Tag Archives: featured1

Panda Security

Cryptolocker in Companies – Interview with Juan Santesmases

Cryptolocker is the threat that everyone is talking about. It affects both home users and companies though, in many cases, companies are more exposed due to the large amount of confidential information they handle.

Juan Santesmases, Vice President Product Management & Business Development at Panda Security, explains what Cryptolocker is and how companies can deal with it.

Juan Santesmases

Cryptolocker has been the talk of the town in IT security circles over the last few weeks… What makes it different from the rest of threats that companies face?

Cryptolocker is a type of targeted attack, and like all targeted attacks, it requires great sophistication and, consequently, a great investment from the cybercriminals who launch it. The damage caused by this targeted attack is not very different from that caused by other attacks suffered by companies every day. The big difference is that, in this case, the target company is aware of the attack because the malware itself notifies it to the infected user, who knows from the start how much it will be to retrieve the stolen information. Hence its great popularity among cyber-criminals.

However, there are many other targeted attacks equally or even more harmful than CryptoLocker which in many cases go unnoticed by companies and end users. Especially if they involve theft of vital business information, such as customer data, product development plans, or sensitive personal information such as banking details. Even if detected, these attacks are often not publicized due to the impact they may have on a company’s reputation. We have seen attacks like these suffered by Sony, Google, Amazon, Target, and many other companies.

What do cybercriminals want with this type of attack?

Cryptolocker is a type of malware known as ransomware. This particular kind of malicious software is designed to hijack the victim’s data and demand a ransom for it. The high volume of this “market”, which has every characteristic of a traditional market, with its supply and demand, makes it very profitable for criminals, who invest large sums of money to develop this type of threat.

Is there any way to identify it?

It is really difficult. Generally speaking, companies are very unprotected against this type of attack, hence its high rate of infection and the echo it receives in the media. This vulnerability is due to the fact that traditional detection mechanisms, such as email or Web filtering systems and antivirus solutions, are simply not effective enough.

To a greater or lesser extent, traditional detection mechanisms are based on comparing software, URLs, or email signatures with known patterns of previously detected and classified threats. However, with an average of more than 200,000 new malware samples put in circulation every day, this type of strategy has become obsolete. Despite the investments made by security vendors to improve the efficiency of their traditional protection mechanisms and reduce reaction times, they continue to be just that: reactive mechanisms. In the end it becomes a race between criminals and security vendors that we do not always get to win.

That’s why we need a whole new approach to protection. Something Panda realized seven years ago, and has culminated in the development of Panda Adaptive Defense, our persistent threat protection system that is able to stop Cryptolocker and, more importantly, its variants.

What differentiates Adaptive Defense from other solutions?

First, Adaptive Defense is a service rather than a solution. Adaptive Defense evaluates and classifies all applications running on customers’ endpoints, based on the analysis of more than two thousand actions that each application can perform. This process takes place largely automatically in our Big Data Environment, and is complemented with the manual analyses carried out by our security experts at PandaLabs.

The continuous classification and monitoring of all applications has allowed us to not only identify and categorize malware, but also goodware and its vulnerabilities. Our database contains more than 1.2 billion goodware applications. Thus, while a traditional antivirus solution blocks known malware and assumes that any other application is benign, with the risk that that entails, Adaptive Defense only allows the execution of applications cataloged as goodware.

It could be argued that there are already whitelisting tools with a similar approach. However Adaptive Defense goes beyond traditional whitelisting, doing all the classification work automatically and transparently to the company’s system administrator.

Finally, as it is installed on the endpoint, Adaptive Defense provides full visibility into all applications installed on the device, notifying security administrators of any threat detected and allowing them to take remediation actions against them.

Targeted attacks, advanced persistent threats, Cryptolocker… No one can doubt that companies are in the crosshairs of cybercriminals.

As I said before, cybercrime has become a very profitable business for criminals. The resources and tools available to criminals are so important that no company, regardless of its size, is out of their reach. In Spain, all of the companies in which we have deployed our solution, regardless of their size or the safety measures in place, had endpoints whose security had been compromised to a greater or lesser extent. In fact, according to INCIBE (Spain’s Cybersecurity Agency), the economic impact of cybercrime in Spain during 2014 amounted to €14 billion for businesses.

