Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus


September 3rd, 2015

Mr. Robot Review: zer0-day.avi

via: USA Networks

The season finale of Mr. Robot left me asking myself many questions. The big question that most of the characters in the show asked themselves as well was: Where is Tyrell?

What exactly happened while Elliot was in Tyrell’s car? Did Tyrell execute the plan to bring down E Corp or did Elliot? Why is Angela now working for E Corp? Who really put that video of Elliot falling from the boardwalk on the James Bond-like sunglasses USB stick? Did Angela really have to go shopping for designer shoes after James Plouffe’s suicide? Does she not own more than one pair of high heels? Who is knocking on Elliot’s door at the end of the episode?

I admit, I initially stopped watching as the credits came, but then I read online that that was a big mistake. There is a scene that comes after the credits, which, of course, left me asking myself two more questions: Why is White Rose meeting with the CEO of E Corp? Does E Corp really know that Elliot is behind the take down?

However, one very important question that I have been asking myself for the last 15 years was finally answered in this episode. FSociety let the dogs out.

In addition to the numerous plot questions, I had two technical questions after watching the episode. I sat down with senior malware analyst, Jaromir Horejsi, who kindly answered my questions for me.

Read more…

Categories: General Tags:

September 3rd, 2015

Tiny Banker hidden in modified WinObj tool from Sysinternals

The Tiny Banker Trojan is spread by email attachments.

Tiny Banker aka Tinba Trojan made a name for itself targeting banking customers worldwide. The Avast Virus Lab first analyzed the malware found in the Czech Republic reported in this blog post, Tinybanker Trojan targets banking customers. It didn’t take long for the malware to spread globally attacking customers from various banking behemoths such as Bank of America, Wells Fargo, and RBC Royal Bank, which we wrote about in Tiny Banker Trojan targets customers of major banks worldwide.

This time we will write about a campaign targeting customers of Polish financial institutions.  The Trojan is spread by email attachments pretending to be pictures. The examples of email headers are shown in the following image.

 email

In fact, there are executable files in the zip attachments - IMG-0084(JPEG).JPEG.exe, fotka 1.jpeg.exe. The interesting thing is that the binary looks almost like regular WinObj tool from Systernals, however there are differences: The original version of WinObj has a valid digital signature. The malware doesn’t have any.

Read more…


September 2nd, 2015

Apple jailbroken phones hit with malware

Chinese jailbroken iPhone users targeted

Chinese jailbroken iPhone users targeted

“Biggest iPhone hack ever” attacks jailbroken phones

In what has been called the biggest iPhone hack ever, 250,000 Apple accounts were hijacked. That’s the bad news.

The good news is that most Apple device users are safe. Why? Because the malware dubbed KeyRaider by researchers at Palo Alto Networks, only infects “jailbroken” iOS devices. (there’s that bad news again)

When you jailbreak a device like an iPhone or iPad, it unlocks the device so you can do more with it like customize the look and ringtones, install apps the Apple normally would not allow, and even switch carriers!

The KeyRaider malware entered the jailbroken iPhones and iPads via Cydia, a compatible but unauthorized app store, which allows people to download apps that  didn’t meet Apple’s content guidelines onto their devices. The malware intercepts iTunes traffic on the device to steal data like Apple passwords, usernames, and device GUID (“Globally Unique Identifier” which is your ID number similar to your car’s VIN). Users reported that hackers used their stolen Apple accounts to download applications from the official App Store and make in-app purchases without paying. At least one incident of ransomware was reported.

Chinese iPhone users with jailbroken phones where the primary attack target, but researchers also found incidents in 17 other countries including the United States, France, and Russia.

Read more…


August 31st, 2015

How to keep your Facebook business page secure

Managing the security of your Facebook business page is important to maintain a good reputation.

