Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Archive for the ‘General’ Category
January 18th, 2015

Your video guide to Avast 2015 features

Only four and half minutes of your time, and you’ll know the highlights of Avast 2015.

 

Avast 2015 is very easy to use, and many people just install it and let it do its job silently in the background. We designed it that way, but for those of you who want to know more about the features of Avast, we created a video guide to help you get the most out of your security protection.

The core of Avast Antivirus is real-time active protection comprised of the Web, Mail, and File System Shields. These can be accessed from the user interface. Open Settings and go to Active protection.

Avast 2015 includes our new, unique Home Network Security (HSN) which scans for home router security problems. Avast is the only security company to offer a tool to help you secure this neglected area.

To save you time, Avast 2015 has an efficient 4-in-1 Smart Scan which combines scans for malware and HSN’s router vulnerabilities, missing software updates and patches with Software Updater, and performance issues with GrimeFighter. GrimeFighter requires a separate license to fully optimize your PC.

January 12th, 2015

Lizard Squad hackers use unsecured home routers in DDoS attacks

This Lizard is out to get your home router.

This Lizard is out to get your home router.

Your home router could be part of a network used to knock sites like Sony PlayStation network offline.

During Christmas we reported that a hacker group calling themselves the Lizard Squad, took responsibility for ruining the day for Sony PlayStation and Microsoft Xbox users by taking the gaming networks offline. This and previous attacks, which included a bomb threat directed at an American Airlines flight with Sony Entertainment president John Smedley on board, have been revealed to be a marketing campaign to advertise a new product available for rent to anyone who wants to cause a Denial-of-Service (DDoS) attack to the target of their choice.

I’m not a hacker. Why should I care?

You may not be a hacker, but the power for this service could be coming from your home office! Security blogger, Brian Krebs, whose own site was attacked, found out that the network of infected devices that powers the Product-That-Must-Not-Be-Named (that’s because Lizard Squad gleefully thanked Brian for the publicity on their Twitter account) is made up mostly of compromised home routers. On that same Twitter account, Lizard Squad said that they are using 250-500k infected routers.

These are the devices in everyone’s home that we warned you about in our blog, Your home network is at risk of cybersecurity attacks. Most people neglect the security of these devices by using the default user name and password that comes from the manufacturer out-of-the-box.

Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers,” said Avast Software’s CEO, Vincent Steckler.

Lizard Squad has just proven that point.

Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment, “ Steckler said. “The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”

How to protect your home router

Start by scanning you home network with Avast’s Home Network Security Solution.

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.

The Home Network Security Solution is available in free and paid versions of Avast 2015. Get it at www.avast.com.

For more steps you can take to protect your home router, please see our blog post, 12 ways to boost your router’s security.

January 7th, 2015

More cybersecurity predictions for 2015

Yesterday, we looked at two hot areas to be aware of regarding your online security: Data breaches and mobile security. Today, we’ll look at two more areas that haven’t caused as much trouble or damage as the other two, but are likely to grow in importance.

Internet of (Every)Thing at risk

Secure your privacy by using avast! SecureLine VPNThe “smart” home has been in the works for some time now, and this year, we’ll see more and more gadgets from household appliances to wearables like fitness bracelets to industrial equipment becoming connected to mobile devices and social networks. This proliferation of inter-connected things will open up a whole new glorious space for hackers to play in.

We predict that from now on, devices will increase by an order of magnitude (not too bold a prediction, huh?), and of course, that will result in greater privacy and security concerns. A breach in the Internet of Things (IoT) will give cybercrooks the ability to install malware or ransomware on private networks – not only consumer, but corporate and government – steal personal information, or even cause physical harm to a space or a person.  But before you run around the yard yelling, “Skynet is falling, Skynet is falling”, cybercrooks will feel the space out probably starting with adware uploaded on our smart TVs.

What to keep your eye out for

  • New technologies and businesses around the IoT including
    • Increased demand for low cost bandwidth and processing
    • Expansion of infrastructure that carries Wi-Fi traffic
    • Start-ups focused on communication and sensors between devices, storage, data analytics
    • Home and factory automation
  • The rise of “fog” computing architectures, where data is closer to the source as opposed to residing in a data center somewhere

Room for improvement

  • Keeping multiple smart devices updated with the latest version of this-and-that software. You think it’s hard now with a couple of devices? Wait until your house, body, garage, and workplace are full of smart gadgets.
  • The fractured ecosystem will make it harder to identify threats or protect against security exploits.
  • Home routers are still unsecure and people are using open, unencrypted Wi-Fi. Start by securing your own home router by scanning with Avast’s Home Network Security scan, then follow whatever suggestions are given.

