challenge, available across the social media platforms, convinced us to continue with this idea. This weekend, we want to introduce you to a new one. Utilize the following Hashtag: “#withoutProtection” to let everybody know what would you never do #withoutProtection. Would that be: sunbathing, travelling, leaving your kids, or maybe risking to leave your PC #withoutProtection…?:) Be creative, be funny, be free.
We will award in the following category:
- Most creative/funny comment
Rules: Read more…
Thursday is a fun day because we get to look back in time at how things were in the good ol’ days. It’s Throwback Thursday!
AVAST is the world’s most popular antivirus software because our happy users recommend avast! Antivirus to their friends. Some think of creative ways to share. Here are a few examples:
Busy people who trust AVAST to protect their valuable assets (digital or otherwise), display the logo proudly on their computers, or in some cases, on the side of their barn. Read more…
This is a loose sequel to the Cutwail botnet analysis blogpost published on the malwaremustdie.blogspot.com. In this blogpost I will primarily focus on the downloaded PE executable itself (SHA256: 5F8FCC9C56BF959041B28E97BFB5DB9659B20A6E6076CFBA8CB2D591184C9164) and the network traffic that it generates. I will also reveal a hidden C&C server.
But first let’s quickly go through the things it does at the beginning:
- It registers an exception handler that will only start the process again using CreateProcess().
- It performs a check whether it has admin privileges.
- It checks or creates a mutex named “xoxkycomvoly” (hardcoded identifier used on multiple occasions).
- It checks or creates couple of registry entries under HKCU\Software\Microsoft\Windows\CurrentVersion.
- It checks if the process image filename is “xoxkycomvoly.exe” (it restarts for the first time).
- It nests into the system by creating autorun entry in registry under HKCU\Software\Microsoft\Windows\CurrentVersion\Run.
- It copies itself to the user’s profile directory named as “xoxkycomvoly.exe”.
Then on the first time an exception occurs and the sample is restarted from the user’s profile location named as “xoxkycomvoly.exe”.
After these initial steps, the sample starts communicating heavily over the network.
When AVAST CTO, Ondrej Vlcek, was in Munich recently, he took an after-dinner stroll to see the Frauenkirche cathedral. Right next door to the cathedral is the Ferrari store, so he paused to do some window shopping.
“Pretty standard stuff inside – lots of red t-shirts, red baseball hats and bunch of other clothing, plus a Formula 1 (or a mock-up of it). And a big TV screen with some interesting Ferrari movie.”
“Now, what the hell is that little blue thing in the lower-right corner of the screen?”
So even those with lots of money to spend, choose avast! Free Antivirus. Send us a picture if you have an AVAST sighting in an unusual place.
Summertime means vacation time, and many of us brag share our plans on social networking sites like Facebook and Twitter. A recent survey by MoneyGram found that nearly one-third of consumers aged 18-49 post details about their vacations on social media before or during their trip, essentially broadcasting to the world when they will be away, where they are going, and what they will do – and more than just friends are watching.
“Sharing summer travel plans can serve as an invitation for criminals to target family members with the relative in need scam,” warns MoneyGram, a leading global money transfer company. In the so-called “family scam,” cybercrooks target elderly family and friends of people traveling on vacation with frantic late-night phone calls or emails from a hijacked account. They make up an emergency situation and instruct the victims to wire huge sums of money to “rescue” their relatives from nonexistent predicaments. Some AVAST users have experienced this firsthand.
According to MoneyGram, victims of family scams lost an average of $1,551 each time money was sent to a scammer – with a total of more than $8.5 million in attempted transactions during summer 2012.
“When families go on vacation, they don’t do their relatives any favors when they post Facebook pictures and tell everyone how long they’ll be gone,” said Barbara Fore, an elder-related-crimes investigator for the Seminole County Sheriff’s Office in an Orlando Sentinel article. “Criminals are monitoring things like Facebook all the time, and they can often find out just about everything they need to know to run their cons.”
MoneyGram advises that “the safest way to respond to a frantic phone call is to simply hang up and call your relative directly to verify the situation, or verify the identity of the person on the other end of the line or email by asking questions with answers that only true friends or family members would know. These steps often reveal the attempted fraud, preventing any further emotional distress or monetary losses.”
Our first “#useAVAST” Hashtag challenge is over and it’s time to announce the results. As always, YOU have proven what an engaged and creative community AVAST has. We’ve seen plenty of Facebook and Google+ posts and Tweets with your personal recommendations. It has convinced us that we should be giving you this opportunity more often, so Be free to expect some more fun.
