Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

Archive

Posts Tagged ‘malware’
February 25th, 2013

Malware Attacks

Make sure you friend Avast on Facebook so you won’t miss our original comic strip, MALWARE ATTACKS!!. Here’s a quick catch-up in case you missed the first installment -

We meet unfortunate aliens fleeing their embattled home world in search of help against the evil Malware Empire. The fate of their planet rests on their success.

Malware Attacks!! part 1

Illustrated by Daniel Coca López

 

Alien visitors come to Earth seeking help from Avast against the evil Malware Empire.

Malware Attacks!! part 2

 

 

The desperate aliens visit Avast headquarters to ask for help to defeat the evil Malware Empire. Just like 177 million Earthlings who use Avast to protect themselves, the aliens find what they are looking for.

Malware Attacks!! part 3

 

Armed with avast! Free Antivirus 8, the aliens race back to their home planet. Victory against the evil Malware Empire is assured.

Page_4 Final

 

Thanks to avast! Free Antivirus 8, the galaxy is once again protected against Malware. Our heroes are awarded with the medal for bravery, and avast! 8 takes its place of honor in history.

Page_5 Final

 

Protect your world with avast! 8. From avast! Free Antivirus to our newest top-tier suite, Avast Premier 8, it can all be found on http://www.avast.com

Comments off
February 14th, 2013

Malware: Dollar Equals Tilde Square Brackets

Recently we encountered a very suspicious piece of code on some Joomla-powered webpages. The code looks as if garbled and without any special meaning, and starts like this:

original

Upon closer observation, several strange things are to be noted. First, there are no alphanumerical symbols to be seen in any part of the code. Second, on the line before this code starts, there is actually an HTML tag indicating a start of Javascript code (<script>), preceded by 37 tabs. Therefore, when opening an infected file in a text editor, one cannot normally see the starting tag, because it is shifted all the way to the right. To be able to see it, you either have to horizontal scroll, or have word wrap on. The same trick is performed with the script closing tag as well. Why would anyone try to hide these tags? The answer is simple, to trick people into thinking this is not actually a Javascript code.

Read more…

Comments off
January 11th, 2013

Another Java exploit; disable immediately

A serious new vulnerability notice about Java exploits has been issued by the Department of Homeland Security’s Cybersecurity Division. Java 7 Update 10 and earlier contain a vulnerability that can allow a remote attacker to execute malware on vulnerable systems.

A French researcher called Kafeine discovered that a number of websites using the exploit are able to download files directly to the victim’s computer, and execute actions such as installing ransomware. “Hundreds of thousands of hits daily where i found it,” he wrote on his blog. “This could be a mayhem.”

Disable Java in web browsers

Some webpages may include content or apps that use the Java plug-in. There is no fix for this yet, so it is recommended that you protect yourself by disabling Java in your particular browser. Please see our previous blog How do I disable Java in my browser for instructions.

For a higher level of security, it is possible to entirely prevent any Java apps from running in a browser by de-selecting Enable Java content in the browser in the Java Control Panel under the Security tab. Disabling Java through the Java Control Panel will disable Java in all browsers.

Categories: General Tags: , , ,
December 13th, 2012

Is Google Protecting Me After All?

The latest version of Android 4.2, code-named “Jelly Bean” has been released some time ago. While being just an incremental update to the major 4.0 release “Ice Cream Sandwich”, Google introduced some major new features within that update. While offering multi-user support and improved notifications, a new feature which is being promoted heavily, is the built-in app scanner which should protect Android devices from being infected by malware.

The client side app scanner of Android 4.2 is the next step in Google’s attempts to protect their Android ecosystem from malware threats, after introducing Bouncer, a server-side malware scanner used by Google to analyze apps that are being uploaded to Google Play Store. Bouncer was announced in February 2012 and is Google’s approach to prevent malware from being uploaded to the Google Play store as a first line of defense.

