[AUDIO VERSION: This is an audio version of this blog post. Click below to listen.]
During the Christmas holidays, my mother received this email from a well-meaning friend. Since her daughter works for the most trusted security company in the world, she immediately asked me about the authenticity of the message.
Here’s the email:
Subject: VIRUS COMING !
PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!
You should be alert during the next few days. Do not open any message
with an attachment entitled POSTCARD FROM HALLMARK , regardless of who sent it to you.
It is a virus which opens A POSTCARD IMAGE, which ‘burns’ the whole
hard disc C of your computer.
This virus will be received from someone who has your e -mail address
in his/her contact list.
This is the reason you need to send this e -mail to all your contacts.
It is better to receive this message 25 times than to receive the virus
and open it.
If you receive an email entitled “POSTCARD,” even though it was sent to
you by a friend, do not open it! Shut down your computer immediately.
This is the worst virus announced by CNN.
It has been classified by Microsoft as the most destructive virus ever.
This virus was discovered by McAfee yesterday, and there is no repair
yet for this kind of Virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the
vital information is kept.
COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS.
REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US
This particular email has been around for years, and you have probably seen one of its incarnations. Although there are real incidents of malware being distributed via e-cards, this is a bogus, unsubstantiated hoax.
The language is quite strong – phrases like the worst virus and the most destructive virus ever are sure to get the attention of security-minded people. The problem is that the email fails to provide any authentic details to learn more about the threat, just vague announcements and classifications.
“The email doesn’t actually mention a specific virus,” said Jan Zika, an Avast Virus Lab analyst. “Sure some viruses use the “Postcard” social engineering method to trick users to click the link, but this email has been circulating for a couple of years now, and it never says which virus it is.”
The email does say what the virus can do, This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept, and it burns the whole hard disc C of your computer. Pretty scary stuff!
“No, it cannot burn anything, and no, it is not most destructive virus ever,” said Zika. His advice? “It’s best to avoid such messages unless you can confirm that the threat is real.”
Protect yourself against email hoaxes
- Keep you antivirus protection up-to-date and scan regularly for viruses and malware. Both Avast Internet Security and Avast Premier include anti-spam filters to keep your inbox free of this kind of nonsense.
- Use caution when opening attachments or downloading files. Double check that it’s from a sender you know and trust.
- Before clicking on any links or attachments, try to verify that the email came from a legitimate source. If you can’t, then don’t click.
Does the title of this blog post have a mysterious meaning? Not exactly.
In this first part about the gray-zone of Android malware detections, I will introduce the Android:SecApk, a detection regarding the protection that the App Shield (Bangcle) offers to Android applications (.apk). This detection has a big sample set that is still growing. Some SecApk wrapped samples that existed or still exist in the Google Play Store and third party stores, can be seen in the table below.
Name \ Info
\ PUP – An application to promote a specific movie. Potentially unwanted because of the extended permissions that was requested.
Current Status: Removed from Google Play
\PUP – A game that have potentially unwanted permissions that they can drive to loss of private personal info.
\PUP – A screensaver application that has permissions unrelated with the purpose of the app.
\Pup – This application is a tennis game. Potentially unwanted because of the extended permissions that was requested.
\Malware – This app steal personal data and SMS messages from the user.
The App Shield is an online service that, after a submission of an .apk, encrypts it and adds some layers of protection. The procedure of the encryption and protection of the apk will be discussed with more detail during the course of the second part of this blog post.
Starting with the submission process, a clean app named AvstTest.apk uploaded to the service. The exported .apk was renamed as AvstTest[SecApk].apk. In addition, apktool and dex2jar used accordingly to decode the .apk resources and convert the ‘.dex’ files to ‘.jar’.
Love is in the air! People are going out to buy boxes of chocolates and flowers for their loved ones, preparing for romantic dinners, and some are hoping that a secret admirer will confess their love. Some seek help from the Internet to make Valentine’s Day as romantic as possible and since many people check their emails first thing in the morning, spammers and other cybercriminals see this as the perfect opportunity to attack.
The ILOVEYOU virus from 2000 did just that, although it was sent on May 5th, not on Valentine’s Day. The virus, a computer worm also referred to as “Love Letter,” originated from the Philippines and was sent via email with the subject line “ILOVEYOU.” The virus went viral when users opened the “LOVE-LETTER-FOR-YOU.txt.vbs” attachment included in the email. The opening of the attachment activated the viral basic script, damaging the user’s computer, overwriting image files, and sending copies of itself to addresses in the user’s Microsoft Outlook address book. The virus reached the U.S. on Friday morning, just as people were checking their emails. Since it was sent from someone they knew, and we didn’t have the collective experience of viral spam yet, people trusted the email and opened the attachment. Perhaps they were excited to receive a love letter?
