Category Archives: Avast

Avast

Pony stealer spread vicious malware using email campaign

Most people want to stay on top of their bills, and not pay them late. But recently, unexpected emails claiming an overdue invoice have been showing up in people’s inboxes, causing anxiety and ultimately a malware attack. Read this report from the Avast Virus Lab, so as a consumer you’ll know what to look for, and as a systems administrator for an SMB or other website, you will know how cybercrooks can use your site for this type of social engineering scam.

Recently we saw an email campaign which attempted to convince people to pay an overdue invoice, as you can see on the following image. The user is asked to download an invoice from the attached link.

mail1

The downloaded file pretends to be a regular PDF file, however the filename “Total outstanding invoice pdf.com” is very suspicious.

When the user executes the malicious file, after a few unpacking procedures, it downloads the final vicious payload. The Avast Virus Lab has identified this payload as Pony Stealer, a well-known data-stealing Trojan which is responsible for stealing $220,000, as you can read here.

We followed the payload URL and discovered that it was downloaded from a hacked website. The interesting part is that we found a backdoor on that site allowing the attacker to take control of  the entire website. As you can see, the attacker could create a new file and write any data to that file on the hacked website, for example, a malicious php script.

backdoor

Because that website was unsecured, cybercrooks used it to place several Pony Stealer administration panels on it, including the original installation package, and some other malware samples as well.  You can see an example of Pony Stealer panel’s help page written in the Russian language on the following picture.

panel

Avast Virus Lab advises:

For Consumers: Use extreme caution if you see an email trying to convince you to pay money for non-ordered services. This use of “social engineering” is most likely fraudulent. Do not respond to these emails.

For SMBs: If you are a server administrator, please secure your server and follow the general security recommendations. As you learned from this article,  you can be hacked and a backdoor can be put in your website allowing anyone to upload whatever he wants to your website. Protect yourself and your visitors!

SHA’s and detections:

4C893CA9FB2A6CB8555176B6F2D6FCF984832964CCBDD6E0765EA6167803461D

5C6B3F65C174B388110C6A32AAE5A4CE87BF6C06966411B2DB88D1E8A1EF056B

Avast detections: Win32:Agent-AUKT, Win32:VB-AIUM

Acknowledgement:

I would like to thank Jan Zíka for discovering this campaign.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Avast 2015 simplifies security for you, your PC, and your home

Blog-Post_2015-Launch-CBack in the old days, when we only had a desktop PC, security was simpler. But now, with multiple devices and an increasing variety of attack methods, keeping everything secure and up-to-date can be a daunting task. Avast 2015 simplifies the task with the best antivirus and anti-malware protection possible, the ability to remove annoying browser toolbars, one-click scanning for malware, updates, network security, and PC performance, and the world’s first home network scanner.

Home network scanner

Avast identified a growing area of insecurity close to home (actually right in your home!): Your home Wi-Fi network. Easily hacked passwords make home routers an effortless entry point for hackers or even free-loading neighbors. Avast 2015 security solutions include the first-ever home network scanner, which will help you prevent hacker attacks on your router and network.

One-click Smart Scan

To help simplify device security for your family, Avast 2015 now allows you to use a one-click smart scan to scan for hacker threats, software that needs to be updated, your home network security, and your PC‘s operating status.

Unique cleanup and updater features

One of the weakest links in people’s security is out-of-date software. Hackers take advantage of old software, but it’s actually one of the simplest areas to defend. With the improved Avast Software Updater, you are notified when there is a patch or update to the software you’re running – regardless of who it’s from.

PUPs (potentially unwanted programs) like toolbars and search resets are not only annoying; they’re dangerous. They collect information distributed to advertisers or anyone willing to pay for it. The improved Avast Browser Cleanup removes annoying toolbars and search settings, allowing you to choose the settings you want and accelerate PC performance.

The Avast 2015 security solution is available in four variations for home use—Avast Free Antivirus, Avast Pro Antivirus, Avast Internet Security, and Avast Premier—and in 45 languages. Avast also provides world-class protection for businesses and mobile devices. Visit www.avast.com to learn more and download.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

 

Avast 2015 protection expands to include your home router

Blog-2015-Launch

Our digital world has expanded from desktop to mobile and now increasingly to the Internet of Things. The gadgets we own and use every day are “smart” – from watches that track our fitness to TVs that know the types of shows we like to watch to digital thermostats that control the temperature in our homes.

This level of connectivity brings its own security risks. To keep our users ahead of the curve, all of Avast 2015 security solutions come with the only home-network security tool designed to identify vulnerable home networks. Our new Avast Home Network Security scans a user’s home network and routers for potential security issues that could allow a hacker attack.

