Category Archives: Avira

Avira

Popular Free VPN Hola Sells Users Bandwidth for Botnets

Sounds good, right? Especially in times when you just want to access Netflix U.S. for this one show but can’t because of licensing restrictions; or when everyone might be spying on you. Yes, now is the perfect time for a VPN (Virtual Private Network). Normally you have to pay for the service though. And that’s where Hola comes into play. Hola is a free Chome browser plugin and according to the ratings left on its’ Chrome page VERY popular.

So how come a service like this can afford to stay free? It’s pretty simple really: they sell your bandwidth. “When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this,” says Fredrick Brennan, the operator of 8chan in a note on his site.  He continues:  “Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at https://luminati.io. […] An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM.”

This is definitely not cool, but what does it mean for you? Well, if you are using Hola your connection will be used by other users to access pages in your country that are blocked for their IP but are available with yours. This is perhaps annoying, but not all that bad. But what of you IP might be one of those that get abused by people to perform illegal acts online?

Now is probably the best time to rethink using this specific free service.

The post Popular Free VPN Hola Sells Users Bandwidth for Botnets appeared first on Avira Blog.

Do Millennials Suck When It Comes To Security?

Millennials (or Generation Y) are those who were born from the early 1980s to the early 2000s. A study now looked at the impact which generational attitudes have toward security issues and compared Millennials Generation X/Gen X (those born between 1965 and 1980) and the “baby boomers” (born between 1946 and 1964).

You would normally think that the Millennials know what they are doing when it comes to technology, considering that most of them grew up with it. But while it is a big plus when it comes to handling devices and navigating around the net, the sense of well-being also seems to be their Achilles heel and leads them to being more careless with privacy concerns and a few other security aspects. The study backs this up with some key findings:

  • “Millennials have the worst password reuse habits of all demographics: 85 percent admit to re-using credentials across sites and services.
  • Risky behavior can be found across demographics: 16 percent of millennials and 14 percent of Gen-Xers accept social media invites from strangers “most of the time.”
  • Millennials are most likely to find security workarounds: A combined 56 percent admit they would “very” or “moderately likely” evade restrictive workplace controls. “

On the other hand, the paper also shows that the other included generations show risky behavior as well (though not in the same areas: Baby Boomers for example may pose a rather big BYOD risk; 48% use personal devices to access work related content).

Nonetheless it would seem that Millennials are easy prey for hackers: Reusing passwords and being too trusting on social media (which may or may not lead you to fall victim to social engineering) can lead to unwelcome results.

The post Do Millennials Suck When It Comes To Security? appeared first on Avira Blog.

“Unicode of Death” Crashes Your iPhone

The newly discovered security flaw on iOS crashes different messaging apps (like iMessage and your SMS app – basically all apps that use Apple’s CoreText library) on your iPhone and possibly your Apple watch when being sent a specific string of text. In addition to that it causes your mobile to reboot immediately. The bug was first reported on Reddit.com where some people were complaining about it.

According to TheRegister, this is what happens once your mobile receives the message containing the “Unicode of Death”, a string of text including Arabic characters and different symbols: “The bug causes CoreText to access memory that is invalid, which forces the operating system to kill off the currently running program: which could be your text message app, your terminal, or in the case of the notification screen, a core part of the OS.”

And sickestdancer98 from Reddit explains: “I can tell you it is due to how the banner notifications process the Unicode text. The banner briefly attempts to present the incoming text and then “gives up” thus the crash. On a jailbroken device, this ultimately leads to safe mode. However, on a stock iOS device, there is no safe mode hence the respring after the crash. That is why this only happens when you are not in the message because the banner is what truly crashes the entire system. Is this a possible vulnerability? Maybe. Has this been around already? Roughly since iOS 6. Can it be fixed/patched? That, my friends, is up to Apple. I hope I cleared things up a little bit if it did help in anyway, shape, or form.“

Apple is already working on fix which they’ll make available in an upcoming software update. Until then there are a couple of workarounds floating around online, one if them being to just turn off the lock screen notifications for now.