Our mission as IT security vendors goes beyond developing more effective products and services, we must raise awareness and help businesses implement adequate protection strategies.

VISIT ADAPTIVE DEFENSE

The post Cryptolocker in Companies – Interview with Juan Santesmases appeared first on MediaCenter Panda Security.

Avast

Are the hacks on Mr. Robot real?

Last night the pilot episode of MR. ROBOT, a new thriller-drama series aired on USA Network.

The show revolves around Elliot who works as a cyber security engineer by day and is a vigilante hacker by night.

I watched the episode and then sat down with Avast security expert Pedram Amini, host of Avast’s new video podcast debuting next week, to find out if someone like you or me could be affected by the hacks that happened in the show.

In the second minute of the episode we see Elliot explaining to Rajid, owner of Ron’s Coffee, that he intercepted the café’s Wi-Fi network, which lead him to discover that Rajid ran a child pornography website.

Stefanie: How likely is it that someone can hack you while you’re using an open Wi-Fi hotspot?

Pedram: Anyone with a just a little technical knowledge can download free software online and observe people’s activities on open Wi-Fi. We went to San Francisco, New York, and Chicago for a Wi-Fi monitoring experiment and found that one-third of Wi-Fi networks are open, without password-protection. If you surf sites that are unprotected, meaning they use the HTTP protocol, while on open Wi-Fi, then anyone can see, for example, which Wikipedia articles you are reading, what you’re searching for on Bing, and even see what products you are browsing for on Amazon and eBay, if you do not log in to the site.

Stefanie: Wow! That’s a bit frightening… How can I protect myself then?

Pedram: You can stay safe while using any public Wi-Fi network by using a Virtual Private Network (VPN). A VPN creates a virtual shield and tunnels traffic to a proxy server. The proxy server protects your personal data, thus preventing hackers from accessing your files and other sensitive information stored on your device.

We actually found that more than half of Americans connect to free and open Wi-Fi networks and that of the 55% who do, 76% prefer networks that don’t require registration or a password to connect, yet only 6% use a VPN or proxy while connected to open Wi-Fi.

Fast forward to minute 10:55. We see Elliot with his therapist Krista, whom he hacked (hacking people is clearly his hobby ;) ).

Stefanie: Elliot says that hacking Krista was simple, because her password was her favorite artist and her birth year backwards. We know that you should always use a complex password, more than eight characters and that your password should include letters, numbers, and symbols, but do most people really have complex passwords? Could having simple passwords really put you at risk?

Pedram: Most people, unfortunately, do not have complex passwords. For example, we found that one-third of American’s router passwords contain their address, name, phone number, a significant date, and their child’s or pet’s name. Not only that, but last year we found that most hackers’ passwords were only 6 characters long and that the most frequently used word in their passwords was the word “hack”.

Having a simple password that is either a dictionary word or that is comprised of personal information can put you at risk

If you think about it, bits and pieces of our private lives are scattered on the Internet. Someone can easily do a quick Google search, check out some of your social media sites and with a little time and patience, they can figure out your simple password. Even worse, if you use the same password for multiple sites, you really make it easy for hackers to hack all of your accounts.

Moving forward to minute 25, Angela, Elliot’s friend and colleague, calls him for help because their client, E Corp, a multinational conglomerate, has been hit with a DDoS attack.

Stefanie: What is a DDoS attack? Can this affect the average computer user?

Pedram: DDoS stands for distributed denial of service attack and is used to make a service unavailable. In the end we discover that the attack on E Corp was actually based on rootkits that had subverted a variety of servers, but I’ll continue to describe a DDoS attack.

DDoS attacks are sent by two or more people, but more often by an army of bots AKA a botnet. These bots send so many requests to a server that the server becomes overloaded and cannot provide its service anymore. DDoS attacks target large businesses, so the average computer user does not become affected, unless the service they want to use is not available because it has been hit by a DDoS attack.

However, the average user can help facilitate a DDoS attack unknowingly. We researched home routers and found that millions are vulnerable. Routers are connected to the Internet 24/7 and can be easily exploited and used as a bot, which, as I explained, can be used in a DDoS attack. A famous example is the hack of the Sony Playstation Network and Xbox Live last Christmas – the hacker group claimed they used a router botnet for the attack.

