Category Archives: Avast

Avast

Hackers claim Christmas day outage of Sony PlayStation and Microsoft’s Xbox networks

PSN offlineEarlier this month, as the Sony Entertainment breach was making headlines, Sony’s PlayStation Network (PSN) was knocked offline due to an alleged hacking attack. On Christmas morning, just as kids everywhere were unwrapping their new PlayStation and Xboxes, the PSN and Microsoft’s Xbox Live network were both disrupted leading to speculation that they were once again hacked. A group calling themselves Lizard Squad claiming responsibility for the attacks via Twitter.

As of now, PlayStation is still offline and PSN is directing users to their @AskPlayStation Twitter account for updates.

Xbox Live Status reports that its core services are running, but there is limited access to apps for IGN, Maxim, and MLG.tv.

Related article: Sony PlayStation Network down due to hacker attack

Avast revisits the biggest threats of 2014

2014 has been an active year for cybercrime. Let’s start with the most recent and then take a look at some of the other important security events of the year.

shutterstock_134221643

State-sponsored espionage

We are ending the year with the most publicized and destructive hack of a major global company by another country – now identified as North Korea. The Sony Entertainment attack, still being investigated by the FBI, resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was an attack on privacy due to the theft of a massive amount of personal records, but also essentially blackmail; aiming to silence something that the North Korean government didn’t like – namely the release of The Interview, a movie depicting an assassination attempt on Kim Jong-Un.

Most of the blame for state-sponsored cybercrime in 2014 has been with Russian or Chinese hackers. Whether private or state-sponsored, these hackers have attempted to access secret information from the United States government, military, or large American companies. Recently, Chinese hackers sponsored by the military were indicted for economic espionage by the U.S. Department of Justice.

Home-Depot-ApronLarge data breaches

Along with the Sony breach, other notable companies that suffered from cybercrime include Home Depot, eBay, Michaels, Staples, Sally Beauty Supply, and others. A significant number of these breaches were begun months or years ago, but were revealed or discovered in 2014.

Nearly 110 million records were stolen from Home Depot; the largest ever breach of a U.S retailer. The cyber-heist included 56 million payment card numbers and 53 million email addresses.

JPMorgan Chase’s data breach impacted nearly 80 million households in the U.S., as well as 7 million small- and medium-sized businesses. Cybercriminals were able to gain access after stealing an employee’s password, reminiscent of the Target breach from 2013. This breach is said to be one of the largest breaches of a financial institution. The FBI is still investigating.

Financial and data stealing malware

GameOver Zeus, called the most infamous malware ever created, infected millions of Internet users around the world and has stolen millions of dollars by retrieving online banking credentials from the infected systems.

Tinba Trojan banking malware uses a social engineering technique called spearfishing to target its victims. The spam campaign targeted Bank of America, ING Direct, and HSBC customers using scare tactics to get customers to download a Trojan which gathered personal information.

Chinese hackers were at it again, and again, targeting South Korean banking customers with banking malware using a VPN connection. The customers were sent to a look-alike webpage where they were unknowingly handing cybercrooks their banking passwords and login information.

Software vulnerabilities

Many of the breaches that occurred in 2014 were because of unpatched security holes in software that hackers took advantage of. The names we heard most often were Adobe Flash Player/Plugin, Apple Quicktime, Oracle Java Runtime, and Adobe Acrobat Reader.

Avast’s selection of security products have a feature called Software Updater which shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.

ShellshockNumerous new exploits

Flaws in software led to Shellshock and Heartbleed, two names that struck terror in IT administrator’s hearts.

Heartbleed takes advantage of a serious vulnerability in OpenSSL. It allows cybercrooks to steal encryption keys, usernames and passwords, financial data and other sensitive data they have no right to, and leaves no trace of the operation.

Shellshock ended up affecting more than half of the websites on the Internet. Hackers deployed malware on legitimate websites in order to retrieve confidential data from compromised computers.

