Category Archives: Avast

Avast

Avast

Fake free codes scam affects PSN and Steam users

Leave a comment

Some webpages are giving away free codes for Playstation Network and Steam but, are they reliable?

At Avast we discovered a lot of webpages offering free codes, with a value from $20 to $50, for Playstation Network and Steam, two of the most important internet-based digital distribution platforms. Those webpages look very suspicious so we decided to analyze them.

We chose one of those webpages and followed all the steps required in order to get our “free code” for Playstation Network or Steam.

psnScam

After a first look at the main page, we found some suspicious items. To prove how trustworthy the transaction is, the webpage placed two security “certifications” in a visible location, but as we discovered, no security companies are associated with those certifications. They are completely fake!

Also, there’s a label with user ratings (4 ½ stars!), but we cannot rate the webpage; it’s just an image. Both fake images make the users think that they are in a safe and reliable website.

What happens when we click on a gift card? Are we going to receive the code?

The answer is no.

Let’s see what’s next:

PSNscam1

When we click on a gift card¸ instead of receiving the promised free code, we are asked to share a link with our friends in order to unlock the code.

Why do they do that?

When we share the link we are contributing to an increase in the number of visitors and, of course, the number of people that will try to redeem the “free code.” Keep this in mind, it will be important at the end of this post.

Ok, we already invited 5 of our friends and, in theory, we unlocked the code. Is this the last step? Are we going to receive the code now?

PSNscam3

Again, the answer is no.

Looks like they don’t want to give us the code. Suspicious, right? So, what do they want now?

As we can see in the image, in order to receive our PSN code, we need to complete a short survey (like inviting 5 friends wasn’t already enough?!).

When we click on one of the surveys, a little pop-up with a message appears on the top of the screen. The message says: “You must use your VALID information while filling this offer out”.

Why do they need our VALID information?

Here’s the reason:

PSNscam4

 

In order to receive the code, we need to introduce our phone number – our VALID phone number. But wait, before doing that, let’s read the text at the bottom of the page.

PSNscam5

Surprise! It’s a premium SMS service with a total amount of 36,25€/month (>$40/month)! If we enter our phone number, we will be automatically subscribed to this premium service.

Remember the 5 friends you sent the link to? Well, now imagine how many people can fall into this scam just by sharing a link to 5 friends: 5+(5*5)+(5*5*5)+… creepy, right?

And of course, there’s no free code for your PSN or Steam accounts.

Unfortunately, there’s a lot of webpages using the same method to get user’s money. Also, there are other webpages offering software to generate codes. Cybercrooks create those
fake apps and get money from “download servers” because they bring
them users.

Tonda Hýža, from the AVAST Virus Lab, described those webpages as Adware due to the big amount of lies, advertisements and weird privacy policies.

Make sure you share this alert with your gamer friends J

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

Avast

12 ways to boost your router’s security

Leave a comment

hns2aWith the increasing number of network security breaches, we need to improve awareness regarding the security of your home network.

We simply need to follow some rules to control and prevent system penetration and also bandwidth theft (and losing money!). Safeguard your valuable information available through your home wireless connection and do not be easy target for hackers!

Here are 12 ways to boost your router’s security:

  1. 1. Install your router in a safe place where the wireless signal is available only inside your own house. Avoid placing it near to a window.
  2. 2. Turn off WPS, the automated network configuration method that makes your wireless password more vulnerable to hacker attacks.Turn on WPA2 encryption and, if you can, protect it with a strong password.
  3. 3. Change the default admin username and password to a strong password. Do not use default passwords because they’re generated from well-known algorithms that makes hacker attacks even easier. Do not use your name, date of birth, home address or any personal information as the password.
  4. 4. Upgrade your router firmware to fix known vulnerabilities of the router.
  5. 5. Don’t forget to log out after managing the router, avoiding abuse of the authenticated browser sessions.
  6. 6. Disable remote management of the router over the internet. In a business environment, if you need this management, it will be safer to use NAT rules allowing SSH or VPN access only.
  7. 7. To prevent CSRF attacks, don’t use the default IP ranges. Change the defaults 192.168.1.1 to something different like 10.8.9.7.
  8. 8. Prevent ROM-0 abuse (i.e., access to the secret data stored in your router: your ADSL login/password combination and WiFi password) of your router and forward port 80 on the router to and non-used IP address on your network. Check how-to here.
  9. 9. Set your router DNS servers to automatic mode (or DHCP) or for a static value that you manually set exactly according to your ISP.
  10. 10. Disable IPv6 on the router or, if you really need IPv6 services, replace the router with a IPv6 certified one.
  11. 11. You can save bandwidth and allow only specific computers or devices to access your WiFi even if they have the security key to enter. Find the computer MAC address (the “physical address” listed with the command line ipconfig/all at a cmd window). Into your router settings, you should look for the Mac filtering settings to add this identifier there.
  12. 12. Use a secure VPN in open/public WiFi hotspots. You can read more on how Avast SecureLine can protect PC, Mac and Android devices in these situations. If you cannot avoid using public WiFi, then try not to log in or enter your credentials (specially banking or credit card ones), but also your email and phone number. If you really need it, always prefer the secure protocol HTTPS (check the browser address bar).