To prevent this from happening, people should make sure their router firmware is always up-to-date and perform a router scan to check if their router is vulnerable or not.

In minute 55, Elliot tries to hack Krista’s new boyfriend, Michael. He calls Michael pretending to be a from his bank’s fraud department, confirming his address and asking him security questions to verify his account: what his favorite baseball team is, his pet’s name. Using the information he gathered combined with a dictionary brute force attack he attempts to get Michael’s password.

Stefanie: What is a brute force attack? Can this happen to the average user?

Pedram: A brute force attack is password guessing which systematically checks all possible passwords until the correct one is found. Think of it like a machine going through a huge dictionary of passwords that types each one into an account to unlock it.

Brute force was likely one of the techniques used in hacking the iCloud accounts which eventually lead to the nude celebrity pics from stars like Jennifer Lawrence and Kirsten Dunst being distributed over the Internet. This type of attack is not exclusively used against celebrities. Hackers can use brute force attacks to hack any user accounts, given they have account email addresses. Typically, they would target accounts that hold credit card or other financial information they can abuse for financial gain. This is why, again, it is vital you use strong passwords for all of your accounts.

Stefanie: Thank you for the chat Pedram. I look forward to discussing Mr. Robot’s next episode, Ones and zer0es with you next week!

You can watch MR. ROBOT on USA Network Wednesday nights 10/9 central.

Follow Avast on FacebookTwitter and Google+ where we will keep you updated on the new Avast video podcast hosted by Pedram Amini.

Panda Security

Panda Security continues to expand internationally through organic growth and innovation as it celebrates its 25th anniversary #Panda25years

Panda Security has reason to celebrate. Today the multinational developer of security solutions designed to protect the digital lives of individuals and organizations alike  is celebrating  25 years in the vanguard of IT security, not just in its native Spain, but all around the globe. Panda Security, with a direct presence in more than 80 countries and products distributed in around 200, has announced that Italy and Denmark are set to join its network of subsidiaries, as two important markets for the company’s European business. With these latest additions, the company now has 16 subsidiaries:  Austria, Belgium, Brazil, Canada, Denmark, Finland, France, Germany, Holland, Italy, Mexico, Portugal, Spain, Sweden, United Kingdom, and the U.S.A.

This internationalization process, which represents one of the pillars of the company’s four-year strategic plan, is further bolstered by the consolidation of its presence in markets where it is already strong, -Western Europe, the USA, Latin America-, for example with the recent inclusion of Panama in its ‘Country Partner’ model.

Moreover, in the coming months, Panda’s international expansion plan will also see it strengthen its position in emerging markets such as China, Russia and India.

New strategy for the 25th anniversary

In the year of its 25th anniversary the company has adopted a new corporate identity that reflects Panda’s commitment to simplifying the apparently complex, through the concept of ‘Simplexity’. This concept underpins the company’s effort to provide new and improved solutions to safeguard users’ digital lives.

“Our mission is to offer users a simple, fast and effective solution, which is always the product of our innovation. Throughout these 25 years, Panda has never ceased to innovate and to be in the vanguard of technology. We are positioned as visionaries with the implementation of technologies like Cloud Computing or Big Data Analytics which were totally disruptive some years ago. Now we are looking ahead to another 25 years with energy and enthusiasm, and with the certainty that we have all the resources we need to continue leading the way”, explains Diego Navarrete, CEO of Panda Security.

25th anniversary

Diego Navarrete, CEO of Panda Security

The company is set to embark on a four-year strategic plan, centered on internationalization, on maintaining the pace of growth –both of sales and product portfolio–, and on driving forward new technologies and strategic alliances that respond to market trends such as the Internet of things, Big Data, Cloud Computing or mobility.

To celebrate its 25th anniversary, Panda Security has prepared an infographic outlining the major milestones from the company’s history, which you can download here.

 

The post Panda Security continues to expand internationally through organic growth and innovation as it celebrates its 25th anniversary #Panda25years appeared first on MediaCenter Panda Security.

Avast

Samsung phones vulnerable to hacker attack via keyboard update

Samsung Swiftkey vulnerability puts Samsung devices at risk

600 million Samsung mobile devices are at risk. Image source: gadgets.ndtv.com

We rely on our apps. Everyday we use our favorite ones to check news, the weather for our next trip, and communicate with our loved ones. Some apps, especially the system ones, are continuously in use, even if they are not the foremost app on your screen. The keyboard is one of them.