A dangerous Trojan named ZeuS is making its way among Facebook users. This old Trojan horse has infected millions of computers over the years, stealing banking credentials and other personally identifiable information. Zeus can lie dormant on infected computers until the unsuspecting victim logs into their bank’s website. Once you’re logged in, cybercrooks can steal your log in credentials and empty your account without your knowledge.
The virus is spread through phishing messages either from a funny or shocking video from a friend posted on their page or in a message to you, or through an ad for videos or products. If you click the link to watch the video, a notification will say that you need to update the player. When you click update, you are actually downloading the Trojan. Clicking the Play button automatically gives your “Like” to the virus page, and it’s through this action that the link will spread to all of your friends.
All avast! Antivirus products detect and block Zeus if a user tries to install or run the .exe file, but the best way to protect yourself is to avoid it! avast! SafeZone is recommended for safe banking, financial transactions, and shopping online. It gives you a private, secure, and isolated desktop which keeps you safe from keyloggers like the ZeuS Trojan. avast! SafeZone is available in avast! Pro, avast! Internet Security, and avast! Premier.
Please share this with your family and friends.
Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun, and contest information, please follow us on Facebook, Twitter, Google+ and Instagram.
It has been two or three months since I last blogged about Android malware. But that definitely doesn’t mean there aren’t any new threats. There are plenty! Here are two quick comparisons from the last two years: Growth of the malware problem of the platform in January 2012 compared with January 2013 is far from the ‘normal’ growth of other platforms. According to our statistics, it’s something around +850 percent! Add another year for an even more insane comparison – the growth from January 2011 to January 2013 gives us +3150 percent! The Android platform is definitely one of the most targeted malware platforms these days. But no worries, users of Avast! Free Mobile Security are safe. Read more…
What a weird positive we’ve just spotted on CNET’s Download.com…
Android is one of the fastest growing platforms in the world. In the second quarter of this year there were more than 300 million active Android devices. The increase is almost 900,000 of new devices per day and still rising. These days Android occupies more than 60% of the mobile devices market! By the way there is around 300,000 newborn children a day all around the world, and this number constantly decreases.
Hand in hand with this trend goes the rise of applications and viruses for this platform. In the past week we noticed one of them that was especially tricky. At first look, it’s trying to act like a regular Google Play application, but that’s just an illusion. It is a fake application which not only downloads other fraudulent application, but it is also able to send premium text messages without user’s knowledge
After the installation it replaces the original Google Play from the menu and just waits for a first start from the user.
Immediately after the first start you are asked to update the program and there your troubles continue “Critical update, install new version, click the continue”.
After this step follows another nasty download from this link shows up:
After the installation of second aplication, your phone turns into a money sucking machine. Without your knowledge it starts sending premium messages on paid numbers. Luckily we caught this threat and Avast! detects both samples as Android:OpFake-BV.
This file is easily accessible from more than thirty malware pages, which are made to resemble various markets and download pages! But no worries Avast! users are protected even if you accidentally visit these pages.
With avast! Antivirus 7, you get each virus signature sent to you in real-time via a connection to the AVAST Virus Lab cloud, rather than needing to wait for a traditional database update. Your database will be continuously updated with the latest definitions.
To ensure this works efficiently, the auto update should be turned ON so that your virus definitions are updated automatically whenever you are connected to the internet. When you open the program’s main window, it will tell you the current security status of your computer. By clicking on “Show details” you can see the current status of the virus definitions.
If you have reason to believe that your virus definitions have not updated, you can access various features of the program by clicking on the orange avast! icon located in your computer’s system tray instead of going through the main user interface. When you right click on the avast! icon, a short menu will appear. Click Update > Engine and virus definitions to see if your virus definitions are up-to-date.
Tell your friends on Facebook about how great avast! Antivirus protection is by clicking here. You could win an iPod Touch!
The Duqu malware has raised the specter of Stuxnet II, with some in the security community claiming that this new Trojan is a reverse-engineered copy of Stuxnet – the infamous malware that may have sold more newspapers than it damaged nuclear centrifuges. Unlike Stuxnet, Duqu is designed to steal data from the targeted organization, not just destroy equipment. First noticed this summer, Duqu self-destructed after 30 days, than vanished again into cyberspace.