Category Archives: Avira

Avira

Hacker Hacked Into the Aircraft Engine Controls 20 Times

Remember Chris Roberts? He was the hacker who wasn’t allowed to board his plane last month, when he talked on his Twitter account about the (lack) of airplane security and joked about hacking into the electronic control system.

It now turns out that while he might have been joking that one time, he actually hacked into IFE systems on aircrafts while in flight about 15 to 20 times, according to an FBI search warrant application filed in the U.S. District Court for the Northern District of New York. In the same warrant Roberts also claims that he was able to successfully command the system he accessed to issue the “CLB” (or climb) command. This caused one of the airplane engines to climb which resulted in a sideways movement of the plane during one of the flights.

He told WIRED: “That paragraph that’s in there is one paragraph out of a lot of discussions, so there is context that is obviously missing which obviously I can’t say anything about. It would appear from what I’ve seen that the federal guys took one paragraph out of a lot of discussions and a lot of meetings and notes and just chose that one as opposed to plenty of others.” And on his Twitter account he states:

Well, at least airlines seem to slowly wake up and confront reality now: United Airlines just started a bug bounty program that will award miles depending on the severity and impact of the reported bugs.

The post Hacker Hacked Into the Aircraft Engine Controls 20 Times appeared first on Avira Blog.

Some GTA V Mods Serve You Malware

What it’s all about

aboutseven, a newly registered member on the GTA forums, was the first one to notice that all was not well with the processes running on his computer. “I came across something pretty startling today after reviewing my processes that were running on my computer. I tend to do this a lot out of paranoia, just checking that I don’t have stuff running in the background that I don’t want running, or if I ever possibly run into something that is out of the ordinary that could possibly be malware. I happened to notice that the Windows C# compiler running the background as csc.exe”, he wrote in his post.

After looking into it some more he dredged up a file called Fade.exe, which hijacked a part of the registry in order to being launched at boot. Some more testing revealed that a GTA mod named Angry Planes was to be held responsible for the malware landing on his system. Since the discovery, other players are claiming they’re finding similar harmful files on other mods as well, such as No Clip.

What it does

So, why exactly is Fade.exe such a problem? To answer the question, let’s just take a look at the modules that are loaded with the mod, according to another forum user named ckck:

  • “Facebook spam/credential stealing module
  • Twitch spam/credential stealing module
  • com spam/credential stealing module
  • A Steam spamming module
  • A Steam module that evaluates the items in your inventory and their value based on current market value
  • A Keylogger module that logs individual button presses in an XML like format, it also includes information about context switches (switching from one app/window to another)
  • A UDP flooding module
  • I hadn’t deciphered and didn’t see in action.”

What you can do

In case you have one of the mods installed, make sure to scan your computer with your AV and remove the malicious files. Keeping in mind that Fade.exe also sniffs around your Facebook, Steam, and Twitch accounts, make sure to change all your passwords as well.

The post Some GTA V Mods Serve You Malware appeared first on Avira Blog.

Mass-Scale Abuse of Routers Due to Lax Security

The reason why botnets like that can even exist? According to a study by Incapsula it’s simple negligence – by ISPs, vendors and users alike.

The attacks were first spotted last year in December and seem to be ongoing ever since. More than 40,000 infected routers from 1,600 ISPs all over the world have been documented. When not used to execute DDoS (distributed denial of service) attacks the routers do something rather scary: In their idle time they use their resources to scan for additional routers to recruit!

“Our analysis reveals that miscreants are using their botnet resources to scan for additional routers to add to their “flock.” They do so by executing shell scripts, searching for devices having open SSH ports which can be accessed using default credentials.

Facilitating the infiltration, all of these under-secured routers are clustered in the IP neighborhoods of specific ISPs, which provide them in bulk to end users. For perpetrators, this is like shooting fish in a barrel, which makes each of the scans that much more effective. Using this botnet also enables perpetrators to execute distributed scans, improving their chances against commonplace blacklisting, rate-limiting and reputation-based defense mechanisms”, the study says.

The researchers believe that the routers were not hacked by means of vulnerabilities in the firmware but were hijacked due to other issues: all units are remotely accessible via HTTP and SSH on their default ports and nearly all of them are configured with vendor-provided default login credentials.

This combination invites trouble and DDoS attacks are only one of the possible threats resulting from it. Attackers could just as well:

  • eavesdrop on all communication.
  • perform man-in-the-middle (MITM) attacks (e.g., DNS poisoning).
  • hijack cookies.
  • gain access to local network devices (e.g., CCTV cameras).

What can you do?

Make sure to always change the default login credentials. That’s something every router owner should do from the start. You should also think twice before enabling remote access to your router management interface.

The post Mass-Scale Abuse of Routers Due to Lax Security appeared first on Avira Blog.

AMA on Reddit: Your Questions, Our Answers

First of all we want to thank everyone who participated in voting up posts and asking question. Carlos really enjoyed answering you guys and loved the thoughtful and interesting queries (I specifically remember him saying more than once: “THIS is a good question! I could discuss it for a week.”). While some of them were a bit challenging to answer, he really tried to come up with something to say for every single one.