Recently, a dangerous vulnerability was discovered in the most popular keyboard, SwiftKey. If you have a Samsung S6, S5, and even a S4 running the stock operating system, you’re at risk. The app always checks for language updates, but this process is not performed in a secure way. If you’re connected with an open or public Wi-Fi, your phone is at risk of a very common and dangerous Man-in-the-middle attack. Your connection will be compromised and all the Internet traffic could be eavesdropped upon. That includes the passwords you’re typing in the very same keyboard, your financial information, everything.

To insure your security, you need to use a VPN when on Wi-Fi, since that’s when most updates are scheduled to occur. You probably already know what a VPN is and how it works. If not, you can find a lot of information in our blog. Our product, Avast SecureLine VPN, creates an encrypted tunnel for the inbound and outbound data of your Internet connection, blocking any possibility of a Man-in-the-middle attack.

But the story does not end here. If you use SwiftKey on an unsecured Wi-Fi, the attacker could also download malware into your phone or tablet. That’s a job for Avast Mobile Security & Antivirus (AMS). Some users think that we don’t need a security product for our phones. They also think that security companies exaggerate the need for a security app just to sell their products. AMS not only scans the installation process of apps but also checks the Internet sites you’re visiting and malicious behavior of any file in your device. You can install Avast Mobile Security & Antivirus on your Android device for free from the Google Play store.

NOTE: At the writing of this post, a patch for the vulnerability was provided to mobile network operators by Samsung. SwiftKey wrote on their blog, “This vulnerability is unrelated to and does not affect our SwiftKey consumer apps on Google Play and the Apple App Store.”

 

 

Panda Security

25 years of security and innovation

It’s Panda’s Birthday. But this 2015 is not an ordinary anniversary. Tomorrow, June 25th, we turn 25, no more, no less!

Panda was born in 1990, which was also the date of the World Wide Web development, what a coincidence, right? It has been 25 years in which we had time to do many things but, at the same time, time has flied! 25 years researching, developing, analyzing and protecting our customers, both corporate and home users, against all Internet threats.

Despite all we could tell you here, it wouldn’t be enough! So, we think the best thing that we can do is to give you an overview of our 25 years of history with images. Thank you so much to all of you who have been part of it! :)

panda software

 

CeBIT 2001

CeBIT 2001

 

Bilbao Offices

Bilbao Offices, 2001

 

cebit, 2002

CEBIT, 2002

 

Cebit

CEBIT, 2003

 

PandaLabs

9 years ago… PandaLabs (2006)

 

panda - one step ahead

 

1st security blogger summit

1st Security Blogger Summit, 2009

 

panda-tres cantos

Old Offices in Tres Cantos (Madrid)

 

panda - the cloud security company

 

panda booth

Panda Booth at SIMO. 2007

 

open-windows

Open Windows Premiere. Madrid. 2014

 

news conference

Introducing Panda Security 2015 to the Media

 

Panda Security logo

 

Panda Kick Off

Panda Kick Off. Bilbao. 2015

 

simplexity

We’re Simplexity!

 

Congratulations and let’s enjoy another 25 years together! :)

 

birthday cake

The post 25 years of security and innovation appeared first on MediaCenter Panda Security.

Avast

Vacation scams can ruin your holiday

Do you dream of lounging with an umbrella drink on a sunny beach, hiking by a pristine lake in the cool mountains, or leisurely strolling through a world class museum? As you begin to make summer vacation plans, much of it planned and reserved via the Internet, here are a few scams to be aware of:

Fake vacation rentals

vacation scamsPrivate vacation rentals are growing in popularity and it’s easy to find one these days through portals like Airbnb, HomeAway, and Craigslist. A typical scam starts with attractive pictures of a property in a desired location. The phony landlord, who is really a scam artist, requires an up-front deposit on the rental that is typically sent by wire transfer. When the happy family arrives at the destination, it either doesn’t exist, it’s not at all like it was described, or it is not available for rental. It may even belong to someone else, who lives there and has no knowledge of the transaction.

How to protect yourself from vacation rental scams

Don’t be fooled by pretty pictures. Photoshop is amazing and an artist can do all kinds of tricks with it. Ask the property owner to send you additional photos. You can even look it up on Google’s Street View to make sure the property and address actually exists.

