Protecting over 230 million PCs, Macs, & Mobiles – more than any other antivirus

September 17th, 2015

AirDrop vulnerability is an easy avenue for hackers to exploit Apple devices

Do you own an Apple device? A vulnerability discovered within AirDrop could pose as a risk to your files. (Photo via

Do you own an Apple device? A recent vulnerability discovered within AirDrop could pose as a risk to your files. (Photo via

Recently, an alarming vulnerability has cropped up on iOS devices. This security loophole allows an attacker to overwrite arbitrary files on a targeted device and, when used in combination with other procedures, install a signed app that devices will trust without presenting a warning notification to users.

In a recent article published on Threatpost, it’s noted that the vulnerability is located in a library that lies within both iOS and OS X. In this case, the library in question is AirDrop, the tool featured on Apple devices that allows users to directly send files to fellow Apple device quickly and effortlessly. The problem lies within the fact that Airdrop doesn’t use a sandboxing mechanism in the same way that many other iOS applications do. When making use of a sandbox, every application has its own container for files that it can’t get beyond the so-called “walls“ of.

Read more…

Categories: Mac Tags: , ,

September 14th, 2015

Avast Mobile Security: So much more than just another security app

With millions of applications waiting to be installed in our gadgets, you not only need to be concerned about quality, but you also need to take the proper measures in order to avoid your phone becoming infected by malware. Unfortunately, we already know that Google Play and the Windows Store aren’t immune to malware. Even the Apple Store has its bad days, so we’re not trying to scare you. These days, malware is a continuing, growing threat.

Read more…

September 11th, 2015

Ads: Love or hate?

Ad-injection is an increasingly annoying and dangerous problem

Ad injecting in action on Amazon

Malvertising attacks. Image via Google Security Blog

There are basically two reactions people have when they see ads in their browser. Some think they add interesting content and possibilities, insights and ideas or even, opportunities. The other group considers them as a distraction, an invasion and a disruption to what they were doing.

But most everyone will agree, once you begin something on your laptop or mobile, especially if it’s work-related task, you want to continue what you started. Lots of people get so into what they’re doing that they don’t see or think of anything else, and when an unwelcome ad comes through, it breaks the concentration. Some will say this is a man’s perspective. But even some women I talk to agree; even though they always say they are multitasking and (cough, cough) never lose focus.

When it comes to security, ads are becoming more and more a vehicle for malware. Ad-injecting malware is really a threat nowadays. Once on your device – computer or mobile – the malware will drop new ads into any (or most) sites you visit, sending ad revenue back to remote cybercriminals. For example, malicious porn ads use this type of redirection and clicking techniques.

Research conducted by Google from June to October of 2014 concluded that deceptive ad injection is a significant problem on the web today.  They identified tens of millions of instances of ad injection and detected 5.3 million different IP addresses infected with adware, 5% of the total testing group. The research also found that Superfish, one of the notorious businesses that have ad injection libraries,  was alive and well, not only pre-installed on Lenovo laptops, but breaking SSL protections for any other computer running it in background.

Ways to control unwanted ads in your browser

Read more…

September 9th, 2015

DeepScreen technology protects your business data before it’s at risk

Eliminate the risk of your sensitive business data being hacked.

Avast for Business protects your business data

Avast for Business protects your business data

Most of the truly dangerous malware is designed to harvest valuable business information – especially financial data. So hackers design malware to look like an innocent video, application, or website cookie. Sometimes malware can even be disguised as a exit button on an infected website. Basically, hackers use all kinds of tricks to get unsuspecting people to click, download, or run their malware.

The problem is that malware often ends up on a company computer or network completely by mistake. The file might look like a useful business graphic or tool, but when opened, it unleashes malicious code that takes over the computer and even the network.

So how do you stop this when you have 10, 20, 30, or more PCs, Macs, and servers under your care?

Read more…

Categories: SMB/Business Tags:

September 9th, 2015

What does the Avast Sandbox do?

The Sandbox is like a hamster ball. It keeps potential troublemakers isolated.

The Sandbox is like a hamster ball. It keeps potential troublemakers isolated.

The Avast Sandbox lets you run a questionable program without risking your computer.

The Avast Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. This is particularly useful if you don’t completely trust whatever you just downloaded or you visit dodgy websites because programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files.

Here’s how it works: By default, if an application is started and Avast detects anything suspicious, it will automatically run the application in the Sandbox.  The advantage of running an application in the Sandbox is that it allows you to check suspicious applications while remaining completely protected against any malicious actions that an infected application might try to perform.

The browser or other application will then open in a special window, indicating that it is being run inside the Sandbox. When the Sandbox is closed, it will be restored to its original state and any downloaded files or changed browser settings will be automatically deleted.

Avast Sandbox

The sandbox window in Avast Premier.

The Avast Sandbox is part of Avast Premier 2015, Avast Internet Security 2015 and Avast Pro Antivirus 2015.


Follow Avast on FacebookTwitterYouTube, and Google+ where we keep you updated on cybersecurity news every day.

September 8th, 2015

No, Tiffany is not giving away diamond rings on Facebook

Diamond rings and an Audi R8 can be mine just for the simple actions of liking and sharing on Facebook. NOT!

In the past week, three fake giveaways have come across my Facebook newsfeed – two of them today! These were shared by otherwise intelligent friends, so that makes me think all kinds of other people are falling for the scam. I’m sharing these with you, so you’ll know what to look out for.

Each scam promises that you could win a valuable prize just by liking and sharing the post. This one is for an Audi R8 V8, and every time I’ve seen it, it’s originates from a different page. The instructions are always the same – for a chance to win, you must like the page, request your desired color in the comments, and share the post with your friends.