We are well aware though, that some of you probably didn’t have the time or opportunity to participate. That’s why we’ve decided to give you more time to ask your questions: Drop by whenever you feel like this week and just ask what’s on your mind. Carlos then will revisit the Reddit AMA post at the beginning of next week and answer the rest of the questions!

My favorite question was this one by the way:

Can jet fuel melt steel beams?
I’m not a physicist but despite other rumours (http://i0.kym-cdn.com/photos/images/original/000/920/259/143.jpg ) I’d still say yes. :)

But of course, there were also more than enough serious ones:

To my recollection, there are about 6 mil new malware discovered daily. How do you deal with such high numbers of new malware constantly appearing?
In our company we have many different ways to catch up to that huge quantity of files. The first thing that you need is to have large back-end systems that are able to manage that huge quantity of files together with different AI systems to classify them in a smart way. At the end, there will always remain hundreds of thousands of files that require a deeper (sometimes manual) look in order to improve or expand our AI systems. Yes and as you can imagine, it is an incredible amount of work.

You don’t know what to ask? Just take at the rest of the cool questions and answers from yesterday.

#content .entry-content
.bq{width:100%;border:1px
solid #dde5ed;color:#758fa3;margin-top:0px;margin-bottom:25px}#content .entry-content
.quest{margin:0px;font-weight:bold;font-size:14px;text-shadow:0px 1px 0px #f8fafb;padding:6px
11px;background:#eaeff5;border-top:1px solid #f4f7fa;border-bottom:1px solid #dde5ed}#content .entry-content
.text{line-height:19px;margin:0px;font-style:italic;padding:10px;background:#f8fafd}

The post AMA on Reddit: Your Questions, Our Answers appeared first on Avira Blog.

The Avira Online Essentials Dashboard: what’s essential about it?

Nowadays, taking care of your digital security is no longer reduced to downloading an antivirus program to your personal computer and hope not to catch any viruses while surfing the web. Your digital life has become an extension of all your most important daily activities and you now have to worry also about things like the photos and videos stored on your mobile devices or your email account being breached. Not to mention, how do you protect your close ones when IT isn’t exactly their cup of tea?

Avira Online Essentials: Your dedicated dashboard to manage your security across multiple devices

What if we told you that we can grant all our users access to a dashboard that allows them to manage the security level across all the devices they own and for as many users as they wish? This dashboard is real, it’s called Online Essentials and it is truly…essential, see it for yourself in the video below.

The Avira Online Essentials dashboard gives you an overview of the security applications installed on all your devices and helps you do so for other users as well. You won’t have to worry anymore about your mom’s antivirus expiring without you knowing, it has never been easier to help her keep her computer’s protection up-to-date.

Surfing the web is also safer now that Avira has integrated the Browser Safety feature in the Online Essentials dashboard. You just have to make sure to install our browser extension and we’ll keep you away from malicious websites. To get any worries related to phishing attacks off your mind, we added the Identity Safeguard feature to the menu, so that you can be the first to know about data breaches that may have an impact on your email account.

You’ll enjoy being able to protect and manage your computer, tablet and smartphone’s security in one single place but wait, there’s more. In case you have trouble locating your mobile device, the anti-theft feature helps you find it, block it or even wipe all personal data stored on it remotely. This way, you make sure to prevent any unauthorized access to your private information. A full data report on your device can also be exported from the dashboard to help the police find your stolen smartphone or tablet.

There’s a lot of other cool stuff you can do directly from the Online Essentials dashboard, like organizing a remote connection session in case you need to take over the control on one of your devices from distance.

The best news about the Avira Online Essentials dashboard? It’s free for all Avira users! Register now and unlock all the cool features: http://www.avira.com/en/avira-online-essentials

The post The Avira Online Essentials Dashboard: what’s essential about it? appeared first on Avira Blog.

New Linux Rootkit Exploits Graphics Cards

A rootkit PoC for Linux systems that runs on the processors and RAM of the graphics cards, Jellyfish is able to access the computer’s memory without having to route through the computer’s CPU. As CPUs are slower than GPUs for making calculations, GPUs are already used partially by some cryptocurrency-mining malware (e.g. to steal Bitcoins). But Jellyfish is the first malware to run entirely via the GPU, and works with Nvidia, AMD, and even Intel, if the latter is “supported through the AMD APP SDK, a software development kit that allows GPUs to be used for accelerating applications,” says Constantin.

As graphics-card-only malware has never been an exploitable area before, security software developers like Avira would need to engineer security efforts in yet another new direction. Although early reports indicate that Jellyfish is in a beta stage, unfinished, with some bugs, and currently requires OpenCL drivers installed on the targeted system in order to work, it could inspire future variants by those looking to exploit such vulnerabilities for personal gain (AKA cybercriminals).

After a 2013 research paper (pdf) titled “You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger,” the same research team behind Jellyfish has also developed a keylogger called ‘Demon’, which also works via the GPU.

Security firms may definitely have our hands full in coming months, it seems.

The post New Linux Rootkit Exploits Graphics Cards appeared first on Avira Blog.