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

 

Avast

Is backing up your data the same as exposing it? In this case – Yes!

Leave a comment

Losing contacts from your mobile phone is highly inconvenient. There’s seems to be a solution –  You can find them online! The catch? Your contacts are in a publicly accessible place.

1playstore photo

Seriously.

If you care for your privacy you should always be suspicious about “Cloud Backup” solutions you find in the Google Play Store. The solution that is being analyzed here backs up your personal contacts online. In public.

Upon starting the application, you will find a screen where you can put your mobile number and a password of your choice. Then you can upload your contacts in the cloud.

 2app

A brief analysis inside this application shows us how exactly it backs up your contacts in the cloud. The contacts are associated with the phone number that you have given in the previous step and they are sent through HTTP POST requests in a PHP page.

3savedatacloud

Further analysis through IP traffic capturing with Fiddler helped usdiscover the results in the pictures above; a page located online, for anyone to see, that contains thousands of un-encrypted entries of phone numbers and passwords. Using the info in the app you can retrieve personal private data (contacts) from another user.

4fiddlerinfo 5datafromserver

We found log in data inside those entries from countries like Greece, Brazil, and others

The Play Store page says that this app has been installed 50.000-100.000 times. This is a big number of installations for an application that doesn’t deliver the basic secure Android coding practices. The developer must use technologies like HTTPS, SSL and encryption on the data that are transferred through the web and stored in the server. Nogotofail is a useful network security testing tool designed by Google to “to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way.

6appinfoplaystore The application has been reported to Google without receiving any response.

Avast detects it as Android:DataExposed-B [PUP].

Samples (SHA-256):

F51803FD98C727F93E502C13C9A5FD759031CD2A5B5EF8FE71211A0AE7DEC78C 199DD6F3B452247FBCC7B467CB88C6B0486194BD3BA01586355BC32EFFE37FAB

Avast

Donate generously on Giving Tuesday, but watch out for scams

Leave a comment

#GivingTuesday is a day dedicated to give from the bounty we have received.

GivingTuesday2014

After the shopping free-for-all of Black Friday, the local discoveries of Small Business Saturday, and the online click frenzy of Cyber Monday, people the world over have a day for giving thanks.

On Tuesday, December 2, 2014, charities, families, businesses, community centers, and students around the world will come together for one common purpose: to celebrate generosity and to give. ~www.givingtuesday.org

From supporting women’s microfranchises selling solar products in Nicaragua to supplying feed and services to a ranch in Arizona that helps save horses from abuse and neglect to constructing toilets in a school in West Bengal, there are a myriad of opportunities to spread your goodwill and your cash. It’s also an opportunity for cybercrooks to scam those with a generous heart.

What you need to know about charity scams

Charities and fundraising groups use all methods to solicit funds, so you could receive a phone call, a knock at your door, an email, a message via social networking sites, and even a text message on your mobile phone. Before giving your donation, carefully review a charity and ensure it is a trustworthy organization.

The Better Business Bureau (BBB) and the Federal Trade Commission (FTC) offers some valuable tips.

    • Watch out for copycats. There may be hundreds of charities seeking support in the same category, and some may use a name that is similar to a better-known, reputable organization. Don’t fall for a case of mistaken identity.
    • Avoid being pressured. Don’t succumb to high-pressure tactics that try to get you to donate immediately. Responsible organizations will welcome your gift tomorrow just as much as today.
    • Give through a reputable, secure service. If a charity asks for donations in cash, by money wire, or offers to send a courier or overnight delivery service to collect the donation immediately, then beware. A genuine charity will give you time and a secure method to make your donation.
    • When in doubt, check them out. The results of a Google or Yahoo search have been known to include bogus phishing sites designed to look like a legitimate charity’s website. Just look up scams around Hurricane Katrina, and you’ll see what I mean. Charity Navigator says,
      • Carefully examine the web address. Most non-profit web addresses end with .org and not .com. Avoid web addresses that end in a series of numbers.
      • Bogus sites often ask for detailed personal information such as your social security number, date of birth, or your bank account and pin information. Be extremely skeptical of these sites as providing this information makes it easy for them to steal your identity.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