Now, some authors claim that third party mobile security tools are most likely not needed anymore, because Google now already pre-checks all mobile apps. I’ve been closely monitoring all those changes and improvements because I wanted to make my own mind on how successful these attempts by Google would be and to find out how our Android antivirus scanner delivered within our free avast! Mobile Security suite (http://www.avast.com/free-mobile-security) would stack up to what the operating system vendor itself would be able to provide.

Since months before the release of avast! Mobile Security in December 2011, our virus lab was working on setting up the initial state of our Android malware database. The database contains signatures of all the malicious files our virus lab guys find over time and is being extended day-by-day to contain definitions of the newest threats in real-time. Currently, tens of millions of Android devices owned by our users download those definitions every day to their avast! client side scanners. So I just went to our virus lab and asked the guys there to provide me with some statistics on the growth of our Android malware database.

As I already stated, Bouncer was thought to be the first line of defense, and tries to protect the main source of app downloads from malicious offerings. Could it be that as a result of introducing Bouncer, our malware database stopped growing or started to decline in size when Bouncer was introduced? Has Google been successful? See for yourself:

Android Malware Database History (Source: AVAST)

Android Malware Database History (Click to enlarge)

Obviously, since February 2012, our Android malware growth has not started to decline; it has not even stalled its growth, but has been continuously growing since that point in time. Read more…

December 13th, 2012

My phone is infected! What can I do?

Lots of smartphone users are still unaware of the actual risks arising from the use of smartphones based on operating systems, and they have a tendency to underestimate their security risks. Be honest, how many of you check if an application you install on your phone comes from a trusted source? Do you check which permissions the applications has? How many of you install applications that have “cool icons” and don’t check anything else?

I’ve asked a few people these questions, and was totally surprised by their answers! Even IT geeks don’t read permissions of applications and they just click and install whatever they find.  What’s WORSE is that most of them think  they are secured without any security application.

Do you remember my last article? We identified something very similar,  also coming from blog and upload services such as 4shared. It’s really strange how many hijacked and infected applications are offered through those services.

One month ago, I pointed out a really nasty malware that pretends to be a Google Play app. I looked into what the creators of that malware have been doing for the last month. They definitely haven’t been lazy.

For the last two weeks, we saw more mutations of similar malware, with similar behavior. It sends numerous paid SMS messages to premium numbers without the user being aware of it. They try to pretend it is some kind of wanted application, but you obviously don’t want that.

This malware hide themselves under legitimate-sounding names like Flash Player, Talking Tom Cat, Kaspersky Lite, etc. But  many of the apps have something in common: The package name is the same in hundreds of them. But don’t worry, all of them are detected.

 

 

My phone is infected! What can I do?

This leads me to the most important point of this blog post. For those who still believe they are fine without antivirus protection on their smartphone, there are a few steps to follow when you realize your phone is acting strangely.

1)  Switch off GSM module or take out your SIM card immediately. (This should disconnect your phone from the mobile network and prevent losing your money.)

2)  Restore your phone back to factory setup. (Malware should be removed, as well as all your data.)

3)  Put your SIM card back, and you can use your phone again.

4)  Install Avast! Free Mobile Security

Is there a safer and easier way to protect my smartphone?

Luckily, yes. Malware that we meet comes mostly from untrusted sources. People often put the name of a wanted application in their browser and just click on the first URL that comes up. That practice is, of course, really dangerous. The viruses mentioned above come from file sharing servers such as 4shared.com, filestube.com, rapidshare.com, fake blogs, or from fake Android stores. Those file sharing servers are suspicious sources and one should not download applications from there. Even on Google Play you can find a dangerous application once in a while, so you should be cautious even when you look for applications there!

Here’s a quick example. When you search for popular games, for example, “Asphalt 6 adrenaline скачать бесплатно” (free download in Russian language) in one of the top pages on Google you will find a pretty nasty blog full of repacked games but with a small gift in the form of a malware.

My recommendation is to use an antivirus program on your phone – for example, avast! Free Mobile Security – and download applications from less dangerous sources – for example, Google Play, Amazon.com, etc.