Ransomware

Another name that made headlines was a group of malware dubbed ransomware, such as CryptoLocker, and its variants Cryptowall, Prison Locker, PowerLocker, and Zerolocker. The most widespread is Cryptolocker, which encrypts data on a computer and demands money from the victim in order to provide the decryption key.

Avast detects and protects its users from CryptoLocker and GameoverZeus.  Make sure you back up important files on a regular basis to avoid losing them to ransomware.

Ransomware made its way from desktop to Android during the year, and Avast created a Ransomware Removal app to eliminate Android ransomware and unlocks encrypted files for free.

Privacy attacks

Mac users were shocked, celebrities mortified, and fans titillated by news of the iCloud hack which lead to the online publication of numerous private photos of Hollywood famous celebrities. The serious cloud breach was launched using brute force methods on targeted iCloud accounts.

Social engineering

The art of deception is a highly successful method for cybercrooks. The weakest link in security is the end-user, and hackers take advantage of us all the time using social engineering schemes.

shutterstock_204144223 (2)Phishing

In a phishing or spearphishing attack, hackers use email messages to trick people into providing sensitive information, click on links, or download malware. One of the most famous instances was the Target breach, in which hackers got a network password from a third party vendor that worked for Target, to get into the network and compromise their point-of-sale machines in November 2013.

Social media scams

Social channels, like Facebook, offer a perfect environment for social engineers. They can create buzz, grab users’ interest with shocking content, and encourage people to share the scams themselves. Scams often come in the form of fake video links which lead to surveys and rogue webpages.

Exploit kits for sale

The Avast Virus Lab observed increased activity of malware distributed through exploit kits this year. These kits, often for sale on the deep web, allow cybercrooks to develop customized malware threats in order to attack specific targets. Zeus source code was used to develop Gameover, and the Zeus Gameover network was used to download and install Cryptolocker.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

South Korea hit with banking malware using VPN connection

South Korean banks have been attacked by hackers again!

This is not the first time we reported malware which targets Korean banking customers. In the past, we wrote about Chinese threats against Korean Windows users and last year we published a series of blogposts, Fake Korean bank applications for Android (part 1, part 2, part 3), about malware targeting mobile platforms.

The Korean banking malware is based on the same principle previously used. The customer executes the infected binary, which modifies Windows hosts file. This file contains a list of domains with assigned IP addresses.  Malware, however, may modify this file. When a customer wants to visit his online bank website, he is redirected to the IP address specified in the hosts file, not to the original bank website!

XP Debugging2

The piece of malware we will discuss in this blog post performs the above mentioned modification of system settings. However, when we looked into the modified hosts file, we noticed something unusual.

hosts

As you can see in the figure above (shortened screenshot of hosts file), the malware redirects many websites of South Korean banks to the IP address 10.0.0.7. If you try to enter this address into your web browser, you probably won’t get any response, because this is the private IP address. The other websites which belong to South Korean search engines, like Naver, are redirected to the publicly accessible IP address. When visiting any of these search engines on the infected machine, the following banner is displayed on the top of the regular website.

popThe image says:

Do you have a security software or program in your PC or Do you have a security card? Due to hacking incidents and potential of compromising users’ information if you want to use internet banking you need to do identification procedure.

We found one very interesting technical detail about the malware behavior – it uses a VPN connection! When a user clicks on one of the bank’s logos below, he is connected to a VPN and the fake banking website is displayed. At first, the malware connects to the C&C server and obtains configuration by GET request on 69.30.240.106/index.txt. The C&C answer includes a link to an executable modifying the hosts file and VPN server IP address.

900
test.exe
vpn=204.12.226.98

The executable is responsible for properly rewriting %windows%system32driversetchost file, which is queried for address translation before querying DNS on Windows machines. For example, if you want to go to www.naver.com the system first accesses the host file, and if there is a match it uses the specified IP address (104.203.169.221) for that site which differs from the original DNS records – 202.131.30.12 for our geographical location.