Social media world

ransomware note
By now, social media users know that sharing too much personal information can give strangers access to their personal life. To illustrate that point on a national scale, Allstate Insurance, aired a series of commercials about what happened to a couple who shared on social networks that they were away from their home for the weekend. Read about it on our blog.

Last year, we saw new privacy settings introduced on social media, and 2015 will see a rise in anonymous interactions via social media.

Hoaxes and scams spread by email and social networks were successful in 2014, as they have been for years now, so we see no reason that occurrences will decrease. Social engineering can trick unwitting victims and the rate of identity theft will increase.

What to keep your eye out for

  • Continuation of scams associated with important events like celebrity gossip or sporting events.
  • Watching videos on Facebook equaled watching videos on YouTube at the end of 2014, so we can expect hackers to take advantage of this by hiding malicious links in Facebook videos.
  • More fraudulent and malicious ads will appear on social networks.
  • Ransomware made the jump from PC to mobile in 2014, and it will likely hit social networks.

Room for improvement

  • Cut back on sharing too much on social media and through Internet of Things devices.
  • Adjust privacy settings in each social network.
Comments off
January 6th, 2015

Data breaches and more 2015 cyber security predictions

For a month now, I have been reading predictions for 2015. In the security field, something new and unexpected can always pop up – like the Point-of-Sale (PoS) breaches in early 2014 – but most likely what will happen is just a continuation, that is, a natural evolution, of what has already occurred.

crystal ball 1

So let’s take a look at some things that will probably happen this year and steps we can take to stay safer. Tomorrow, we’ll look at a few more.

Data breaches will continue

Data breaches made the news in 2014, and in 2015 we will continue to see security breaches of companies, irrespective of size or business sector. These breaches are often caused by software vulnerabilities, advances in data stealing malware, and as we have seen recently with the Sony breach, by states using cyber espionage against other states.

What to keep your eye out for

  • Heartbleed and Shellshock were successful at using vulnerabilities in software that we depend upon. We expect to see more of the same in 2015.
  • Increase in phishing and social engineering attacks on employees of big companies in order to break in.
  • Health care organizations are at risk because many of them use outdated software and have rudimentary security. Plus, there is so much valuable data to be stolen like sensitive patient records.
  • More revelations that governments and even companies are using cyber attacks against each other.

PoS-attacks2Room for improvement

  • Companies need to tighten up the security processes of their employees, vendors, and third party suppliers who have access to their systems.
  • Companies need to adopt advanced threat solutions to secure their PoS networks from breaches.
  • Enterprise breach detection methods need to be improved because cybercrooks will likely go after the bigger fish.
  • Passwords are not adequate protection for our personal or financial accounts. Two-factor authentication will be adopted more widely, as will new methods like ultra-sonic sound.
  • Consumers and companies should update from the old, vulnerable Windows XP.

Mobile is attractive to cybercrooks

Since our mobile phones are as powerful and can accomplish nearly all the things a regular computer can, that gives cybercrooks a relatively easy in-road to your private data and financial information. 2015 will see consumers becoming more aware of mobile security since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information.  Read more…

December 31st, 2014

Happy New Year 2015 from Avast!

From our headquarters in Prague, Czech Republic to our offices in the USA, Germany, China, and South Korea, all of us at Avast Software wish you love, laughter, and peace in 2015.

img-holiday-neo-2015-en-c

Looking back on 2014, we are grateful for the trust that our 220 million customers have placed in us. We thank you for your loyalty and for sharing Avast with your friends and family. We appreciate your support, your suggestions and feedback (even when it’s not so good ;) ), the way you help others on our forum and social channels like Facebook, Google +, and Twitter, and especially when you write us with your stories of how Avast saved the day for you.

As we enter this new year, we promise to bring you the best security products for your home network, your business, your PCs, Macs, and Android devices, that we can. We will stay on top of new threats and contain the old ones that keep coming back to plague us. We will strive to keep your trust, but most of all, to keep you and your important data and hardware save from harm.

So raise your glass with us, and join us for our 2015 wish.

Peace. Love. Security. ~ from Avast

img-Fb_wall-2015

 

Categories: General Tags: , , ,
December 30th, 2014

‘Worst virus ever’ POSTCARD hoax still circulating

[AUDIO VERSION: This is an audio version of this blog post. Click below to listen.]


During the Christmas holidays, my mother received this email from a well-meaning friend. Since her daughter works for the most trusted security company in the world, she immediately asked me about the authenticity of the message.