 

 

Avast

How to disable IPv6 support in your router settings

Leave a comment
Your WiFi network is not secured

Your WiFi network is not secured

After the previous articles you should be convinced that router vulnerabilities are one of the major concerns in network security. As you already know, the new Avast 2015 version includes a security feature called Home Network Security (HNS) which scans your network and router for vulnerabilities and prevent threats.

One serious problem occurs when when IPv6 (Internet Protocol version 6) is enabled (both by the ISP and on the router), but there is no IPv6 firewall being used. Which means that anyone on the Internet can access devices on the network (like printers, network disks, etc.). This is often the case because the routers are small, embedded devices that cannot handle IPv6 firewalling.

The main advantage of IPv6 over IPv4 is its larger address space: it allows 2128 or approximately 3.4×1038 addresses (or sites) which is an enormous number! In addition to offering more addresses, IPv6 also implements features not present in IPv4: it simplifies address assignment, network renumbering and packets processing.

In fact, a proper IPv6 firewall requires quite some processing power and RAM, so it’s no wonder that many of the cheap routers don’t have that functionality at all (or it’s not working properly).

The remediation is relatively simple: Just disable IPv6 on the router. In most cases, this shouldn’t have any impact on other services, unless they require IPv6 (in which case, it would be good to replace the router with something better which is IPv6 certified).

Avast Internet Security and Premium products offer full support to IPv6 for your computer on our silent firewall. Take into account that other devices, like network drives connected to the router won’t be protected.

 

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

 

Avast

Replace pre-installed antivirus on your Black Friday laptop

Leave a comment
Black Friday laptop

Most people replace pre-installed antivirus programs with Avast Antivirus.

Black Friday and Cyber Monday abound with deals on laptops. When you purchase a new laptop one of the first things you should do is make sure that it is secure with your choice of antivirus protection.

You will probably find that antivirus is already pre-installed, for example, Windows Defender is built into devices that use Windows 8 and Windows 8.1. Among Windows 7 users, Microsoft Security Essentials is on most devices. When users change antivirus protection, the top product enabled is, you guessed it, Avast Free Antivirus.

You should replace Microsoft Security Essentials

Initial praise for the software (MSE) has turned to disappointment and it’s now clear that a third-party antivirus remains the best pick even for users who don’t want to pay,

wrote Matt Smith in a makeuseof.com article called Why You Should Replace Microsoft Security Essentials With A Proper Antivirus. Mr. Smith recommends Avast Free Antivirus.

Same goes for Windows Defender.

If you’re relying solely on Windows Defender for your antivirus protection, you’re anything but defended,

wrote Jill Scharr for Tom’s Guide.

Out with the old, in with the new

We strongly recommend to uninstall previously installed antivirus applications before installing Avast Antivirus on your computer. You can find a list of vendors, from A to Z, that provide a special removal tool to uninstall their antivirus software on our FAQ page. We recommend you follow their instructions before proceeding with the uninstallation.

Avast is most trusted worldwide

For the second year, Avast Free Antivirus has taken first place in the Worldwide Antivirus Product Market Share as measured by OPSWAT. With 220 million people, mobile devices, and computers protected by our security applications, Avast is the most trusted mobile and PC security in the world.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

Avast

Cybercriminals take advantage of relaxed security measures during Black Friday

Leave a comment

Cybercrooks believe that their attacks are more likely to succeed during the holiday shopping season.

 

BlackFriday-crook

Retailers have been “leaking” special Black Friday deals since before Buffalo got covered in a snow wall, and that flurry of sales results in the annual spike that carries them through the rest of the year. But analysts who study these things warn that cybercrooks are riding the sales wave with a surge in attacks due to relaxed security measures.

The Wall Street Journal quotes Gartner Inc’s vice president Avivah Litan,

Retail transaction volume increases by 50% during the holidays and retailers don’t want to stop to slow the pace of business, so they relax fraud controls to some degree. Criminals know they’re likely to get away with more.