The malware targets Korean bank customers who access the following bank websites:

www.nonghyup.com, nonghyup.com, banking.nonghyup.com, www.nonghyup.co.kr, nonghyup.co.kr, banking.nonghyup.co.kr, www.shinhan.com, shinhan.com, www.shinhanbank.com, shinhanbank.com, www.shinhanbank.co.kr, shinhanbank.co.kr, banking.shinhanbank.com, banking.shinhan.com, banking.shinhanbank.co.kr, www.hanabank.com, hanabank.com, www.hanabank.co.kr, hanabank.co.kr, www.wooribank.com, wooribank.com, www.wooribank.kr, wooribank.kr, www.wooribank.co.kr, wooribank.co.kr, www.kbstar.com, kbstar.com, www.kbstar.co.kr, kbstar.co.kr, www.keb.co.kr, keb.co.kr, ebank.keb.co.kr, online.keb.co.kr, www.ibk.co.kr, ibk.co.kr, www.ibk.kr, ibk.kr, mybank.ibk.co.kr, banking.ibk.co.kr, www.kfcc.co.kr, kfcc.co.kr, www.kfcc.com, kfcc.com, www.epostbank.co.kr, epostbank.co.kr, www.epost.kr, epost.kr, www.epostbank.kr, epostbank.kr

The bank domain names are translated into a private network address range (10.0.0.7) and the search engines are translated to webserver running IIS. Webserver runs a Chinese version of IIS, as shown from the error message displayed when supplying incorrect header information.

iis
The malware, however, is not connected to the VPN all the time. The malware searches for the active Internet Explorer windows and if found, depending on Internet Explorer version, it locates browser’s address bar and extracts the currently entered url address. If URL belonging to any of the banks is found, VPN connection is established.

At first, malware drops a file %USERPROFILE%profiles.pbk, which includes the basic configuration. The credentials for VPN (name and password) are hard coded in the binary. The connection is made with help of Windows RAS API interface.

rasdial

If we want to verify the VPN connection in Windows, we can simply locate the dropped PBK file and double click on it. In properties, we will choose “Prompt for name and passwords, certificate, etc.” We enter the username and password, which we previously extracted from the malicious binary. After pressing the “Connect” button, we are connected to the VPN, and if hosts file is properly modified, we can access the fake bank websites. After pressing “Hang Up”, we can disconnect from VPN.

pbk01

pbk02

pbk03

pbk04

 

After a successful connection, “ipconfig /all” command lists PPP connection to VPN, with the current machine’s assigned private IP address. At this moment, the infected machine is connected into the private network and it can access contents hosted on 10.0.0.7.

vpn

Example of visiting bank’s website on a compromised computer

When a customer visits nate, daum or naver on an infected machine, he is presented with the following banner.
XP Debugging1

After clicking on the logo of a bank, the customer is presented with the following modified website (the example below was taken for epostbank.kr, however this attack works the same way for the other banks). If the customer clicks on any link on the fake bank website, he is presented with an error message. The message says that the additional security measures are available. After clicking OK, the fake verification process starts.
epostbank_errormsg
The customer is asked to fill in some personal details.
epostbank01
Then he is asked for a phone number and numbers in his security card.
epostbank02
Lastly, he is presented with a link to download a malicious Android application. At the writing of this blog post, the link to the malicious Android app is not working anymore.
epostbank03

SHAs:

Original dropper

1C22460BAFDDBFDC5521DC1838E2B0719E34F258C2860282CD48DF1FBAF76E79

Dropped DLL, C&C communication

FDF4CAA13129BCEF76B9E18D713C3829CF3E76F14FAE019C2C91810A84E2D878

Hosts file modifier

1D1AE6340D9FAB3A93864B1A74D9980A8287423AAAE47D086CA002EA0DFA4FD4

 

Acknowledgements:

This analysis was jointly accomplished by Jaromir Horejsi, David Fiser and Honza Zika.

Leave the tracking to the post office – not online advertising!