“Security risks have expanded out from the PC to the home network as more devices than ever connect to the Internet via home routers. As a result, home networks have become the hub of personal computing,” said Avast Chief Executive Officer Vince Steckler. “Our research determined that nearly 80% of all home routers in use today are thinly protected by common, easily hacked passwords, making routers an easy entry point to the home network for hackers. Avast 2015 addresses these issues head-on with several important new features.”

Avast Home Network Security scans for misconfigured Wi-Fi networks, exposes weak or default Wi-Fi passwords, vulnerable routers, compromised Internet connections, and enabled, but not protected, IPv6. It also lists all devices on the network so users can make sure only their known devices are connected.

To help our users, we provide guidelines on how to fix vulnerabilities so they can be sure their network is fully protected.

Protection from DNS hijacking

One of the biggest risks users of vulnerable routers face is DNS hijacking. Cybercrooks use malware to redirect you from the site you want to visit, like your online bank, to one that looks like it, but is fake. You log in as usual and the bad guys now have your user name and password.

Avast SecureDNS encrypts Internet traffic between Avast-protected devices and Avast’s DNS server to prevent users from being directed to hijacked sites. Avast offers users SecureDNS as part of our Pro, Internet Security, and Premier products.

Avast 2015 is available now. Download it for your PC or Mac.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

 

Ebola scams spread faster than actual disease in panic-striken U.S.

shutterstock_204144223 (2)

Cybercrooks use popular stories in the news to deceive people into giving up confidential information.

The dreaded disease Ebola that is spreading rapidly throughout West Africa made landfall in the US recently, and since then many news agencies have sensationalized the “outbreak” with constant coverage. Panic has grown as politicians raise the public’s fears and medical experts are confusing people with contradictory information. These things all combine to create the perfect atmosphere for scammers.

It’s quite common for cybercrooks to use social engineering techniques to fool people during a big news event, and we have seen an increase in phishing attempts. The United States Computer Emergency Readiness Team (US-CERT) issued an alert today to remind users to protect against email scams and cyber campaigns using the Ebola virus disease as a theme.

“Phishing emails may contain links that direct users to websites which collect personal information such as login credentials, or contain malicious attachments that can infect a system, “ says the advisory.

Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

 

“Poodle” security hole has a nasty bite

poodles

“Poodle” bites on open WiFi networks with multiple users.

A security hole called Poodle could allow hackers to take over your banking and social media accounts.

Yesterday, Google researchers announced the discovery of a security bug in version 3 of the Secure Sockets Layer protocol (SSLv3). This web technology is used to encrypt traffic between a browser and a web site, and can give hackers access to email, banking, social accounts and other services.

Poodle bites multiple users in unsecure open WiFi networks, like the ones you use at coffee shops, cafes, hotels, and airports.

“To exploit the vulnerability, you must be running javascript, and the attacker has to be on the same network as you—for example, on the same Starbucks Wi-Fi network you’re using,” explained Kim Zetter in a WIRED article.

Avast experts strongly recommend that our users protect themselves when using free WiFi with avast! SecureLine VPN.

Poodle is not considered as serious a threat as this past spring’s Heartbleed bug which took advantage of a vulnerability in OpenSSL, and or last month’s Shellshock bug in Unix Bash software.

SSLv3 is an outdated standard (it’s a decade and a half old), but some browsers, like Internet Explorer 6, and older operating systems, like Windows XP, only use the SSLv3 encryption method. Google’s security team recommends that systems administrators turn off support for SSLv3 to avoid the problem, but warns that this change will break some sites.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

5 steps to keep your SMB data protected

SMB-security

When Edward Snowden came forward in May 2013, accusing the world’s largest intelligence service of spying on US allies, people, and private companies, it became evident that electronic data is quite vulnerable. This major event even caused Russian and German government officials to consider cataloguing their data, using old-fashioned manual typewriters instead of computers. Should you do the same with your business’ data to protect it?

The only way to keep your data absolutely safe from hackers and spies is to keep it far away from computers and servers, but this approach isn’t realistic. So here are five steps that you can take to protect your small or medium size business’ data:

1)     Configure your computer network properly Regardless of the way your computers are connected in your company, via work group or server, make sure that you have implemented the right configuration. Make sure you haven’t left any gaps for hack attacks, such as software that has not been updated or free network accessibility to suppliers or all company employees.

2)     Install a business-grade antivirusThis one sounds obvious, however, it is important to point out that several SMBs still use personal antivirus to protect their business data. A company that opts to use consumer security products might not get into legal problems (although this is possible), but the major issue here is the security of the data itself. Business antivirus allows an entrepreneur to manage the company’s electronic security remotely instead of being obligated to check   each PC’s security manually. With a administration console, you can check on current problems, their solutions, and in the event of an infection or unauthorized action your console can get real-time alerts.