The post “Unicode of Death” Crashes Your iPhone appeared first on Avira Blog.

Infomatrix 2015: they’ve got skills!

InfoMatrix took place in Bucharest, Romania and it was organized by Lumina Educational Institutions, the Ministry of National Education and ISMB to encourage young people to apply their imagination, their passion, and their creativity to technology innovations that can make a difference in the world today.

For this year’s edition, 4651 students and teachers representing 461 schools from 63 different countries submitted a total of 1899 projects.

Avira was excited to also delegate a jury member for the competition. Alexandru Mihai, Web Backend Software Engineer in the Cloud Services & Infrastructure Department contributed to choosing the best project in the Programming section of InfoMatrix.

InfoMatrix 2015 : The Best Projects

  • Visionbot: Alexandru Ionut Budişteanu obtained the gold medal for the ‘VisionBot Pick and Place machine’ project. Visionbot is a robotic machine able to automatically create electronic products by introducing surface-mount devices (SMD) as capacitors, resistors, and integrated circuits on printed circuit boards (PCB). This machine should allow engineers and even SMBs to transform their prototypes into industrial products (electronics, computers, consumer electronics).
  • R-Walker: Victor Ricardo and Matias Garcia from Mexico also won a gold medal with the R-Walker project: a prototype of alternative energy and urban mobility consisting of three electrical systems, mechanical and hydraulic ensuring safety, comfort and speed of use. This personal scooter is not only cheap but since its main source of energy is obtained through alternative methods it can be a decisive help in reducing pollution.
  • Usertik: Haris Başici and Nedim Şişici from Bosnia received the first prize at the Programming section with an ingenious solution that allows automated delivery and integration of high quality web services. More details about the project are available on their official website.
  • Noriy.NET: Roşca Codreanu-Ionescu Alexandru, representing Romania, created a cloud service for parental control. His goal was for parents to ensure safe Internet browsing on their children’s devices as well as help them benefit from a system of notifications for potentially dangerous activities.
  • Low poly dreams: you can check out for yourself the cool 3D video animation that helped Juanro Cobian from Mexico to win the 1st place in the “Computerized Graphics” section.

We’re already looking forward to the 2016 edition of this wonderful event that brings together so many talented students from all around the world.

The post Infomatrix 2015: they’ve got skills! appeared first on Avira Blog.

100,000 Tax Accounts Breached Through IRS “Get Transcript” App

While nothing is impossible to breach you’d think that it would be really really hard to gain access to information like the one from the IRS. At least that’s what I thought – until I saw their press release today. According to the statement cybercriminals managed to illegally gain access to data from about 100,000 accounts by using the IRS’ very own “Get Transcript” app. Accessed data include things like addresses, birthdates, Social Security information, and the tax filing statuses.

Now don’t misunderstand the situation: The IRS has not been hacked. Well. Not in the usual sense of the word anyway. “These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer”, explains the IRS statement. What does that mean? The criminals collected a lot of data and information on a lot of unlucky people – be it through phishing of by buying data from shady online sources – and used them to actually access taxpayers past tax records.

According to the information supplied the attackers tried to access 200,000 accounts between February and mid-May which leaves them with a success rate of 50%.

Once the IRS identified the questionable attempts to gain access to its data it decided to shut down the “Get Transcript” app temporarily. The whole affair is now also under investigation of the Treasury Inspector General for Tax Administration and the IRS’ Criminal Investigation unit.

The IRS closes the statement with the following: “The IRS will be working aggressively to protect affected taxpayers and strengthen our protocols even further going forward.”

The post 100,000 Tax Accounts Breached Through IRS “Get Transcript” App appeared first on Avira Blog.

Typosquatting tries to make a victim of everyone

Reality sets the stage

The reality is that ‘legitimate’ sites – such as those provided by hotels, airlines, schools, or any other ‘official’ organization – can be and very often are infected by various types of malicious software (AKA malware). The malware, once installed, enables cybercriminals to capture private information parked on or passing through the computer of the unsuspecting website visitor.