Nowadays we can hardly imagine a successful business functioning without digital marketing. When we say digital marketing Facebook comes to mind immediately. The most popular social platform with more than one billion users all over the world is a massive communication platform not only for the individuals, but also for brands and their consumers.

Community managers update Facebook for their company

Everyone working with your company Facebook page should know how to keep it protected.

Freelancers, owners of small local businesses, and large corporations; all of them use Facebook to promote their products and talk with their customers. In this blog post we will show you how to keep your Facebook page safe from the bad guys.

Manage the managers

Even if you are a small business, managing all your social media efforts by yourself can be difficult. Don’t try to control everything, it’s impossible and you will end up with micromanagement overload with unnecessary work. Instead, control the roles of your co-workers and educate them!

Read more…


August 27th, 2015

Alabama State University switches to security in the cloud

Networks are relentlessly attacked by online threats. Organizations need quality security products to keep their network secure.

When Jothan Virgil, an IT Administrator at Alabama State University located in Montgomery, Alabama, got an email announcing the new, free Avast for Business product, he did his research and signed up.

Alabama State University

image via swac.org

Virgil knows that a good antivirus product is the most important part of protecting a network and was using Avast Endpoint Protection before switching. ”The new cloudbased solution is easier to manage.” Avast for Business lets Virgil see his entire network anywhere, anytime making his job easier.

Alabama State has a very large network managed by multiple IT professionals, with over 1,000 faculty and staff members and more than 5,600 students. Avast for Business now protects all of them from one console.

“Avast for Business is so easy to deploy and monitor, it’s made the administration of our network much smoother.” System notifications tell Virgil exactly which machines are being hit with viruses or malware.

And it’s not just easy. It’s also free. Avast for Business created a savings that Virgil can use somewhere else. He’s certain the savings will go to good use in their growing IT environment.


 

Avast for Business can save your non-profit, company, or school money and time. Sign up on the Avast website.


August 25th, 2015

Technical support phone scams are still going strong

Every day, millions of people get scam phone calls. In the U.S. alone there are more than 86 million scam calls each month.

Consumer phone scammers often use cheap robocalling services; automatic dialers that make thousands of phone calls every minute for a low cost. They hope to catch someone who is not aware of the system or hasn’t heard of phone scams. A recorded message will say you qualify for a special program to lower your credit card interest rate or that something is wrong with your computer. When you press a number to learn more, the scam kicks in. The unfortunate victims are often elderly people, recent immigrants, and young college students.

Elderly people are targeted for phone scams

Elderly people are targeted for phone scams

‘We have detected a virus’

The most popular type of phone scam is the bogus tech support claim. The one that has been around for a few years (also read Don’t be fooled by support scams) involves a caller claiming they are a computer technician employed by Microsoft, McAfee, or even, Avast. They say they have detected a problem, commonly a virus or malware, on your computer and can fix it for a fee – sometimes as high as $450.

Once the frightened consumer agrees, the phone scammer has them download software for remote access. You can imagine what changes a crook can make to computer settings which allows them access later.

Other tactics tech support scammers take include:

  • Enroll their victim in a bogus computer maintenance program
  • Collect credit card information to bill for services
  • Install malware that can steal personally identifiable information like passwords and account numbers

Read more…


August 24th, 2015

Dating site users infected with banking Trojan after malvertising attack

A popular dating site and a huge telecommunications company were hit with malvertising.

Hacker at work

Trusted websites can be hit with malvertising

Popular dating site Plenty of Fish (POF) and Australian telco giant Telstra were infected with malicious advertising from late last week over the weekend. The infection came from an ad network serving the advertisements that the websites displayed to their visitors.

Malvertising happens when cybercrooks hack into ad networks and inject malicious code into online advertising. These types of attacks are very dangerous because web users are unaware that anything is wrong and do not have to interact in any way to become infected. Just last week, other trusted sites like weather.com and AOL were attacked in the same way. In the Telstra and POF attacks, researchers say that a malicious advertisement redirected site visitors via a Google URL shortener to a website  hosting the Nuclear Exploit kit which infected users with the Tinba Banking Trojan.