The holidays are here and many are opting to shop online for their holiday gifts, whether it’s to avoid the crowds or because time is running out. Online shopping is a convenient option, everything is almost guaranteed to be in stock, there are no lines and your purchase gets delivered to your doorstep. But, can this season’s holiday shopping come back to haunt you online? 

Ad networks, whether via browser extensions or cookies, track your online browsing activities to target ads tailored to your interests. Some see this is as a good thing as you are only shown ads for products or services that would be useful for you, while others may think it’s creepy that the Internet knows about your guilty pleasures. The holidays are about giving and generosity, so your online browsing activities may differ from what they are the other eleven months of the year. You may be researching whether you should purchase a round or square shovel for Uncle Jack, who put gardening tools on his holiday wish list, or which game you should order for your daughter. Now, do you really want to have ads for gardening tools and games for kids following you around the Internet?

How to shop undercover

Whether you want to protect your privacy or simply want to avoid targeted ads that may result from holiday shopping for family and friends, Avast is here to help!

Avast Online Security comes with a Do Not Track feature. Do Not Track identifies tracking software and shows you a list of all tracking and analytics programs that are trying to track your online behavior. You then have the option to choose which tracking software you want to deny or allow to track your online behavior.

Online ad tracking Do Not Track

By denying tracking software, you eliminate your digital footprint and exclude targeted ads from following you while you browse. Most browsers do come with some form of Do Not Track, but they rely on HTTP Do Not Track headers. Avast on the other hand uses proprietary technology that cannot be overridden by servers.

Avast Browser Cleanup is another tool that will help ward off targeted ads. Browser Cleanup removes unwanted or poorly rated toolbars that could also be keeping an eye on your browsing sessions. Since Avast Browser Cleanup launched in February 2013, it has identified more than 40 million different toolbars, 95 percent of which have been rated as “bad” by Avast users.

Leave the tracking this holiday season to shipping companies and the post office, not online advertising! Avast wishes you and your loved ones safe and happy holidays (and shopping :))!

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Wanted: Avast for Business beta testers

Join our Avast for Business beta test program and prove its value to your company.

IMG_9675
In 2001, we began our journey toward becoming the leader in consumer desktop security by doing things differently and delivering a great product for free. Today, we protect more than 175 million home computers, more than anyone else.

In 2011, we began our journey toward becoming the leader in mobile security by doing things differently and delivering a great product for free. Today, we protect more than 50 million smartphones, making us one of the top 2 mobile security providers and well on our way to becoming number one.

In 2015, we start our next journey – this one toward becoming the leader in business security. And we’ll do so by doing things differently and delivering a great product for

…well, keep an eye on this space. We’ve clearly shown that when we focus our efforts, we know how to deliver differentiated solutions that become market leaders despite stiff competition.

We don’t do any of this by ourselves though. Over the years, we have listened to our evangelists on the forum, our fans on social media, consumer reviews, and the people who test out our products before they are released. We gather feedback, opinions, and suggestions and integrate those into Avast products.

Now we’re doing it again.

Avast Software will turn business information security on its head with our new business-grade security product designed specifically for small and medium sized businesses. But first, we need your help.

Join our beta test program for Avast for Business and prove its value to your company.

Here’s what you get:

  • YOU GET EARLY ACCESS  – As a participant in the Avast for Business beta program, you have exclusive access to the pre-release version. You get to be the first one to experience the power and ease-of-use of Avast for Business.
  • YOU HELP US CREATE THE BEST SECURITY SOLUTION FOR YOUR BUSINESS – When you join our beta test team, you’re first in line with suggestions for improving the product, now and into the future..
  • YOU GET REWARDED FOR YOUR EFFORTS –To thank you for your participation in our beta program, and compensate your business for the time you invest, we’ll give you three full months of Premium service after the release of the new product in 2015.

How to join the program

  • Review the information about Avast for Business on our website
  • Click on SIGN UP NOW
  • Follow the on-screen instructions and start putting Avast for Business to work
  • Send us your feedback via email to [email protected].