WordPress: Compromised Sites Leaking User Credentials

Only recently there were several reports of WordPress plugins and themes with vulnerabilities:  Last week’s XSS vulnerability, multiple ones in the eCommerce shopping card plugin The CardPress, and a Zero Day exploit in WordPress 4.2.1.

This week it seems like there is yet another one. According to researchers at Zscaler there are a couple of compromised WordPress pages out there that are all leaking credentials. “The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain “conyouse.com” which is collecting all the credentials from these compromised sites”, the page reads.

They conclude that WordPress, as one of the most popular Content Management Systems and blogging platforms, remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.

If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.

The post WordPress: Compromised Sites Leaking User Credentials appeared first on Avira Blog.

Hackers-For-Hire: It’s This Cheap to Hack Your Account

That’s only partly true. Business Insider released an interesting list that tells you how much it costs to get different accounts hacked. According to the page hacking a generic website is quite expensive when compared to the other options: You’ll have to pay as much as $2000 to get it done. Getting Facebook account access is a lot cheaper with only $350 and the one for Gmail would only cost you $90. One popular hacker apparently even offers to boost Yelp reviews!

Let’s face it. If you know the right search terms you’ll be able to find almost everything. “While it’s well-known that the dark web offers black market marketplaces for things like drugs and firearms, so too are there places where hackers offer up their skills for a fee. These hackers-for-hire offer a wide-ranging menu of services, many of which are likely not legal, “ writes Business Insider, and one of the pages offering some of the services reads: “Hiring a hacker shouldn’t be a difficult process, we believe that finding a trustworthy professional hacker for hire should be a worry free and painless experience.”

Hacking as something for the mass market? Of course – hackers-for-hire would come in handy if you really need to break into your own accounts; but how often does that really happen? While the above site states in their Terms of Use that “you agree to act responsibly in a manner demonstrating the exercise of good judgment. For example and without limitation, you agree not to: violate any applicable law or regulation, infringe the rights of any third party, including, without limitation, intellectual property, privacy, publicity or contractual rights, etc.” one can only wonder how legitimate the requests made are in the end.

If there is one thing we can take from all of this, it’s that account safety should be takes more serious than ever.

The post Hackers-For-Hire: It’s This Cheap to Hack Your Account appeared first on Avira Blog.

Ex-NSA Guy Points to Mac Security Flaws

Whereas Apple develops its iOS with security a part of the process, with OS X development security seems to be more of an afterthought. ‘Bug bounty’ programs are one direction suggested for Apple, but until there is a change in the current approach, the vulnerabilities remain open to any would-be hackers.

At the recent RSA Conference in San Francisco, Wardle gave a presentation titled “Writing Bad@ss OS X Malware,” in which he challenges Apple’s OS X developers to change their way of thinking – especially considering that the majority of the malware getting into Macs (now measuring hundreds of thousands) is “amateur, even basic,” according to Wardle.

More advanced Mac attacks, such as the ‘Rootpipe’ backdoor, have been difficult for Apple to patch, and failed ‘fixes’ have been covered by thehackernews.com, computerworld.com, securityweek.com, forbes.com, and others in the first half of 2015.

AV-Test, a leading independent computer security testing firm, recently tested 10 different Mac OS X security software packages (you can read the full report here), writing that:

“The legend that Mac OS X is supposedly invincible is not borne out by the facts. In the aftermath of major attacks by Flashback, the police Trojan Browlock or Shellshock, the number of assaults on Mac OS X continues to increase.”

In AV-Test’s analysis, Avira Free Antivirus for Mac earned a 100% detection score against 160 new Mac-specific viruses and malware. If you’re taking chances with no security on your Mac, do yourself a favor and take care of it right now – FREE DOWNLOAD.

The post Ex-NSA Guy Points to Mac Security Flaws appeared first on Avira Blog.

Smart Cities – Intelligent but Vulnerable

Air conditioning that is shutting off automatically once you leave the building, apartments who call the fire department when it’s burning – those are just some of the things that scientist Anthony Towsned describes in his book “Smart Cities: Big Data, Civic Hackers, and the Quest for a New Utopia”.

And some of what you’d dream up for smart cities is already reality! Just take a look at New Songdo, a city that’s being built in South Korea. Trash, transportation and energy will all be controlled centrally. Residents are going to use smart cards as an ID, key, and payment method. Sounds innovative and like a dream, right?

Now if you believe this to be cool, just imagine what a paradise it will prove to be for hackers! Even now with the limited interconnection we have it is already possible to mess with traffic lights to jam roads and reroute cars. A lack of quality encryption makes it easy for hackers to just invade the system and screw around with it.

The more technology a city is using the more it becomes vulnerable to cyberattacks; the smartest cities are at risk the most, says Cesar Cerrudo, an Argentinian security researcher. He suggest that smart cities should secure their networks better to prevent scenarios like the one above. Let’s just hope that people take his advice seriously, otherwhise the dream of a smart city might end up to be a nightmare.

Head over to Golem.de to read the whole article (only available in German).

The post Smart Cities – Intelligent but Vulnerable appeared first on Avira Blog.