In addition to our own Avira Protection Lab findings, even Google reports that the vast majority of websites infected by malware are legitimate sites that have been hacked – often without the organization behind the site even being aware of it. This is why IT security firms like Avira frequently contact companies to let them know that their official websites have been compromised.

Legitimacy distorted

With legitimate sites a larger potential target, and people going to them doing so with false confidence in their level of safety, smart cybercriminals know that there is deception potential, even if an organization takes all necessary security measures to ensure that its website is secure. Sometimes the most-effective attacks are against the simplest of human errors – in this case, the typo, and thus mistyped URLs serve hackers as a simple enough distortion of a legitimate site.

This method taking advantage of misspelled URLs is known as ‘typosquatting’. Also called ‘fake URL’, ‘URL hijacking’, and ‘brandjacking’, the approach relies on the human tendency to make an error when typing a web address into a browser’s address bar, taking advantage of the most likely spelling variants (e.g. phonetic) and errors (e.g. letter transposition) to set a trap for the unsuspecting typist.

What it looks like

A hacker using the typosquatting technique with www.example.com would use variants such as www.example.org, www.exampel.com, www.ecsample.com, and so on. Once the person arrives on one of the incorrect sites, he/she has landed on an infected webpage (or gets redirected to one of several or many owned by a ‘cybersquatter’).

In some cases, the fake site will also look just like the original site – same messaging, same graphics, same logo. In a best-case scenario, the infected page contains only advertisements, but some of these can act as malware by opening one after another even if you try to exit the page – a technique known as ‘mousetrapping’.

The hacker’s motive

Almost without exception, the motive is profit. In the case of ad-infected pages, hackers earn money by redirecting traffic to the ads, plus more when those ads are clicked (which is bound to happen, based on sheer numbers driven to them). In the case of malware-infected pages, hackers earn money by stealing private data that enables them access to bank accounts.

Your solution

Avira security software blocks malware and adware from installing on the potential victim’s PC, therefore preventing the theft of the Avira customer’s private data. While Avira Free Antivirus provides baseline protection (a level that everyone, without exception, should have as a bare minimum), Avira premium versions offer additional security layers and maintenance utilities to also keep your PC running like new.

The post Typosquatting tries to make a victim of everyone appeared first on Avira Blog.

Scamware or why you shouldn’t believe in miracles

We normally make fun of this, or just totally ignore it. We know that it probably is a scam. So, if we don’t believe those ads, why do we believe in some apps? Apps that advertise things like:

  1. Get free stuff in our shop through your favorite social network with the ‘Just click and win’!
  2. Fix your computer; increase your RAM and hard disk space all in one click with ‘Ultra Optimizer Plus’!
  3. Install this app on your phone to get ‘Sexy videos on your phone for free 😉😉 ‘!
  4. Buy the NEW SUPER SHINY (not official) Video ‘Not-Fake Player’!

Nowadays Social Networks appear to be the best places to find victims for scams. Who hasn’t seen offers like “Like and share to win an iPhone”, “See the leaked video of the last Pop Star”, “New Facebook features!” and so on Facebook? These are – of course – usually tricks to make you fall for a scam.

facecrooks has a huge list of Facebook related scam. Below are just two of the countless examples:

Free iPhones: Like the Facebook page and share the picture. It is easy to win a phone right? Wrong. There is no iPhone and you will be spammed from this page (pages can be sold as advertising spaces) because you gave them a like.

2 Picture from facecrooks.com

 
Profile viewer: Don’t you want to know if the girl from school or the boy from work is seeing your pictures? So better ask them because these kinds of plugins/features/apps don’t work. Normally behind these links you will find some PUA or Adware ready to be downloaded and installed on your computer.

3 Picture from facecrooks.com

Then there are applications that can improve the performance of your computer. We offer you Avira System Speedup. This program can defragment your hard drive or delete useless folders and registry entries. It works perfectly well and WILL speed up your PC – to some degree. But there is just no application that will perform wonders on your PC. If it is 8 years old and slow, it will just never feel like a newer machine with more RAM and a better CPU despite your efforts and you paying €50 to improve it with a random program that promises you just that. Those scam apps, apart from not fixing your computer, also create errors or problems that didn’t exist before, in order to make you pay even more money for fixes you would not have needed in the first place.