 

 

 

 

 

 

 

 

 

SHA:
1DFB53F90FF6242ACBFC103A499AD59078B54211196A17059741ADA9B5FE231A
302DC1E1F0B625D93C5C6D744A854D6338272F9DF2C3E46530618F59021A7E4F
317D8383F0731205B79563E0902FBA45BEF74A3A1F8FCA51F2B9CC4D61722FF3
41160B9BB3EC3AC9508A71EB205E7AA2FF88F98C63F6C4BE8E58D271506D451C
4322C15E07A4C01AA9600B8232235C1B5562BB3D2E90A0C6B31D1A4C86EEC70C
47A4EC7F58FF0EF6B09E8F10A0FFC561AC9D8FB215ACA617ED8F99EA75E9495D

Comments off
November 16th, 2012

What is the avast! AutoSandbox and how does it work?

Question of the week:  A new program I downloaded was put into the Sandbox by avast!. What is a Sandbox and how does it work?

The avast! Sandbox is a special security feature which allows you to run potentially suspicious applications automatically in a completely isolated environment. Programs running within the sandbox have limited access to your files and system, so there is no risk to your computer or any of your other files. This feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab.

Here’s how it works: By default, if an application is started and avast! detects anything suspicious, it will automatically run the application in the Sandbox.  The advantage of running an application in the Sandbox is that it allows you to check suspicious applications while remaining completely protected against any malicious actions that an infected application might try to perform.

The browser or other application will then open in a special window with a red border, indicating that it is being run inside the Sandbox. When the Sandbox is closed, it will be restored to its original state and any downloaded files or changed browser settings will be automatically deleted.

You can change the AutoSandbox settings, so that avast! will ask you first before putting an application in the Sandbox. In the settings, the AutoSandbox can also be disabled completely, or you can specify  any files or applications that should be excluded and never run automatically in the Sandbox. In the “Browser Protection” tab, you can further specify that your browsers should always be run in the Sandbox to ensure you are protected while surfing the web.

To learn more about the AutoSandbox, please read our previous blog, AutoSandbox – why are you annoying me?

You can ask questions, make comments, learn about security issues, or just say hello on our avast! Antivirus page on Facebook. Over 2 million people have “liked” us. Will you please Like avast! today?

Categories: General Tags: , ,
October 18th, 2012

avast! only Free Antivirus to receive “ADVANCED+” award for Performance and Detection

Avast! Free Antivirus won the top rating for malware removal from independent research organization AV-Comparatives last month, and this month is the only antivirus solution that also received the ADVANCED+ award for performance. The latest performance test measured the impact on system resources and speed of 19 antivirus products, and avast! Free Antivirus was the best scoring FREE product again.

AV-Comparatives performance testing is a series of real-world scenarios that includes downloading, extracting, copying, and encoding files, installing and launching applications, in addition to an automated testing suite. The ranking system is three-levels: “Standard,” “Advanced” and “Advanced+” awards. To receive the “Advanced+” award, avast! Free Antivirus was compared to mostly paid-for antivirus suites based on how much impact the product has on system resources, including protection against ‘real-world’ zero-day malware attacks, detection of a representative set of malware discovered in the last 2-3 months, false positive rates, and scanning speed. Avast was the highest scoring free product and out-shined a host of paid-for products and other free products.

These results are proof that it is not necessary to pay for excellent quality antivirus protection.  Avast! Free Antivirus provides award-winning high protection rates against malware without degrading the system performance or troubling users.

Get award-winning antivirus protection on your own PC, download avast! Free Antivirus. We also have award-winning protection for Mac and your Android devices.

October 16th, 2012

Facebook connects with AVAST to protect users

AVAST Software has teamed up with Facebook to help you and your friends stay safe. AVAST is sharing its Virus Lab data with Facebook in the combined attempt to prevent malware being shared unknowingly by Facebook users. Whenever someone clicks a link within Facebook, Facebook checks the URL in the AVAST cloud, in real time. If the URL is infected, the user sees a message warning of the potential threat.