Audi R8 Facebook like-farming scam


This type of social engineering scam is called like-farming. It is designed to gather many page likes and shares in a short amount of time, and since Facebook’s algorithms give a high weight to those posts that are popular, they have a high probability of showing up in people’s newsfeeds. Scammers go to all this trouble for two purposes: The pages can later be repurposed for survey scams and other types of trickery that can be served to a large audience. And pages with large numbers of fans can be sold on the black market to other scammers with creative ideas.

Read more…

Comments off

September 7th, 2015

Taking a closer look at cracked Ashley Madison passwords

Photo via The Times UK

Photo via The Times UK

People create terrible passwords. As simple as this might sound it unfortunately remains news to millions — if not billions — of individuals who use the Internet. As proof, we’ll take a look at a selection of passwords that were revealed in the Ashley Madison leak.

Regardless of any shortcomings Ashley Madison had in terms of securing their perimeter against breaches, one thing that they did right (to the surprise of many security researchers and disappointment of many black hats) was encrypting their users’ passwords.

The leak contained a database of around 36 million usernames, with bcrypt-hashed passwords. There is no known way to crack all of these passwords before the heat death of the universe, especially assuming that some are truly random, but we can crack the worst ones.

Conveniently, the web is full of known-password lists that anyone can just download. The two we chose for this crack, which are widely available, are the so-called 500 worst passwords of all time (compiled in 2008) and the 14-million-strong password list from the rockyou hack.

Cracking the bcrypt

It should be noted that we did not use the full list of 36 million password hashes from the Ashley Madison leak; we only used the first million. So, that may skew the results towards passwords created near the beginning of the site’s existence, rather than the end. Also, since the system used contains a 6-core CPU and two GTX 970 GPUs, we set the CPU to test the 500 worst list, and the GPUs to test the rockyou list. Because we’re SMRT, we used the same million for both the CPU and GPU cracks, which therefore produced redundant results in our output files. This has the side-effect of being less efficient overall, but allows us to make an apples-to-oranges comparison of the effectiveness of the two password lists, as well as the CPU vs GPU cracking speed.

Before we get into the results, let’s take a quick diversion to explain why this hack was so difficult and only revealed a small number of passwords.

Read more…

September 3rd, 2015

Mr. Robot Review: zer0-day.avi

via: USA Networks

The season finale of Mr. Robot left me asking myself many questions. The big question that most of the characters in the show asked themselves as well was: Where is Tyrell?

What exactly happened while Elliot was in Tyrell’s car? Did Tyrell execute the plan to bring down E Corp or did Elliot? Why is Angela now working for E Corp? Who really put that video of Elliot falling from the boardwalk on the James Bond-like sunglasses USB stick? Did Angela really have to go shopping for designer shoes after James Plouffe’s suicide? Does she not own more than one pair of high heels? Who is knocking on Elliot’s door at the end of the episode?

I admit, I initially stopped watching as the credits came, but then I read online that that was a big mistake. There is a scene that comes after the credits, which, of course, left me asking myself two more questions: Why is White Rose meeting with the CEO of E Corp? Does E Corp really know that Elliot is behind the take down?

However, one very important question that I have been asking myself for the last 15 years was finally answered in this episode. FSociety let the dogs out.

In addition to the numerous plot questions, I had two technical questions after watching the episode. I sat down with senior malware analyst, Jaromir Horejsi, who kindly answered my questions for me.

Read more…

Categories: General Tags:

September 3rd, 2015

Tiny Banker hidden in modified WinObj tool from Sysinternals

The Tiny Banker Trojan is spread by email attachments.

Tiny Banker aka Tinba Trojan made a name for itself targeting banking customers worldwide. The Avast Virus Lab first analyzed the malware found in the Czech Republic reported in this blog post, Tinybanker Trojan targets banking customers. It didn’t take long for the malware to spread globally attacking customers from various banking behemoths such as Bank of America, Wells Fargo, and RBC Royal Bank, which we wrote about in Tiny Banker Trojan targets customers of major banks worldwide.

This time we will write about a campaign targeting customers of Polish financial institutions.  The Trojan is spread by email attachments pretending to be pictures. The examples of email headers are shown in the following image.


In fact, there are executable files in the zip attachments - IMG-0084(JPEG).JPEG.exe, fotka 1.jpeg.exe. The interesting thing is that the binary looks almost like regular WinObj tool from Systernals, however there are differences: The original version of WinObj has a valid digital signature. The malware doesn’t have any.

Read more…

September 2nd, 2015

Apple jailbroken phones hit with malware

Chinese jailbroken iPhone users targeted

Chinese jailbroken iPhone users targeted

“Biggest iPhone hack ever” attacks jailbroken phones

In what has been called the biggest iPhone hack ever, 250,000 Apple accounts were hijacked. That’s the bad news.

The good news is that most Apple device users are safe. Why? Because the malware dubbed KeyRaider by researchers at Palo Alto Networks, only infects “jailbroken” iOS devices. (there’s that bad news again)

When you jailbreak a device like an iPhone or iPad, it unlocks the device so you can do more with it like customize the look and ringtones, install apps the Apple normally would not allow, and even switch carriers!

The KeyRaider malware entered the jailbroken iPhones and iPads via Cydia, a compatible but unauthorized app store, which allows people to download apps that  didn’t meet Apple’s content guidelines onto their devices. The malware intercepts iTunes traffic on the device to steal data like Apple passwords, usernames, and device GUID (“Globally Unique Identifier” which is your ID number similar to your car’s VIN). Users reported that hackers used their stolen Apple accounts to download applications from the official App Store and make in-app purchases without paying. At least one incident of ransomware was reported.

Chinese iPhone users with jailbroken phones where the primary attack target, but researchers also found incidents in 17 other countries including the United States, France, and Russia.

Read more…