Earlier this week, security researchers unveiled a vulnerability that is believed to be the worst Android vulnerability yet discovered. The “Stagefright” bug exposes nearly 1 billion Android devices to malware. The vulnerability was found in “Stagefright”, an Android media library. Hackers can gain access to a device by exploiting the vulnerability and can then access contacts and other data, including photos and videos, and can access the device’s microphone and camera, and thus spy on you by recording sound and taking photos.
All devices running Android versions Froyo 2.2 to Lollipop 5.1.1 are affected, which are used by approximately 95% of all Android devices.
The scary part is that hackers only need your phone number to infect you. The malware is delivered via a multimedia message sent to any messenger app that can process MPEG4 video format – like an Android device’s native messaging app, Google Hangouts and WhatsApp. As these Android messaging apps auto-retrieve videos or audio content, the malicious code is executed without the user even doing anything – the vulnerability does not require the victim to open the message or to click on a link. This is unique, as mobile malware usually requires some action to be taken to infect the device. The malware could also be spread via link, which could be sent via email or shared on social networks, for example. This would, however, require user interaction, as the video would not load without the user opening a link. This exploit is extremely dangerous, because if abused via MMS, victims are not required to take any action and there are neither apparent nor visible effects. The attacker can execute the code and remove any signs that the device has been compromised, before victims are even aware that their device has been compromised.
A cybercriminal’s and dictator’s dream
Last Friday, Adobe confirmed two new “critical” zero-day flaws in the Adobe Flash Player browser plugin 18.104.22.168 – and earlier versions – for Windows, Mac OS X, and Linux. Today, a third flaw was found. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages.
We recommend disabling Flash until the bugs are fixed.
Security experts say the two flaws were found in stolen files that were dumped earlier this month from Hacking Team, an Italian security firm that sells communication interception and surveillance software to governments around the world. The third one came from the same documents.
“Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in their blog. “Depending on the privileges associated with the user account targeted, an attacker could install programs on the system, alter or delete data, create new accounts with similar user rights, or cause a denial-of-service.”
The nightmare is back! Your security could be seriously compromised if you do not act now. Install and update your Avast for PC before is too late. The original version of CryptoWall was discovered in November 2013, but a new and improved variant of the CryptoWall ransomware starts to infect computers all over the world last days. It’s the CryptoWall 3.0. Some sources estimate that it has already infected over 700,000 computers up to version 2.0.
CryptoWall is a malware that encrypts certain files in your computer (and secure delete the original ones) and, once activated, demands a fine around $500 as a ransom to provide the decryption key. You’re asked to pay in digital Bitcoins in about 170 hours (almost a full week). After that period, the fee is raised to $1000.
You could be asking why haven’t the authorities blocked the financial funding of them? They use unique wallet ID for each victim into their own TOR anonymity servers. For the user to be able to pay the ransom, he needs to use a TOR-like connection called Web-to-TOR. Each TOR gateway redirects the victim to the same web page with the payment instructions. The commands and communication control is now done using Invisible Internet Project (I2P) instead of Tor.
Infection could reach you in various ways. The most common is as a phishing attack, but it also comes in email attachments and PDF files. The malware kit also abuses various vulnerabilities in unpatched – read non up-to-date – Flash, Java, browsers and other applications to drop the CryptoWall ransomware.
How Avast prevents the infection
1. Avast Antispam and antiphishing protection prevents some vectors distribution.
2. Virus signature block all known ransomwares versions. Remember that Avast automatic streaming updates releases hundreds of daily updates for virus definitions.
3. Community IQ intelligence and sensors of our more than 220 million users that detects malware behavior all over the world. See how it works in this YouTube video.
4. Keeping your software updated is another security measure that prevents the exploit of their vulnerabilities. Learn how Avast Software Updater can help you with this job.
What more can I do?
Avast also helps in prevention of this disaster through its Avast Backup that allows you to keep all your important files in a secure and encrypted way. We also recommend local backup, as the new malware could also attack other drives and even cloud storage. Did you know that Avast Backup also performs local copies of the files? You can enable it at Settings > Options > Local backup, and configure the backup location (better an external drive) and also versioning of the files. Remember to disconnect the external drive from the computer (and the network) to prevent infection of the backups by CryptoWall and further encryption of the files.
A flaw in Microsoft’s Internet Explorer (IE) 6, 7 and 8 could allow hackers to take control of a Windows-based computer if the user browses to a malicious website. Security Advisory 2794220 was issued over the weekend and soon after a team blog reported that, “We are only aware of a very small number of targeted attacks at this time. This issue allows remote code execution if users browse to a malicious website with an affected browser. This would typically occur by an attacker convincing someone to click a link in an email or instant message.”
Microsoft has made a temporary fix available for the zero-day vulnerability until it can deliver a formal patch.
Be particularly careful if you are using versions 6, 7 or 8 of the IE browser. Versions 9 and 10 are not affected by the vulnerability. Check which version of IE you’re running by opening IE, click the Help question mark icon on the right and choose About Internet Explorer. To upgrade an older version of IE, go to Start > Control Panel > Windows Update.
We recommend switching browsers for a more secure one like Google Chrome. In addition to being more secure than IE 8, it is also faster and supports HTML 5, giving you a better browsing experience. Download free Google Chrome here.
According to study by NSS Labs (here), avast! Internet Security and 3 other security products out of total 13 tested protect users against Microsoft vulnerability withing XML Core Services and against vulnerability in IE 8 (IE8 has approx. 15% share). Both exploits were patched by Microsoft in June and July respectively but users who failed to update are of course at risk. A good news for avast! Free Antivirus users… you have the same protection against those exploits as users of the paid-for avast! Internet Security suite.
PS: having everything up-to-date and patched is of course one of the golden stay-secure-rules.
This issue was discovered and researched by us; we have been in contact with Microsoft engineers for the past few months to fix this problem. The aim of this blog post is to explain the problem, the risks, and possible consequences of the fix.