Nearly half of the world’s Internet users log onto Facebook each month to share interesting things, play games, check in to shops and restaurants, tag photos, and most of all, connect with their friends. Facebook’s networks of more than a billion people make it attractive to cybercrooks who try to gain access to our accounts and passwords. Once in, crooks use our connections to spread hoax messages or malicious apps to our friends, attempting to trick them into sending money or sharing personal information. Who among us hasn’t been curious about celebrity death rumors, tempted by free gift cards, or concerned because our friend was mugged and stranded in a foreign country?

“We’ve seen that the most prominent way of spreading malware now is through links to infected websites, rather than the traditional method of emailing infected files,” said AVAST Software CEO Vince Steckler. “Our Virus Lab has tracked about 2 million infected websites just in the last 12 months and the best way to stop these infections is to prevent links to them being shared.”

Over 160 million people use avast! for their PCs, Macs and Android devices, and they work together in a vast network of anonymous security sensors called CommunityIQ. These sensors provide information about possible suspicious files which allow new threats to be detected and neutralized almost as soon as they appear.

“Nothing is more important to us than the safety of our users and their data. Beginning today, Facebook will be able to leverage Avast’s feed of malicious URLs to augment our existing site integrity systems and those in our community will be able to download Avast’s software to better protect themselves and their devices. We look forward to working with Avast to provide an even more secure experience for those who use our service,” said Joe Sullivan, CSO of Facebook.

Categories: General Tags: , , ,
October 11th, 2012

Avast Virus Lab analysis of Dorkbot with Skype hijacker

Earlier this week, a new variant of the Dorkbot/Ruskill malware attacked users of the Skype video calling service. This malware can affect a huge amount of sites and online services and can attack almost all known web browsers such as Internet Explorer, Firefox, Chrome, Opera, Flock and other programs such as MSN, wlcomm.exe etc.

The avast! VirusLab analyzed this malware, which you can read about in articles published on the web, but none analyzed the new module that can hijack Skype messenger which is now the bigger threat to users. This module has a packed form around 70KB. After the removal of the custom packer / loader the pure size is 16 384b. The module is very small but includes 31 known language versions of phishing messages that appear in the Skype messenger window. This localization is based on OS language via GetLocaleInfo API. After bypass return value you can see different language mutations.

Phishing messages in various languages

Sample of phishing messages in various languages:

  • lol is this your new profile pic?
  • hey é essa sua foto de perfil? rsrsrsrsrsrsrs
  • hej je to vasa nova slika profila?
  • hey c’est votre nouvelle photo de profil?
  • ?hey esta es tu nueva foto de perfil?
  • hey ini foto profil?
  • hei er dette din nye profil bilde?
  • hej to jest twój nowy obraz profil?
  • hey ito sa iyong larawan sa profile?
  • ?aquesta és la teva nova foto de perfil?
  • hej detta är din nya profilbild?
  • hej jeli ovo vasa nova profil skila?
  • hey la anh tieucua ban?
  • sa k’vo profili lusankary
  • hey e la tua immagine del profilo nuovo? Read more…
Categories: analyses, Virus Lab Tags: , , ,
October 10th, 2012

How do I avoid becoming a victim of cybercrime?

Question of the Week: I hear so much on the news about identify theft, scams and fake emails. How does a regular person with limited computer skills protect themselves?

Cybercriminals use a variety of tactics which can cause major inconvenience and hassle in your life – identity theft, financial fraud, stalking, bullying, hacking, email spoofing, information piracy and forgery, intellectual property crime, and more.

Many cybercrimes start with malware—short for “malicious software.” Malware is considered an annoying or hostile type of software intended for secretly accessing a computer without your knowledge or consent. It includes Trojans, worms, viruses, spyware, most rootkits, and other such unwanted intruders. Malware can be used to monitor your online activity, cause your device to crash damaging hardware, software or data in the process, and it can spread through networks of machines to infect others.

Where does malware come from?
Malware is most commonly delivered through the internet and by email messages. There are so many varieties that it can also come in through hacked webpages, game demos, music files, toolbars, software, free subscriptions, and other things you download from the web. Read more…