As much as is feasible without delaying the product release, we’ll incorporate your comments into Avast for Business; other suggestions will be reserved for incorporation into future releases. And your business name will be added to the list of companies that will receive three months of Premium service after the product is released.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Mobile advertising firms spread malware by posing as official Google Play apps

As a malware analyst, I find new pieces of malware day in and day out. In fact, I see so many new malware samples that it’s difficult for me to determine which pieces would be really interesting for the public. Today, however, I found something that immediately caught my attention and that I thought would be interesting to share.

Mobilelinks

The three URLs listed above are websites that offer mobile monetizing kits, which are advertising kits that developers can implement in their mobile apps. The goal for developers is to monetize from advertisements. If a user clicks on one of the ads delivered by one of the above listed providers, he may be lead to a malicious subdomain.

The most visited of the three URLs is Espabit. According to our statistics, we know that Espabit’s servers get around 150,000 views a day and nearly 100% of the views are from mobile devices. This may not seem like that much compared to the number of Android users there are in the world, but it is still a considerable number. Espabit is trying to position themselves as a world leader in advertising, and their website may appear innocent, but first impressions can be deceiving.

 

espabit

The most visited Espabit subdomain, with more than 400,000 views during the last few months, leads app users to pornographic sites via the ads displayed in their apps. The site displays a download offer for nasty apps (no pun intended) that have malicious behavior.

image

 

The above is just one example of the malicious links; there are many others hosted on the same server. The majority of the links lead to pornography or fake apps that all have one thing in common: They all steal money from innocent users.

How do they convince people to download their app? By posing as official Google Play apps. The apps are designed to look like they are from the official Google Play Store – tricking people into trusting the source. Since Android does not allow users to install apps from untrusted sources, the sites offer manuals in different languages, like English, Spanish, German, and French, explaining how to adjust Android’s settings so that users can install apps from untrusted sources, like these malicious apps. How considerate of them.

image_1

 

Now let’s take a deeper look at what the apps are capable of doing:

All of the “different” apps being offered by the three sites listed above are essentially the same in that they can steal personal information and send premium SMS. So far, we know about more than 40 of them stored on the websites’ servers. Most of the apps are stored under different links and, again, are offered in different languages (they want everyone to be able to “enjoy” their apps). The goal behind all of the apps is always the same: Steal money.

apps code1

 

 

 

 

Some of the permissions the apps are granted when downloaded…

apps code2

 

Once you open the apps, you get asked if you are 18 or older (they are not only considerate in that they offer their product in various languages, but they also have morals!).

sexyface

 

 

sexyface2

 

After you click on “YES” you are asked to connect your device to the Internet. Once connected to the Internet your device automatically starts sending premium SMS, each costing $0.25 and sent three times a week. That’s all the app does! The amount stolen a week does not seem like much, but that may be done on purpose. People may not notice if their phone bill is $3.00 more than it was the month before and if they don’t realize that the app is stealing money from them and don’t delete the app it can cost them $36.00 a year.

This malware is actually not unique in terms of the technique it uses. However, collectively, the three websites have around 185,000 views daily, which is a lot considering there is malware stored on their servers. Not everyone is redirected to malware, but those who are, are being scammed. Considering that the most visited malicious subdomain had around 400,000 views in the last quarter, it tells us that a large number of those visitors were infected. This means these ad providers are making a nice sum of money and it’s not all from ad clicks and views.

Although many mobile carriers around the world block premium SMS, including major carriers in the U.S., Brazil, and the UK, this case should not be taken lightly. These malware authors use social engineering to circumvent Google’s security and target innocent app users via ads. Think of how many apps you use that display ads, then think of all the valuable information you have stored on your phone that could be abused.

All malicious apps we found and described here are detected by Avast as:

Android:Erop-AG [Trj]
Android:Erop-AJ [Trj]|
Android:Erop-AS [Trj]

Some of SHA256:
DBEA83D04B6151A634B93289150CA1611D11F142EA3C17451454B25086EE0AEF
87AC7645F41744B722CEFC204A6473FD68756D8B2731A4BF82EBAED03BCF3C9B

Facebook’s new privacy policies and your data security

Facebook privacy policy for 2015

Facebook doesn’t want you to be in the dark about their new privacy policies.