3)     Educate your employees about online security At AVAST we receive 50,000 samples of new viruses a day. Online security is evolving, which means you need to educate your employees about the dangers of online security and how they can best protect your company’s data on a regular basis. Try to focus on explaining the concept of social engineering to your employees, what the most recent methods of attacks are, and what the latest malware on the market is. The AVAST blog is a great place to find this information.

4)     Keep in mind that humans can fail Remember that although a great part of online security can be automated, it continues to be dependable on human actions, which from time to time can fail. Minimize the risks by training your employees properly and sharing the responsibility for data security with everyone. If a mistake is made, take it as an experience to learn from as a company, rather than cracking down on one person.

5)     Encrypt your most important data Currently, SMB owners have the option to encrypt data, so that in the case of an attack, their files will be protected. Encrypting files turns the information into unreadable code and only those who have the access to the encryption key are able to restore the files to their original state. This process is not simple, which is why it is recommended to encrypt your most important and sensitive files.

In addition to these five steps, make sure you stay up-to-date with the latest data security news. If a company in the same field as yours gets attacked, it can hit your SMB quicker than you may think! Remember, the digital world has neither frontiers nor barriers!

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Adobe gathers data from your eBook reader

Image from http://www.quickmeme.com

Security and privacy violations in Adobe’s Digital Editions eBook and PDF reader were discovered last week.

“This is a privacy and security breach so big that I am still trying to wrap my head around the technical aspects, much less the legal aspects,” researcher Nate Hoffelder wrote in The Digital Reader blog post.

If you check out eBooks from your local library and read from a digital reader like a Nook, Kobo, or other non-Amazon eBook reader, then you have probably used Adobe’s free Digital Editions software.

Hoffelder said that Adobe is gathering user data on the eBooks that have been opened, which pages were read, and in what order, as well as metadata such as title and publisher –and all of it is being sent to Adobe’s servers in plain text. That means anyone who is interested and has the means, say, the National Security Agency or your ISP, could be reading over your shoulder. That’s not good. In fact, it’s very bad, as well as illegal.

It is hoped that Adobe’s Tuesday update will include a plug for the Digital Editions leak, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.”

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Big updates coming from Microsoft, Oracle and Adobe this Tuesday

Patch Tuesday Oct 2014

Pour yourself a cup of coffee; this could take a while.

One of the biggest “Patch Tuesday” fixes is happening October 14, when vital updates will be available from three companies at the same time.

We are all used to the monthly Patch Tuesdays from Microsoft and Adobe, but this month the quarterly updates from Oracle, the parent of problem child Java SE, coincide, making it a pretty big day for securing your system. Avast experts agree that one of the most important steps you can take to securing your data and devices is to make sure that you keep your software up-to-date.

Microsoft

Microsoft leads off the normal Patch Tuesday with the release of 9 security updates across products including a critical patch of Internet Explorer, all supported versions of Windows, and the .NET development framework.

Oracle

Oracle’s Critical Patch Update is a collection of patches for multiple security vulnerabilities. It contains 155 new security fixes across hundreds of Oracle products; 25 of them for Oracle Java SE. Oracle warns that “these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. “ That’s not good, if you were wondering.

“I would suggest removing Java if possible or at least turning it off in all your browsers,”  advises Jiri Sejtko, director of AVAST Virus Lab operations. Here are removal instructions for the most popular browsers: How do I disable Java in my browser?

Adobe

It is hoped that Adobe’s Tuesday update will include a plug for the big Digital Editions e-book and PDF reader hole, but more likely it will be next week. In a statement to the American Library Association, Adobe reports they “expect an update to be available no later than the week of October 20” in terms of transmission of reader data.

Tuesday’s patch will probably include a fix for bugs in Adobe Flash Player.

avast! Software Updater shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.  All avast! security products inform you whenever any of your 3rd party applications are out-of-date and you can apply updates manually by clicking the ‘Fix now’ button next to each conflicting application. avast! Premier can be configured to perform these updates automatically.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.

Protégez les appareils mobiles de vos ados grâce à Avast.

Les ados passent une grande partie de leur temps sur leurs smartphones ou leurs tablettes. Aidez-les à se protéger grâce à Avast Free Mobile Security et Avast Antivol.

 

Teenagers_FR

 

Une étude réalisée par l’UNAF (Union Nationale des Associations Familiales) auprès de 500 élèves de 12 à 17 ans révèle que 73 % d’entre eux possèdent un téléphone portable et que 47 % l’utilisent en classe. Ils utilisent en général leurs smartphones pour surfer sur Internet et accéder aux réseaux sociaux, mais aussi pour s’orienter ou prévenir un proche en cas d’urgence. Beaucoup de parents considèrent le téléphone portable comme un outil de sécurité leur permettant de garder le contact avec leur ado peu importe où ils se trouvent.

La première chose à faire après avoir acheté un smartphone à votre ado. 