Use your credit card instead of cash to make any deposits. Cybercrooks prefer cash, so protect yourself by using your credit card. If you get in a jam, Visa, MasterCard, and American Express can help you recover money lost to fraud.

Fake vacation packages

cruise ship

“You’ve won a dream cruise to Bingo-Bongo Island!” A message like this may come to you via email or you may get a phone call from a hard-selling travel operator. Similar to the fake vacation rental, you are required to pay a deposit for your luxurious resort or cruise. When you arrive, you find out that the package was misrepresented and there are additional fees to be paid to get the “great deal.”

How to protect yourself from vacation package scams

Legitimate offers give you their cancellation and refund policy, along with details of the location of the vacation, the name of the cruise line or resort, the length of time you will be there, and contact information.

Get a confirmation or booking number from the cruise line, hotel, or airlines rather than the travel agency confirmation number. If the cruise line is not on your credit card statement, that is a warning flag.

Free airfare scams

Airfare is a big chunk of your vacation costs, so receiving a discount is welcome. But victims of airfare scams often find that after they pay they do not receive a confirmation or that their credit card has been declined. The only way to get the discount is to pay by wire transfer, which leaves the victim without a ticket and no way to claim a refund.

Don't fall for free airline ticket scams

Social media scams, like this Southwest Airlines scam that has been going around Facebook for a few years, lure prospective travelers to malicious websites with sweepstakes offering free airline tickets. Victims are asked to complete online surveys which reveal personal information, and agree to hidden offers in the fine print of the contest. They are encouraged to share the scam which then gets sent to all their Facebook friends. This type of  scam has been known to spread “lifejacking” malware as well. That gives a hacker control of your profile so viral messages are spread to your friend’s accounts.

How to protect yourself from free airfare scams

If it’s too good to be true, it probably is. Don’t open unsolicited emails, take phone calls, or share social posts that offer a once-in-a-lifetime deal without first confirming it’s real.

Panda Security

Apple reinforces security with iOS 9 and OS X El Capitan

Apple

Moscone Center in San Francisco (California), the same convention center where Google or Intel hold their events, welcomed around 5,000 developers between June 8th and 12th. All attended Apple’s annual Worldwide Developers Conference (WWDC).

Cupertino’s company officials revealed some of the features of the brand’s new operating systems, which are already available in their beta version. IPhones and iPads will update to iOS 9 and Mac computers to OS X 10.11 El Capitan, named after a vertical rock formation in Yosemite National Park (California).

In addition to the changes aimed to improve the user experience, in both new versions many of the innovations have to do with security. An aspect in which Apple has insisted over the past years.

One of the most obvious changes affect passwords. To increase the level of protection, the devices running iOS 9 after the update will require six digits passwords, instead of the standard four-digit one. However, you will be able to choose from several options: you can use a custom alphanumeric code, a custom numeric code or, as it was so far, a four-digit numeric code.

Apple ID

For those who decide to join the new format, this new passcode will make it more difficult for cybercriminals who want to take control over your phone or tablet. It allows over a million different combinations, significantly more than the 10,000 allowed by the current authentication method.

On the other hand, developers will have the best tools to guarantee the security of applications in their hands. With them, they will be able to connect their apps to the Internet via virtual private networks (VPN), a technology that allows a device to send and receive data in a public network with, in theory, as much security as if it was private.

Another important innovation is related to the Secure Socket Layer (SSL), which includes the protocols that encrypt communications over the internet. iOS 9 allows users to configure their system so that all internet connections made by their applications use HTTPS, a secure data transfer protocol.

In addition, Cupertino’s team ensure that the protocols will be updated constantly to avoid security vulnerabilities.

Safari has also improved its security measures. On the one hand, the extensions will have a certificate from Apple. Developers can distribute extensions with their own signature, but the apps will not be updated by themselves.

On the other hand, this new version includes extensions to block content (‘Content Blocking Safari extensions’), a way of preventing the execution of cookies, pop-ups, automated videos and other web content.