Here’s the email:

Subject: VIRUS COMING !

Hi All,

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!

You should be alert during the next few days. Do not open any message

with an attachment entitled POSTCARD FROM HALLMARK , regardless of who sent it to you.

It is a virus which opens A POSTCARD IMAGE, which ‘burns’ the whole

hard disc C of your computer.

This virus will be received from someone who has your e -mail address

in his/her contact list.

This is the reason you need to send this e -mail to all your contacts.

It is better to receive this message 25 times than to receive the virus

and open it.

If you receive an email entitled “POSTCARD,” even though it was sent to

you by a friend, do not open it! Shut down your computer immediately.

This is the worst virus announced by CNN.

It has been classified by Microsoft as the most destructive virus ever.

This virus was discovered by McAfee yesterday, and there is no repair

yet for this kind of Virus.

This virus simply destroys the Zero Sector of the Hard Disc, where the

vital information is kept.

COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS.

REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US

This particular email has been around for years, and you have probably seen one of its incarnations. Although there are real incidents of malware being distributed via e-cards, this is a bogus, unsubstantiated hoax.

shutterstock_20061535The language is quite strong – phrases like the worst virus and the most destructive virus ever are sure to get the attention of security-minded people. The problem is that the email fails to provide any authentic details to learn more about the threat, just vague announcements and classifications.

“The email doesn’t actually mention a specific virus,” said Jan Zika, an Avast Virus Lab analyst. “Sure some viruses use the “Postcard” social engineering method to trick users to click the link, but this email has been circulating for a couple of years now, and it never says which virus it is.”

The email does say what the virus can do, This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept, and it burns the whole hard disc C of your computer. Pretty scary stuff!

“No, it cannot burn anything, and no, it is not most destructive virus ever,” said Zika. His advice? “It’s best to avoid such messages unless you can confirm that the threat is real.”

Protect yourself against email hoaxes

  • Keep you antivirus protection up-to-date and scan regularly for viruses and malware. Both Avast Internet Security and Avast Premier include anti-spam filters to keep your inbox free of this kind of nonsense.
  • Use caution when opening attachments or downloading files. Double check that it’s from a sender you know and trust.
  • Before clicking on any links or attachments, try to verify that the email came from a legitimate source. If you can’t, then don’t click.
December 26th, 2014

Hackers claim Christmas day outage of Sony PlayStation and Microsoft’s Xbox networks

PSN offlineEarlier this month, as the Sony Entertainment breach was making headlines, Sony’s PlayStation Network (PSN) was knocked offline due to an alleged hacking attack. On Christmas morning, just as kids everywhere were unwrapping their new PlayStation and Xboxes, the PSN and Microsoft’s Xbox Live network were both disrupted leading to speculation that they were once again hacked. A group calling themselves Lizard Squad claiming responsibility for the attacks via Twitter.

As of now, PlayStation is still offline and PSN is directing users to their @AskPlayStation Twitter account for updates.

Xbox Live Status reports that its core services are running, but there is limited access to apps for IGN, Maxim, and MLG.tv.

Related article: Sony PlayStation Network down due to hacker attack

Categories: General Tags: , , ,
December 22nd, 2014

Avast revisits the biggest threats of 2014

2014 has been an active year for cybercrime. Let’s start with the most recent and then take a look at some of the other important security events of the year.

shutterstock_134221643

State-sponsored espionage

We are ending the year with the most publicized and destructive hack of a major global company by another country – now identified as North Korea. The Sony Entertainment attack, still being investigated by the FBI, resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was an attack on privacy due to the theft of a massive amount of personal records, but also essentially blackmail; aiming to silence something that the North Korean government didn’t like – namely the release of The Interview, a movie depicting an assassination attempt on Kim Jong-Un.

Most of the blame for state-sponsored cybercrime in 2014 has been with Russian or Chinese hackers. Whether private or state-sponsored, these hackers have attempted to access secret information from the United States government, military, or large American companies. Recently, Chinese hackers sponsored by the military were indicted for economic espionage by the U.S. Department of Justice.

Home-Depot-ApronLarge data breaches

Along with the Sony breach, other notable companies that suffered from cybercrime include Home Depot, eBay, Michaels, Staples, Sally Beauty Supply, and others. A significant number of these breaches were begun months or years ago, but were revealed or discovered in 2014.

Nearly 110 million records were stolen from Home Depot; the largest ever breach of a U.S retailer. The cyber-heist included 56 million payment card numbers and 53 million email addresses.