La plupart des jeunes utilisent un appareil Android sans protection intégrée. La première chose à faire est de télécharger une application de sécurité afin de protéger l’appareil de votre ados et leurs données.La nouvelle version gratuite d’Avast Mobile Security & Antivirus est enfin disponible. Son interface utilisateur améliorée et simplifiée vous permettra de protéger instantanément votre enfant contre les logiciels espions et les malwares, l’empêchera de télécharger des applications suspectes, sauvegardera ses contacts, ses photos et ses historiques d’appels et de sms.

Téléchargez Avast Mobile Security and Antivirus à partir du Google Play store.

La seconde chose à faire après avoir acheté un smartphone à votre ado.

Les ados sont très actifs et les chances qu’ils perdent leur portable sont élevées. Avast Antivol est une application à installer indépendamment d’Avast Mobile Security. Vous pouvez utiliser la fonctionnalité de localisation afin de retrouver un appareil perdu ou volé, le contrôler à distance et le verrouiller.

Téléchargez Avast Antivol à partir du Google Play store.

Autres conseils : 

  • Protégez le smartphone de votre enfant avec un mot de passe. C’est très facile et cela empêchera les curieux et les hackeurs d’accéder à leurs données.
  • Ajoutez les numéros importants à la liste de contacts. Ajoutez votre numéro de portable, celui de votre travail, des grands-parents, de l’établissement scolaire, des urgences etc.
  • Informez-vous des règles de l’établissement scolaire. Il est important de savoir si l’utilisation du portable y est interdite durant les heures de cours ou durant les pauses.
  • Informez vos enfants sur l’importance de la confidentialité. Cela inclut des sujets comme la publication de photos, le sexting et le comportement à adopter sur les réseaux sociaux.

 

Merci d’utiliser Avast Antivirus et de nous recommander à vos amis et votre famille. Pour toutes les dernières nouvelles, n’oubliez pas de nous suivre sur Facebook, Twitter et Google+.

 

 

Millennials take responsibility for their own cybersecurity

A new trend has started – people are taking responsibility for their own safety online!

ncsam_facebook_cover_photo_2014

AVAST Software is a “champion” and supporter of NCSAM.

Last October when National Cyber Security Awareness Month (NCSAM) was getting started, it was reported that the incoming workforce of millennials was lax about cyber-risks. They engaged in risky online behavior like:

  • Connecting to unprotected public WiFi networks
  • Using a storage device that wasn’t their own
  • Sharing a password with a non-family member
  • Never changing their online banking password

2014 brings more awareness among “Digital Natives”

For this year’s NCSAM, a new survey was done by defense contractor Raytheon in partnership with the U.S. Department of Homeland Security and the National Cyber Security Alliance. It showed that awareness of online safety is rising, with 70% of millennials saying they follow cybersecurity concerns and are up-to-date on the topic. Eighty-seven percent believe they are personally responsible for their online safety.

Millennials are known as the “Facebook generation” or “Digital natives” because they grew up in the “digital age” with internet-connected devices. But just because they were born after the digital age began, doesn’t mean they were any more concerned about security than the so-called digital immigrants who had to replace analog skills with digital. But this year, maybe because of the high profile data breaches that have occurred repeatedly, millennials are concerned about their devices being infected by malware, credit or debit card theft, someone hacking into financial information, or falling victim to online scams or fraud.

While many are aware of the risks – roughly 60% have experienced some sort of online violation – identity theft, a computer virus, or a bad experience on social media – they’re still engaging in some risky behaviors, such as 72% using public WiFi that doesn’t require a password.

Interestingly enough, this increased awareness is also driving interest in a career in cybersecurity with millennials expressing a desire to make the Internet safer and more secure. The problem is that almost two-thirds of the total don’t know or aren’t sure what the “cybersecurity” profession is.

Building_Tomorrows_Cybersecurity_Workforce-NCSAM2014

STOP. THINK. CONNECT.

For millennials and everyone else, improving cybersecurity involves absorbing the STOP. THINK. CONNECT. message: Take a few safety precautions, understand the consequences of behaviors, and enjoy the Internet with more peace of mind.

To stay safer and more secure online everyone should:

  • Keep a clean machine. Keep software up-to-date on all Internet-connected devices to reduce risk of infection and malware.
  • Get two steps ahead.  Switch on two-step verification or multi-factor authentication wherever offered to make your accounts more secure.
  • When in doubt, throw it out. Links in email, posts, and texts are often the ways cybercriminals try to steal your information or infect your devices.
  • Think before you app. Understand and be comfortable with what information (i.e., location, your contacts, social networking profiles, etc.) the app would access and share before you download it.
  • Use a better password. Improve your defenses by making passwords that you can remember, are hard to guess, preferably use numbers, capital and lowercase letters and symbols and are different for all accounts.
  • Post only about others what you would have them post about you. It’s the golden rule on the Internet, too.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter and Google+. Business owners – check out our business products.