Optimizer Pro (another real world example) could be classified as scareware as well; it tells us that the computer needs to fix things that, in fact, are working correctly. It uses our fear to get us to pay for the product.

4

Scam is not getting old. It is also very present on our smartphones. Do you want an app that does things for free where others take money? It is possible, but be careful. With these applications you will usually be walking on thin ice.

Porn app for Android for example is an app that allows users to watch porn videos for free. Just accept the conditions, give them permissions and run the app as soon as you can! Ooops! Did you think ransomware was only affecting your PC? Now you also have your phone blocked.

5

When you want to get an application, try to download it from the original source if possible. Also check different sites first, since lots of applications are actually for free.

Even on a well-known and trusted site like Amazon it is easy to find scam regarding original software. VLC is a popular video player which can be downloaded for free – but believe it or not, there are actually people trying to sell it to you to make some quick bucks.

6

If you don’t trust the source, or if it looks just a tiny bit suspicious, turn around and run as fast as you can. Regarding scam applications: If you are looking for something specific, first check for another users opinions and more information, compare it with other products, and if you are still not sure, just leave it be.

In conclusion, Scamware is a waste of time and money and never does the things you were promised it was going to do. So don’t believe in these false promises of “eternal life potion”, “Ferraris for free” or “1 click super computer”.

Links:

The post Scamware or why you shouldn’t believe in miracles appeared first on Avira Blog.

Adult FriendFinder & Co.: Dangerous Cyber Liaisons

Let me start out by saying that this post is not about whether dating websites/apps are good or bad. I’m not qualified to make that call. But if you’re using them, you should understand the risks. And as your reward for reading (and hopefully sharing this post), I’ve listed at the bottom Tinder’s best – and most dangerous pickup lines… So let’s get started – with a quiz!

What do Adult FriendFinder, CupidMedia, eHarmony and Tinder have in common?

Yes, they all regularly lead to matches made in cyber heaven (and no doubt, hellish heartbreaks), but that’s not the point: they all display(ed) security vulnerabilities. Let’s walk through them one-by-one.

1. Putting yourself out there… And all your data too

Adult FriendFinder was just hacked. Happens to companies all the time you say? Fair enough, but what is remarkable here is the quality of leaked data: 3.5 million gorgeous profile pics and sexy alias’ – along with names, emails, zip codes, IP addresses, passwords and sexual preferences. In other words, the perfect cocktail needed for targeted spam and identity theft.

TIPS:

  1. Create a new email address dedicated to the dating website.
  2. Use a nickname or alias instead of your full name.
  3. Create a unique and complex password for that platform (back in 2012, eHarmony accounts with the glorious password – “password”, were compromised).
  4. If twitterpated makes you forgetful, use a password manager to create and store these passwords for you.

2. I know where you hang out

Tinder is a very popular dating app, which is premised on selecting profiles of people who are located close to you (very popular with Olympians at Sochi…). Once both parties ‘like’ each other’s profiles, they can start chatting.

Back in 2014, a vulnerability was identified that enabled hackers to pinpoint users’ exact location in real-time. This facilitated stalking and opened the door (quite literally) to burglaries, knowing that the user was not at home.

Although this vulnerability has since been fixed, a recent study by IBM identified 26 out of 41 dating apps on Android that had “medium or high security vulnerabilities”. These apps tend to request excessive permissions and run up expensive charges…

TIPS:

  1. Although the names of unsafe apps were not divulged, IBM did say that Match, OkCupid and Tinder were not on the “blacklist”…
  2. Always keep your apps up-to-date to reduce the chances of falling prey to security vulnerabilities.

I can see you… Through your camera and webcam…

Remember Blackshades – that creepy Trojan that gave hackers access to webcams (and was used by a sextortionist to prey on Miss Teen USA)? Like most chatting platforms, dating websites and apps are popular avenues for distributing malware. After all, an innocuous-looking link, promising a revealing picture, can just as easily open a harmful website or file. To paraphrase the late Robin Williams, we were given a brain and nether regions but only enough blood to run one at a time.