JPMorgan Chase’s data breach impacted nearly 80 million households in the U.S., as well as 7 million small- and medium-sized businesses. Cybercriminals were able to gain access after stealing an employee’s password, reminiscent of the Target breach from 2013. This breach is said to be one of the largest breaches of a financial institution. The FBI is still investigating.

Financial and data stealing malware

GameOver Zeus, called the most infamous malware ever created, infected millions of Internet users around the world and has stolen millions of dollars by retrieving online banking credentials from the infected systems.

Tinba Trojan banking malware uses a social engineering technique called spearfishing to target its victims. The spam campaign targeted Bank of America, ING Direct, and HSBC customers using scare tactics to get customers to download a Trojan which gathered personal information.

Chinese hackers were at it again, and again, targeting South Korean banking customers with banking malware using a VPN connection. The customers were sent to a look-alike webpage where they were unknowingly handing cybercrooks their banking passwords and login information.

Software vulnerabilities

Many of the breaches that occurred in 2014 were because of unpatched security holes in software that hackers took advantage of. The names we heard most often were Adobe Flash Player/Plugin, Apple Quicktime, Oracle Java Runtime, and Adobe Acrobat Reader.

Avast’s selection of security products have a feature called Software Updater which shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.

Read more…

December 10th, 2014

When it comes to dangers on the internet, we are our own worst enemies

Today’s biggest threat to the normal consumer is the consumer themselves.

This bold statement was made by Avast CEO Vincent Steckler in an interview with German technology website Valuetech in Munich last week. That’s a daring position to take after this year’s revelations about NSA spying, the theft of tens of millions of customer passwords from major retailers like Target and Home Depot, the recent Sony Pictures hack, and the normal parade of Trojan horses, worms and viruses, but it’s one that Steckler stands behind.

Watch the interview here (04:00),

Mr. Steckler has good reason for his conclusion. Here’s a few of the main points he made during the interview.

Social engineering preys on human weakness

“A lot of attacks are still using social engineering techniques; phishing emails – ways of convincing the user to give up valuable information,” said Steckler.

An example of phishing emails just occurred after Black Friday, when cybercrooks sent millions of fake purchase confirmation emails to customers of major retailers. You can read about that, as well as what to do if you are a victim,  in our blog, Fake confirmation emails from Walmart, Home Depot, others in circulation.

The Mac misconception

Mac users are well-known for proudly touting that they don’t use antivirus protection because they never have a problem with viruses. But, it’s really a numbers game.

“There is no fundamental difference,” Steckler says of the security of PCs and Macs. “Mac is not inherently any safer, as a technology, than Windows is. What makes a difference there is what is more opportune for a bad guy to attack.”

He explains that malware written for Windows can attack up to 93% of the world’s PCs. Mac malware only reaches 7-8% of the world’s PCs. The safety then lies in the lower numbers of Mac devices rather than a technical safety advantage.

Households networks are as complicated as small business networks

With the interconnectivity of household devices from household computers, mobile phones, TVs and even refrigerators, Steckler compares the typical household network to that of a small business.

“The central weakness in this ‘Internet of Things’ will be that home router – the thing that connects everything together,” says Steckler, “and basically doesn’t have any security on it.”

Avast 2015 seeks to address this lack in security by including the new Home Network Security scanner.

Comments off
December 8th, 2014

Sony PlayStation Network down due to hacker attack

Poor Sony. They are getting it from all directions these days.  On Sunday, the PlayStation Network, the online store for games, movies, and TV shows, suffered a hacker attack and was knocked offline. Visitors to the store got a message that said, ‘Page Not Found! It’s not you. It’s the Internet’s fault.’ I just visited the page, and got this same message, so reports that it was up again, were at best, temporary – at least for some of us.

Sony PSN hacked

Sony tweeted yesterday that they were investigating.

A group called Lizard Squad, which was also involved in a hack of Xbox Live last week as well as previous attacks on EA Games and Destiny, claimed responsibility for the attack.

During the Xbox hack, Lizard Squad promised that attacks would continue until Christmas.

This attack comes on the heels of news recently that Sony Pictures’ corporate network was infiltrated by cybercrooks which resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was speculated that North Korean hackers were behind the attack due to the upcoming release of the movie “The Interview,” which is about an attempted assassination of Kim Jong-Un. The North Korean government denied responsibility for the attack on Sunday. The attack has since been traced to a luxury hotel in Bangkok, and is being investigated.

The two attacks appear to be unrelated.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Categories: General Tags: , ,
Comments off