2015 is arriving and, as usual, tech companies start to launch their updates for the new year. However, it looks like someone is sparking some debate with its recent policies that are to be implemented in less than a month. That someone is… Facebook.

After all the controversy around the Facebook Messenger app last summer, the world’s largest social media company is under fire, again!

Recently, Facebook published their new terms, data policies, and cookies policies that the network will launch January 1st. Basically, the update says that every user of Facebook’s services agree, among other changes, with the utilization of tools that can help to aggregate data in order to create more customized ads – the company also introduces ways to guarantee basic data security.

I’ve noticed that the way I’ve received the ads in my profile is quite different to what it used to be. After simply browsing through a website related to a specific theme, let’s say, football or software, I immediately start to receive wall post offers related to that topic, company, or product that I researched online. Imagine how it’s going to be in 2015 after the new policy has been officially launched?

Is Facebook spying on you?

Would the world’s largest social media website be spying on us? They have admitted publicly that it’s quite easy to monitor online activities, and they do hold a lot of data on their members, which makes people feel a bit uncomfortable. Just search for articles about it, and you’ll see.

Facebook’s goal with this new privacy policy is to help users “understand how Facebook works and how to control your information.” This introduces an element of decision-making on the user’s behalf.

Some of the updates you can expect to see are:

Discover what’s going on around you: Facebook is working on ways to show you the most relevant information based on where you are and what your friends are up to.

Make purchases more convenient: People in some regions will see a Buy button, making purchasing easy because you don’t have to leave Facebook. And you get targeted ads based on what you are interested in, like me seeing an increased number of football and software ads.

Make you part of the Facebook ecosystem: You will be even more invested in the “Facebook family” because they are making Instagram, WhatsApp, and the growing number of companies, apps and services that Facebook is acquiring work together more seamlessly.

Your data is still under your control

You should be concerned about the contents and data that you publish on Facebook, because sometimes they make you look like an idiot, but don’t go off the deep end thinking that your social network will steal your privacy! You are still under control of your data!

To help you maintain control, Facebook wants you to understand how they use your information and find information about privacy on Facebook at the moment you need it. Tips and suggestions can be found in Privacy Basics.

It’s also necessary for you to take some precautions, such as:

  • Use strong passwords to access your profiles and accounts
  • Don’t share sensitive information in social media channels
  • Take double precaution with fake websites
  • Only proceed with online payments when logged to https pages

And, obviously, use a good antivirus that will help you with all the above procedures! No matter what tools online companies and social media websites are using to better understand your behavior in the “Internet of Things”, you are still under control of your data. Do your part and live a health virtual life!

When it comes to dangers on the internet, we are our own worst enemies

Today’s biggest threat to the normal consumer is the consumer themselves.

This bold statement was made by Avast CEO Vincent Steckler in an interview with German technology website Valuetech in Munich last week. That’s a daring position to take after this year’s revelations about NSA spying, the theft of tens of millions of customer passwords from major retailers like Target and Home Depot, the recent Sony Pictures hack, and the normal parade of Trojan horses, worms and viruses, but it’s one that Steckler stands behind.

Watch the interview here (04:00),

Mr. Steckler has good reason for his conclusion. Here’s a few of the main points he made during the interview.

Social engineering preys on human weakness

“A lot of attacks are still using social engineering techniques; phishing emails – ways of convincing the user to give up valuable information,” said Steckler.

An example of phishing emails just occurred after Black Friday, when cybercrooks sent millions of fake purchase confirmation emails to customers of major retailers. You can read about that, as well as what to do if you are a victim,  in our blog, Fake confirmation emails from Walmart, Home Depot, others in circulation.

The Mac misconception

Mac users are well-known for proudly touting that they don’t use antivirus protection because they never have a problem with viruses. But, it’s really a numbers game.