Read more…


August 20th, 2015

Mr. Robot Review: m1rr0ring.qt

This week’s episode of Mr. Robot continued from where it left off last week, focusing on the show’s characters rather than hacking methods. We see Elliot struggle with himself as he figures out that Mr. Robot is his dad (who died years ago), who he has been imagining in his mind. Meanwhile, Tyrell’s world is crumbling. His wife gave birth to a baby boy, but tells him she does not want to be with him unless he “fixes things”. He then gets fired from E Corp and remains as the prime suspect in Sharon’s murder investigation. It doesn’t look like Tyrell did a very good job of fixing things, if you ask me…

Despite the lack of hacking, I did have a few questions about the final scene of the episode. I spoke with my colleague, senior malware analyst Jaromir Horejsi, who helped me better understand FSociety’s plan.

via: USA Networks - Mr. Robot airs on USA, Wednesdays at 10/9 central

In the last scene of the episode, Tyrell pays Elliot a visit. Tyrell tells Elliot about how he murdered Sharon and how surprisingly good that felt. Elliot then decides to tell Tyrell about his plan to take down E Corp. Elliot explains to him that by encrypting all of E Corp’s files, all of their financial records will be impossible to access as the encryption key will self-delete after the process completes.

Read more…

Categories: General Tags: , ,

August 20th, 2015

Infected ad networks hit popular websites

Infected ads can be dangerous to your computerIt is frustrating when your antivirus protection stops you from visiting a website that you know and trust, but these days even the most popular websites can fall prey to attacks.

This week security researchers discovered booby-trapped advertisements on popular websites including eBay, The Drudge Report, weather.com, and AOL. The ads, some of which can be initiated by a drive-by attack without the user’s knowledge or even any action, infected computers with adware or locked them down with ransomware.

Computer users running older browsers or unpatched software are more likely to get infected with malware just by visiting a website. Avast blocks these infected ads, but to be safe, please use the most updated version. To update your Avast, right-click the Avast Antivirus icon in the systems tray at the bottom-right corner of your desktop. From the menu, select Update.

“This kind of malvertising is a fairly easy way for cybercriminals to deliver adware or another malicious payload. Many websites sell advertising space to ad networks then deliver the targeted ads to your screen,” said Avast Virus Lab researcher Honza Zika. “All Avast users with current virus databases are fully protected against this attack, but those without protection or up-to-date security patches run the risk of being infected with ransomware.”

Read more…


August 19th, 2015

Dark times for Android: Examining Certifi-gate and the newest Stagefright updates

Certifi-gate and Stagefright are two recent threats that have put many Android devices at risk. Photo via Ars Technica.

When it comes to security, it seems that Android has seen better days. A slew of vulnerabilities and threats have been cropping up recently, putting multitudes of Android users at risk. Certifi-gate and Stagefright are two threats that, when left unprotected against, could spark major data breaches.

Certifi-gate leaches permissions from other apps to gain remote control access

Certifi-gate is a Trojan that affects Android’s operating system in a scary way. Android devices with Jelly Bean 4.3 or higher are affected by this vulnerability, making about 50% of all Android users vulnerable to attacks or to their personal information being compromised.

What’s frightening about this nasty bug is how easily it can execute an attack – Certifi-gate only requires Internet access in order to gain remote control access of your devices. The attack takes place in three steps:

  1. A user installs a vulnerable app that contains a remote access backdoor onto their Android device
  2. A remotely-controlled server takes control of this app by exploiting its insecure backdoor
  3. Using remote access, Certifi-gate obtains permissions from others apps that have previously been granted higher privileges (i.e. more permissions) by the user and uses them to exploit user data. A good example of an app targeted by Certifi-gate is TeamViewer, an app that allows you to control your Android device remotely.

Read more…