As announced in the previous blog, we have selected winners in two categories:
- Most creative/funny recommendation
- Most convincing recommendation
All entries are valuable to us and we appreciate your inventiveness and always-willing-to-participate attitude! Congratulations to the winners! Please contact us at firstname.lastname@example.org to claim your 1-year license for avast! Premiere, our best-selling antivirus protection.
avast! Mobile Security came out on top from a pool of thirty mobile security products for Android in AV-TEST’s product reviews and certifications.
The testers threw over 2,500 malicious apps, including viruses, worms, and Trojan horses, at each product. avast! Mobile Security earned a score of 100 percent in detection, above the industry standard of 96 percent. But, malware protection is only part of the story.
Security protection for your smartphone is no good if it eats up your battery or slows your apps down. No problem there! AVAST received a perfect score for usability which measures how much, if any, the software impacts how you use your phone. The performance of each product was evaluated by testers in three areas: 1) impact on battery life, 2) if it slowed down the device during normal usage, and 3) how much traffic it generated. avast! Mobile Security performed perfectly.
Testers also looked at the number of false positives which are warnings you get during installation of legitimate software from Google Play. Again, avast! Mobile Security earned a perfect score.
AVAST performed splendidly for the tests, but like I said above, malware detection is just part of the story of security protection for your mobile device. avast! Mobile Security scored extra points for a powerful anti-theft feature which allows you to remotely locate, lock or wipe your phone in case it’s stolen. It also blocks calls from specific or unknown numbers, filters messages for unwanted content, and keeps your web surfing activities safe against malicious websites and phishing attempts. Handy tools like network meter, app manager, and even a firewall give you complete control of your mobile phone.
And it’s FREE
All that, and avast! Mobile Security is free. Protect your Android device and all the data on it, by downloading avast! Mobile Security for free. Get it from Google Play.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on Facebook, Twitter, Google+, and now, Instagram.
The Hashtag system, created by Chris Messina in 2007, became Twitter’s trademark. The other social networks, notably Instagram, Google+, and Tumbr followed Twitter’s “Hashtag policy”; however it was still not available on Facebook, until now! Finally, users of the biggest social platform can follow and create conversations across the world, by adding a simple Hashtag symbol (#) before the word.The AVAST Social Media team is very excited about this feature and would like to introduce you to a new #hashtag challenge available across the social media platforms.
Now the fun part: Utilize the following Hashtag: “#useAVAST” to let everybody know why you personally recommend our free Antivirus solution. Be creative, be funny, be free.
We will award in two categories:
- Most creative/funny recommendation
- Most convincing recommendation Read more…
The title of this blog post may make you think that we will discuss the security of your Facebook account. Not this time. However, I will analyze an attack which starts with a suspicious email sent to the victim’s email account.
The incoming email has the following subject, ‘Hey <name> your Facebook account has been closed!‘ or ‘Hi <name> your Facebook account is blocked!‘. The email has a ZIP file attachment with name <name>.zip, which contains a downloader file named <name>.exe. <name> stands for a random user name. After a user downloads and executes the executable file, he is presented with the message saying that “Your Facebook connection is now secured! Thank you for your support!” It tries to convince you that there was a problem with your Facebook account, which was later successfully solved by executing the application from the email attachment.
Let’s look inside the executable file!
If you had the privilege to meet Android:Obad, which Kaspersky earlier reported to be the “most sophisticated android malware,” you are in a real bad situation and this will probably be the moment to which you’ll be referring to in the future as “The time I learned the hard way what better-safe-than-sorry means.” A few days ago we identified a new variant of that threat. There is a chance you bumped into this bad guy before we started detecting it, because if our generic detections don’t catch the malware there is always a short delay before it gets to us. In most cases, it isn’t a problem to get rid of a malicious app – you just uninstall it after you find it. This time, that won’t work.
The problem we are facing here is called “Device administrator.” After you launch an app infected with Android:Obad, you will be asked to make the app the current device administrator, which will be only a few buttons away so it isn’t hard to do. After you do so, there is no way back because this piece of malware uses a previously unknown vulnerability which allows it to get deeper into the system and hide itself from the device administrator list – the only place you can manage device administrators. You won’t be also able to uninstall the app via Settings, because all the buttons will be grayed out and will not function.
Lucky for you, avast! Mobile Security will save you from doing a factory reset and losing your data, which certainly is one of the solutions. But don’t worry, you are safe with us. Read more…