Despite the rumors for iOS 9 that suggested it would be ‘rootless’, which means it would not be possible to gain access to root directories, this feature does not exist in the beta versions. It is true that Apple has changed the administrators’ privileges in OS X El Capitan, so they cannot modify any of the options of the critical system files. The measure prevents the installation of some types of malware, and its persistence. There are also those who think that it will serve, rather than to protect the security, to avoid that users apply the dreaded ‘jailbreak’ to Apple’s devices.

The post Apple reinforces security with iOS 9 and OS X El Capitan appeared first on MediaCenter Panda Security.

Avast

Looking back at WWDC 2015

1

Apple’s Worldwide Developers Conference kicked off June 8 at San Francisco’s Moscone West.

Earlier this month, I was lucky enough to attend Apple’s Worldwide Developers Conference (WWDC) in San Francisco, where mobile developers from far and wide came together to learn about the future of iOS and OS X systems. Along with being the first time I was able to participate in this sought-after conference, it was also my first time visiting San Francisco.

Once you get past its glitz and the glamour, the majority of the event revolves around waiting in a series of queues — the day before the actual event began, the line for the event’s keynote lectures had formed around an entire city block. Although I wasn’t one of the first people to camp out there, I did arrive around 5:30 a.m. on Monday to stake out my spot. While the masses of people at WWDC can be a bit overwhelming, there really isn’t a better place to meet thousands of like-minded developers with whom one can strike up an interesting conversation discussing the ins and outs of of iOS development.

This year, Apple hosted 5,000 developers from 70 different countries, the vast majority of whom were present at WWDC for the first time. The WWDC Scholarship Program awarded 350 scholarships to recipients, the youngest of whom was Kiera Cawley, a 12-year-old app developer who has been coding since the age of nine. Apple CEO Tim Cook made a guest appearance at the conference’s special orientation session, mingling with the recipients and even taking selfies with some of them.

2

WWDC 2015

OS X EL CAPITAN — what a name! At first, I thought it had to be another joke from Craig Federighi, but I was wrong. A noteworthy new feature in El Capitan is the split view mode, which allows us to work on two apps simultaneously. Apple claims that there has been a 1.4x time increase in app launch times and 2x improvement in app switching speeds. In general, Apple has been quite busy and has made huge improvements for developers. The most exciting news is that Apple will be making Swift open source later this year — a big step forward for the developer community.

The recent release of iOS 9 makes the entire system smarter and more secure. Now, users can run two apps at once on an iPad, side by side in split view (the same feature present in OS X). This will be challenging for developers who still don’t prefer Auto Layout. For the rest of us, though, it works quite well. It’s also possible to make activities and documents within your app searchable using Spotlight or to include special links on your site that launch your app at a specific view. And yes, it’s still necessary to support iPhone 4s on iOS 9. However, it should be more optimized now more than ever before.

Jennifer Bailey announced release of Apple Pay in the UK next month. This was a bad piece of news for the developer sitting right next to me. He was working as a freelancer for a company that provides mobile payments in the UK via iOS. “My company is screwed and I should start looking for a new job,” he said in response to Bailey’s announcement. Apple Pay’s imminent launch is, unfortunately, not the best update for people whose jobs revolve around mobile payments.

During the rest of the week, Apple featured 100 sessions and labs, and over 1000 Apple engineers were present and ready to give me advice. UI Design Lab was the most popular workshop at the conference, and you could count on the fact that there’d be a huge line every day. After trying to get into the session every morning, I was finally able to make an appointment on Friday. In the end, it was worth the wait. :)

All in all, WWDC was a great opportunity to meet an impressive collection of talented developers and to discuss the vast amount of progress Apple has been making within the mobile sphere. See you next year, Apple!

Panda Security

Panda Security reached again 100% protection rate in AV-Comparatives’ tests

Panda Cloud Antivirus has achieved a 100% of malware detection rate, according to the last results published by AV-Comparatives in their montly report “Real-World Protection Tests”.

malware detection

The best news is that we have accomplished these results for two months in a row, Panda Cloud Antivirus’ efficiency and effectiveness is indisputable. This is an example of our capacity to improve and grow as a company.

Here you can get the complete report file, and the dynamic chart from the AV-Comparatives web.

The post Panda Security reached again 100% protection rate in AV-Comparatives’ tests appeared first on MediaCenter Panda Security.

Avast

Hola, Hola VPN users, you may have been part of a botnet!

VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following:

  • allows Hola users to use each others’ bandwidth
  • sells their users’ bandwidth to their sister company Luminati (which recently helped facilitate a botnet attack)
  • and, according to Vectra research, Hola can install and run code and additional software on their users’ devices without their users’ knowledge.

If you are an Hola user or if you know someone who uses Hola, please make sure you/they are aware of this.

The service, which can be downloaded either as an app or as a browser extension, is a peer-to-peer network that allows people to use other Hola users’ bandwidth to anonymize their browsing activities and to circumvent geo-restricted content.

Hola_logo_blackWhat many users did not realize is that they were essentially exit nodes and other Hola users could use their bandwidth to carry out illegal activity, like accessing child pornography.

Additionally, Hola sells its users’ bandwidth to its sister company, Luminati. Prior to the end of May, Hola did not mention Luminati on its website. Luminati’s premium service, which was originally advertised as being an anonymization network, uses Hola’s users as nodes to redirect traffic through. Hola’s connection to Luminati was exposed after a Luminati client launched a DDOS attack on 8chan, using Hola’s network (users) as a botnet.

Researchers at Vectra, a security company that identifies cyber attacks, dug a little deeper and discovered that Hola can also download and install additional software without the user’s knowledge and can install and run code without the user’s knowledge as well. Furthermore, Vectra found that Hola contains a built in console, “zconsole”. Zconsole allows direct human interaction with an Hola node even when Hola is not being actively used by a user. With access to the console an attacker could, as Vectra points out, “accomplish almost anything” and launch a large and targeted attack.

What we can learn from this

There is one main lesson people should learn from the Hola situation: research the products you download and use.

What many people may not have been aware of in this situation was how their  bandwidth could be abused by fellow Hola users and how much control Hola had. A VPN helps you to anonymize all of your browsing activities – and to access content in geo-restricted regions by redirecting it through other servers. This can, for example, be useful if you travel or live abroad and want to access content from your home country.

What you should research before choosing a VPN service

Before deciding which VPN service to use, research the VPN provider and make sure the provider you choose is trustworthy. Find out what methods they use. If they use servers to redirect traffic through, make sure you know who owns the servers, what they do with the data that flows through the servers and whether or not they keep your data or sell it to third parties.

Avast for example, offers free antivirus, but our Avast SecureLine VPN is a premium service. We charge for our VPN services, because we pay extra to own and maintain servers around the world to redirect traffic through. We do not log the data that flows via our VPN services.

Know how much control your VPN service really has Hola is available as an app and browser extension and as mentioned above, Vectra found that Hola is able to do a lot more than just redirect your traffic. Hola can download and run additional code through your browser, without your knowledge. Of course a VPN service is always going to have access to your personal data (otherwise it wouldn’t work). However, even if they don’t provide a VPN feature, browser extensions have immense control over your browser that most users may not be fully aware of.

 “Browser extensions can see everything you see in your browser, as well as everything you type in your browser, including passwords. Untrustworthy browser extension vendors can easily misuse this data and it is therefore extremely important that users be careful when choosing which browser extensions to install. On top of that, browser extensions can also manipulate search results and slow down your browser.”  Thomas Salomon, head of Browser Cleanup product development at Avast.

What you should do before downloading a browser extension

When deciding on whether or not you should download a browser extension, you should also first make sure the extension comes from a reliable and trusted source, read both professional and user reviews about the extension and read the extensions terms and conditions before downloading it.

What you should do if you have a bad extension installed on your browser If you are worried that you may have malicious extensions (they are often added when installing an otherwise legitimate program without you even noticing) installed on your browser or have an extension that is difficult to remove, you should run Avast Browser Cleanup. Avast Browser Cleanup is a tool that removes malicious and poorly rated add-ons and restores your browser to its initial and clean state. Avast Browser Cleanup is included in Avast and is now also available as a stand-alone product.

Keeping your browsing safe

Our browsing information is extremely valuable: we bank online, keep in touch with our loved ones via email and social media, search for everything under the sun on the Internet. Piece all this information together and you have someone’s complete identity, not something you want to hand over to just anyone.

VPNs and browser extensions, like Hola, become dangerous the minute they abuse their power, without openly informing their users of what they are doing. It is therefore vital that you are aware of what software you have installed on your computer and what extensions you have installed on your browser to keep your private information private.