At VB2015 in Prague, three experts from the Avira labs – Moritz Kroll, Philipp Wolf & Ayoub Faouzi – spoke on botnet tracking. Here is a summary of their findings:
The post Botnet Milking: Malware Freshly Served From the Source appeared first on Avira Blog.
Mike Mimoso and Chris Brook discuss the week in news–including how researchers disrupted a campaign using the Angler Exploit Kit, how a researcher was forced to pull a talk from a conference, and how a practical SHA-1 collision could be months away, not years.
As Google Play tightens their security measures on mobile apps, hackers are moving to third party app stores. Fake apps imitating popular apps were found on the Windows Phone Store earlier this week. Now a new batch of infected Android apps imitating the real deal have been found on unofficial third-party Android app stores.
image via the FireEye blog
The new malicious adware, dubbed Kemoge, reported Wednesday by security researchers at FireEye, also disguises itself as popular applications. The apps trick the user into installing them through in-app ads and ads promoting the download links via websites. The legitimate appearing apps aggressively display unwanted advertisements which seem annoying, but in the FireEye blog researcher Yulong Zhong writes, ” it soon turns evil.”
The fake apps gain root access and gathers device information such as the phones IMEI, IMSI, and storage information, then sends the data to a remote server.
Infections have been discovered in more than 20 countries, including the United States, China, France, Russia, and the United Kingdom. Because of Chinese characters found in the code, it is believed that the malware was written by Chinese developers or controlled by Chinese hackers. The apps included Talking Tom 3, WiFi Enhancer, Assistive Touch, PinkyGirls, and Sex Cademy.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
A hacker who used the notorious Blackshades RAT malware to hijack webcams on computers, and secretly watch people engaged in sexual activity, has received a suspended prison sentence.
The post Webcam hacker spent up to 12 hours a day watching his victims appeared first on We Live Security.
A new report from the Ponemon Institute reveals that the global cost of cybercrime to businesses shows no signs of slowing down.
The post Global cost of cybercrime ‘continues to rise’ appeared first on We Live Security.
A new malware identified as YiSpecter attacks iOS devices with and without jailbreak, researchers from Palo Alto Networks have revealed. ESET has detected this malware as a trojan with both variants iOS/YiSpecter.A and iOS/YiSpecter.B.
The post New YiSpecter malware attacks iOS devices without jailbreak appeared first on We Live Security.
Cybercrime is more aggressive and confrontational than it has ever been, Europol’s latest Internet Organised Crime Threat Assessment (IOCTA) has stated.
The post Cybercrime ‘more threatening than ever’ appeared first on We Live Security.
Despite blocking efforts, online advertising is a daily part of our lives. Most of us get used to the large volume of adverts displayed daily, but authors of malicious code are trying to push the limits much further nowadays via advert-injection techniques used in malware threats.
In this post, we present a case study of one such malware that we detected via our AVG Identity Protection (IDP) component. Based on our telemetry, this infection is highly active and it is reaching its maximal peak. The most affected countries are the United States and Germany, followed by Saudi Arabia and the United Arab Emirates.
The user infection starts while installing an application proclaimed by its authors as a “Weather Forecast Application”. However, once installed, this application silently downloads and installs other components that are purely malicious – this threat tries to infect all installed browsers and inject additional adverts in browser pages. It also periodically loads sets of adverts in the background without user notification. As a side-effect, it sacrifices security and performance of the infected systems for the purpose of making money via ad providers.
Details about this threat are described in the following technical analysis.
You can also download the report now.
AVG customers are protected against this threat via our multi-level protection in AVG Internet Security. If you’re not protected, you might want to check your systems using the indicators of compromise (IOC) listed in the aforementioned technical analysis.
Sharing is a critical life skill, and I’m talking about more than snacks and your favorite toy. It is an essential part of stopping malware. But unlike trading brownies or matchbox cars, sharing malware samples is complicated.
The post Sharing and the fine art of stopping malware appeared first on Avira Blog.
Yay! It’s like collecting another trophy for the display case or another blue ribbon to hang on the wall, but what does it really mean? How is this type of testing useful for you, our customers?
Ondrej Vlcek, Avast’s Chief Operations Officer explains,
Because of the overwhelming growth of malware targeting consumers and businesses, labs like AV-Test Institute have become an invaluable independent source of data to Avast. Their research has influenced our engineers to expand their knowledge of malware, revolutionize diagnostic and detection methods, and facilitate strategies to get real-time updates to hundreds of millions of people who put their trust in our antivirus products.”
Here’s a little background on the testing lab.
AV-Test Institute is an independent lab designed specifically for testing and researching malware. Located in Magdeburg, Germany, they inhabit 1200m² (12,900 ft²) of space with 3 server rooms and a variety of main and secondary laboratories.
image via www.av-test.org
Just like a specialized facility that deals with infectious agents, AV-Test has set up safety protocols to avoid accidental infections. The hazardous material they store includes 330 million pieces of malicious test data collected over the past 15 years. Every day, they collect another 390,000 new samples of malware.
Thirty specialists work in three labs with more than 100 workstations connected to three physically separate networks: Red for all the test malware with no internet access, Yellow has limited internet access for malware testing, and Green has full internet access so they can download and update programs.
Every two months, antivirus products are run through a series of tests using a pre-determined configuration that mimics that of the real world. The AV-Test lab looks at three areas: Protection, Performance, and Usability.
In the August 2015 round, 22 products were run through grueling tests. The products can earn a maximum of six points in each of the three test categories for a total of 18 points.
For example, in the Protection category, Avast Free Antivirus had to recognize over 330 zero-day malware attacks, which means they are new, still unknown threats. In the second phase, the objective was to recognize and defend against just under 45,000 known malware threats from the AV-Test reference sets. The average results for the July and August test were 98% detection for zero-day. Avast Free Antivirus scored 99% and 100%, for an average of 99.5%. Avast Free Antivirus identified 100% of widespread and prevalent malware in the second phase. We improved our overall score over the previous test by a half a percentage point, which makes a difference in the real world.
The award of an AV-TEST CERTIFIED seal of approval is evidence that Avast Free Antivirus has achieved the level of performance and protection defined by the AV-Test labs.
Tests like these, and the ones by Austrian lab AV-Comparatives, are not only for security geeks, but useful for our customers. Even if you never read over the results, you can be guaranteed that we take them seriously and strive to use the information to create the best products we can to protect your home and business PCs, Macs, and Android smartphones and tablets.
Follow Avast on Facebook, Twitter, YouTube, and Google+ where we keep you updated on cybersecurity news every day.