TIPS:

  1. Use common sense: if an unknown user is offering to share revealing pictures, pass.
  2. Use an antivirus on your devices. I also recommend you use an app that shows you what permissions your mobile apps are getting. Avira’s free Android app includes both these functionalities and can be found on Google Play.

 

As promised… Tinder’s Most Dangerous Pickup Lines…*

  1. I know this profile’s fake, but can I get the name of the model you used?
  2. Going to undress… want to watch on webcam?
  3. Credit card is to prove your age… Can’t show stuff to minors…
  4. I don’t have any pics on my phone, but here’s one I have in email, answer me on text, not here.
  5. I’m still recovering from last night with this iPhone game. Play with me and I’ll give you my number.

* Disclosure: explicit sexual content was removed from the pick-up lines.

The post Adult FriendFinder & Co.: Dangerous Cyber Liaisons appeared first on Avira Blog.

Hacking tools to become weapons of war

Hackers can start wars. That’s a fact. It’s also one of the fears people have learned to live with. As opposed to some reductionist definitions of war, when it comes to the cyber-war topic, it’s not always a good vs. bad kind of battle. It’s more of a battle of competences between highly skilled hackers.

Divide and conquer

In order for a massive hacking to succeed, some advanced software programs are required. Here’s where the US government saw on opportunity to try and keep under control foreign hacking initiatives.

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that focuses on national security and high technology issues, is currently struggling to obtain tighter export rules for computer security tools. The objective is to disallow encryption license exceptions for cyber security tools that qualify as “intrusion software” thanks to the ability to extract or modify data from a computer or a network-enabled device or simply tweak the standard execution path of a program.

No hacking without license

As mentioned in the official presentation, the BIS proposal  focuses on:

  • systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software;
  • software specially designed or modified for the development or production of such systems, equipment or components;
  • software specially designed for the generation, operation or delivery of, or communication with, intrusion software;
  • technology required for the development of intrusion software;
  • Internet Protocol network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor

Although we are talking about the United States Government, this proposal can lead to the revision of international agreements and thus have an important impact on the work of security researchers all around the world.

Initially mentioned in the Wassenaar Arrangement (WA) at the Plenary meeting in December 2013, the proposal is up to debate for another two months so make sure to submit a formal comment in the Federal Register.

Read more about this on the BetaNews website.

 

 

The post Hacking tools to become weapons of war appeared first on Avira Blog.

Unlimited Free Coffee at Starbucks? A Hacker Made It Happen

Egor Homakov made it actually happen. In his blogpost he describes how he managed to find a way to generate an unlimited amount of money on Starbucks gift cards.

If you are like me the only thing you want to know now is “HOW?!” (and your second thought will probably be: I want this so bad!).  So let me curve your enthusiasm right now: Homakov of course did the right thing and reported the exploit to Starbucks.

Now back to topic! What the security expert did was to use a vulnerability called “race condition”. He bought three Starbucks card for $5 each and tried to use the vulnerability to transfer money between the cards without it being deduced.

“So the transfer of money from card1 to card2 is stateful: first request POST /step1?amount=1&from=wallet1&to=wallet2 saves these values in the session and the second POST/step2?confirm actually transfers the money and clears the session”, Homakov writes and continues: “After 5 failed attempts I was about to give up. Race condition is a kind of a vulnerability when you never know if the app is vulnerable, you just need to try some more. […]But yeah, the 6th request created two $5 transfers from wallet1 with 5 dollars balance. Now we have 2 cards with 15 and 5 (20 in total).”

The only thing left to do was to buy something with this money in order to deliver the  proof of concept. One chicken sandwich, a few bottles of water, and some gum later the new balance on his cards was $5.70.

Starbucks was pretty unhappy with the stunt despite Homakov adding the $10 to his account from his credit card and disclosing the bug immediately.  They might have been even unhappier though, if a lot of hungry and coffee addicted customers would have abused the system …

The post Unlimited Free Coffee at Starbucks? A Hacker Made It Happen appeared first on Avira Blog.