“There is no fundamental difference,” Steckler says of the security of PCs and Macs. “Mac is not inherently any safer, as a technology, than Windows is. What makes a difference there is what is more opportune for a bad guy to attack.”

He explains that malware written for Windows can attack up to 93% of the world’s PCs. Mac malware only reaches 7-8% of the world’s PCs. The safety then lies in the lower numbers of Mac devices rather than a technical safety advantage.

Households networks are as complicated as small business networks

With the interconnectivity of household devices from household computers, mobile phones, TVs and even refrigerators, Steckler compares the typical household network to that of a small business.

“The central weakness in this ‘Internet of Things’ will be that home router – the thing that connects everything together,” says Steckler, “and basically doesn’t have any security on it.”

Avast 2015 seeks to address this lack in security by including the new Home Network Security scanner.

Sony PlayStation Network down due to hacker attack

Poor Sony. They are getting it from all directions these days.  On Sunday, the PlayStation Network, the online store for games, movies, and TV shows, suffered a hacker attack and was knocked offline. Visitors to the store got a message that said, ‘Page Not Found! It’s not you. It’s the Internet’s fault.’ I just visited the page, and got this same message, so reports that it was up again, were at best, temporary – at least for some of us.

Sony PSN hacked

Sony tweeted yesterday that they were investigating.

A group called Lizard Squad, which was also involved in a hack of Xbox Live last week as well as previous attacks on EA Games and Destiny, claimed responsibility for the attack.

During the Xbox hack, Lizard Squad promised that attacks would continue until Christmas.

This attack comes on the heels of news recently that Sony Pictures’ corporate network was infiltrated by cybercrooks which resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was speculated that North Korean hackers were behind the attack due to the upcoming release of the movie “The Interview,” which is about an attempted assassination of Kim Jong-Un. The North Korean government denied responsibility for the attack on Sunday. The attack has since been traced to a luxury hotel in Bangkok, and is being investigated.

The two attacks appear to be unrelated.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Fake confirmation emails from Walmart, Home Depot, others in circulation

Cybercrooks target busy holiday shoppers with phishing scheme.

After all that shopping on Black Friday and Cyber Monday, consumers are reporting a bunch of phishing emails that look like authentic communications from poular stores. Malware-infected emails are reportedly coming from Walmart, Home Depot, Target, and Costco. The catch is these are not from the authentic merchants, but rather cybercrooks are using a phishing scheme to send fake emails with the intent to gather personal information from harried shoppers.

Walmart scam email

Millions of these emails are being sent each day, originating from more than 600 hacked websites that act as intermediaries, according to security analysts from Malcovery monitoring the attacks. This method prevented detection by causing the spammed links to point to websites that had been safe until the morning of the attack.

The messages have subject lines like this:

  • Thank you for your order
  • Order Confirmation
  • Thank you for buying from Best Buy
  • Acknowledgment of Order
  • Order Status

If you receive one of these emails, don’t click on any links. Instead, visit the merchant’s website or call their customer service. Don’t give any personal information out unless you know for sure with whom you are speaking.

Home Depot scam email

costco scam email

 

Signs of a fake email

Unfortunately, cybercrooks are becoming more professional with their scams, but here are a few things you can look for to tell a fake email from an authentic one.

  • Poor grammar usage
  • The Sender (the “from” line) may not match the merchant name
  • Links in the email do not go to the real website
  • There is no order confirmation number or details about the order. A real order confirmation email contains the details of your order without clicking on any links, as well as where it is being shipped and the payment method.

target scam email

How to protect yourself

Walmart acknowledged that the fraudulent emails were in circulation and suggested these steps if you receive a suspicious email.

  • If you actually placed an order and are suspicious about the email you received, log onto your Walmart.com order to check your order status.
  • Keep your virus software updated on all your computers.

If you were a victim of fraud via the Internet, you should file a report with your local law enforcement agency along with the Internet Crime Complaint Center (ICCC). The ICCC is a partnership between the FBI and the National White Collar Crime Center. You can make a report with the ICCC.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.