Yikes! That’s not good news for consumers, especially since we are swiping our credit and debit cards at places like Target, The Home Depot, and Neiman Marcus – all victims of point-of-sale terminal hacks this year. Experts have advised retailers to take action, like upgrading terminals with new technology and enabling chip embedded cards, but all that takes time to implement.

It’s not much better online. Attacks during last holiday shopping season, November 14, 2013 through January 9, 2014 increased by 264% over the weeks prior to that time, says security company Imperva.The reason?

Believe Macy's

Cybercrooks believe in their ability to succeed this time of year.

Cybercrooks believe that retail applications are more vulnerable during this time of the year, and that attacks are more likely to succeed. Isn’t that what the Gartner analyst said about brick-and-mortar retailers?

The reasoning is similar – in order not to annoy shoppers who can go elsewhere, online retailers relax strict security measures such as step-up authentication and Captcha. Add that easy check-out to all those new Black Friday and CyberMonday quick campaign webpages, (“bad design, unsafe coding, and usage of insecure third-party libraries”) and cybercrooks get an early Christmas present in the form of your credit card number and possible stolen identity.

How to protect yourself during Black Friday

  • Stay home on Thursday Celebrate Thanksgiving with your family. That way you can safely eat too much and watch football and movies while avoiding the crazed crowds trying to jump the gun on Black FRIDAY sales.
  • In God We Trust, All Others Use Cash Use cash or a credit card when paying for your purchases. With a credit card, you can dispute charges, if your financial data falls into the hands of cybercrooks.
  • Change your passwords. Please don’t use the same password for online shopping sites that you use for your bank. When you do it’s like wrapping it in fancy paper and a bow – it’s that easy for a cybercrook to get to.
  • Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate. Monitor your credit report for any changes.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

 

Avast

The top three questions the Avast Mobile Security team got asked at CARTES

Leave a comment

It was great to see so many people who recognize the Avast brand and use our products at CARTES. We would like to say once more: Thank you so much! Every couple of minutes, we had a friendly visit from some of our fans and we always tried to talk to them for a while. Sometimes we got some interesting questions. We would like to share those that occurred the most.

1. Are you guys from the Netherlands?

No. :) Despite the orange color all over the place, Avast is a Prague- (that beautiful city in the Czech Republic that you read about in the travel magazines) based company with offices all over the world including Silicon Valley, Austin, Munich, and Hong Kong.

prague castle

A view of the beautiful Prague castle.

2. How do you make money if your products are free?

In general, we monetize our products both directly (via premium subscriptions or paid product versions) and indirectly (via ads in our applications, or partnerships / referrals, i.e.). On mobile, we are not making much money these days, compared to our desktop products. However, mobile apps are a great part of our product ecosystem. They help us build the brand and engage with people who use them. Our mobile products solve real problems and make the world a better, more secure place. In the future, we see a good potential to monetize mobile applications indirectly, due to our multi-million user base.

3. Why are you a better desktop Antivirus than XYZ?

“Better” is never a good word when talking about competition with modesty and respect. We have some compelling features in our Antivirus products. Check out the Home Network Security, SafeZone or process virtualization in our Avast 2015 version. Or you can try the Free version for yourself and compare our product with the Antivirus you have at the moment.

Did you like the article? Follow the author at @joshis_tweets.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

Avast

Be an Avast Mobile Security beta tester

Leave a comment

This is your chance to be an Avast beta tester!

top rated AMS

You can influence the future direction of Avast Mobile Security when you are a beta tester.

Avast customers who have Android smartphones and tablets have played a significant role in the development of our mobile products. Now you can be part of the team by participating in our new beta version of Avast Mobile Security!

Why you should be an Avast beta tester

  • YOU GET EXCLUSIVE ACCESS  – Participants in the Avast Mobile Security Beta program have access to early versions of our Avast Mobile Security application. You get to be the first one to see all the new functions, before the official release.
  • YOU HELP CREATE THE PRODUCT – When you are a beta tester, we want your feedback, so that means that your suggestions and your critical evaluation of the application actively influence how Avast Mobile Security will work and what it will look like in the future.
  • YOU ARE AN ELITE MEMBER OF THE TEAM – We are looking for people with vision and enthusiasm from all over the world. You are not an ordinary Avast user – we identify you as a powerful influencer and we listen to what you have to say.

How to become an Avast beta tester

  • Join our beta community on Google+
  • Click on the Avast Mobile Security (beta) link
  • Click on BECOME A TESTER
  • Download  the beta version through Google Play on your device

Avast Mobile Security beta test

Join our Google+ Beta Testers community to test the latest version and give your feedback and suggestions.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.