Tag Archives: Technology

Avira

CyptoLocker-style File Encryptors – Should you pay the ransom ?

Leave a comment

So – you get an e-mail telling you to read some important document that is attached, you rush to click on and all of a sudden your files start disappearing, become unreadable, or get weird extensions like “exx”. After a while you get the nice window telling you that your files are strongly encrypted and decryption is only possible with a private key which is on the hacker’s “secret server”. You are instructed to either click on a link or in other cases install the TorBrowser and access a DeepWeb website. In both cases you get redirected to a ransom webpage, where you are asked for a handful of money like the example below:

cryptolocker_01

Typical Ransom Page

The question is – should you or shouldn’t you pay the ransom?

Unfortunately we can’t make that decision for you, but here is why we recommend that you don’t:

1. Know who you’re dealing with
This is not some “accident” that just happened, and you are not buying a “decryption service”.

You are dealing with cyber-criminals who specifically built software to “steal” your files and now they are asking for money to return them to you.

These guys are cut from the same cloth as muggers who run away with your purse or kidnap your pets and demand ransom and it’s important to understand this in order to be in the correct mindset when making the decision.

2. Understand the risks
Usually the Ransomware is indeed built to send the decryption key to the attackers, but there are several things that can go wrong in the process, resulting in the decryption key being lost.

For example most Ransomware connect to regular domains to upload the decryption key, but many domains involved in malware activity get blocked or suspended every day. If that particular domain gets suspended, the decryption key isn’t sent to the attacker at all and just gets deleted from your system.

If that happens and you (being unaware of it) pay the ransom, you will end up with your files encrypted forever and 500$ short. If you think you can get a refund please go back to Chapter 1 – Know who you’re dealing with and read it again.

cryptolocker_02

Example of malware code uploading keys to regular domain

Another example is getting infected with some 6-month old trojan whose maker already got arrested. You have no way of knowing about it and sending bitcoin to his address doesn’t require any confirmation. Also bitcoin transactions can’t be reversed like normal bank transactions. In this case you are sending money to a person who can’t restore your files because he’s in a prison cell, and again you might end up with your files remaining encrypted and 500$ short.

3. Think about other victims
First you have to understand that the attackers make this kind of malware to get money out of it. So, the more people pay the ransom the more they are encouraged to keep making this kind of malware and the more people get hurt in the end. If you can let go of your encrypted files by refusing to pay the ransom, you are actually helping other people. If nobody would pay the ransom then the hackers would have no reason to keep making ransomware anymore. We think that’s a worthy boycott.

4. Think revenge
“There has to be something I can do, right ? Like go to the Police or maybe the FBI has a website, or …“
We believe the best and sure way to get your personal revenge on the guy who did this to you is not to pay his ransom. This will really hit him where it hurts. And if you want to do even more damage you can help by spreading this article, maybe on your personal blog or Facebook.

What to do afterwards

Alright, so you either decided to pay and got your files back (or not ?) or maybe you took the hard choice and decided not to pay the ransom.
In both cases there are a few more things you should know about:

1. Your computer might still be infected
Some CryptoLocker-style Trojans delete themselves after the payment deadline or after the files are unlocked, but others do not. So, in a few weeks, after you move on with your digital life, you might find your new files being encrypted again and a new ransom being demanded!!!

We recommend that you at least start your computer in safe mode and run a full system scan to make sure.

2. There are more ways you can protect yourself
Let’s say you have a very good anti-virus installed which can detect an block 100% of all threats – there are still ways you can get infected, for example:

  • Your laptop didn’t have internet access for a while so the anti-virus didn’t have a chance to get the latest virus definitions and you get an usb stick infected with one of the newer viruses
  • The hard-disk can get a bad sector in one of the anti-virus files causing it to crash
  • The file system can get corrupted after a power failure and prevent the anti-virus real-time protection from loading
  • Some software installers turn off or instruct users to turn off the anti-virus during installation
  • In the short time while the anti-virus gets updated to a new version the system is vulnerable

These cases are rare but for the best protection you should:

  • have regular backups of your files

This is really simple – you just get an external USB hard-drive and regularly copy your important files on it. Remember to disconnect it from your computer when you’re done with the backup, as some ransomware encrypt files from external hard-drives too if they’re connected. If your computer gets infected but you have a backup of your files, just reinstall the operating system and
restore the files to their original location.

  • always make sure your anti-virus program is running

We believe that leaving your computer without an anti-virus is like leaving the door to your house wide opened. Most anti-virus programs have generic detection methods called “Heuristics” which can help stop ransomware before they infect your system, and we at Avira always keep a special eye out for this kind of malware and block the files and links they are downloaded from in a timely manner.

However having the anti-virus installed is not enough – you also have to make sure it’s running, by checking the anti-virus icon is present in the system tray and clicking on it to check its status. If for some reason you find the anti-virus is turned off try to turn it on and if that doesn’t work reinstall it.

You can help others
Now that you are a Digital Samurai after reading this article, you can help your friends protect themselves by following the simple steps described above.

Another great way to help others is to share this article, this way you are helping to make people aware of these threats and learn to protect their files, so join the battle against malware & viruses !

The post CyptoLocker-style File Encryptors – Should you pay the ransom ? appeared first on Avira Blog.

Avira

Avira’s Secure Browser

Leave a comment

Now we are about to stretch even further and integrate a browser into our eco system. And in case you are wondering: There are very good reasons for that.

Nowadays the top use-case for a computer is to access the internet using a browser. The infrastructure of the internet is run by different entities (routers, DNS, servers). The homepages contain executable code that is run in the browser. Manifold data formats are used in the net (HTML, JS, CSS, PNG, SVG, video formats, …). All in all it’s a well connected and extremely complex system. And it is used to access valuable data (online banking, shopping, medical research, looking for a new job, …) – a disaster waiting to happen.

The browser developers (Mozilla and community, Google and community and Microsoft) are putting lots of resources into securing those browsers. And they are doing a very impressive job.

But the threats online are not getting less. There are a lot of them: Phising, insecure Wifis, malware drive-by, trackers, … you name them!

This needs fixing.

Basically there are three points to secure:

  • The client (your PC and browser): Detect attacks and block them
  • The Internet infrastructure (like Wifis): End-to-End encryption fixes that
  • The server (like the site that is trying to phish you): Identify and block

This is our opportunity to improve the situation.

  • For the first time ever we can go beyond add-on and have more of an add-in. This means: More options to secure the system
  • While the browser vendors have to produce a one-size-fits-all we can center on a more security aware customer base
  • We have lots of backend databases knowing the dangerous places in the internet
  • While high-end security extensions (Noscript) focus on the skilled user, we will build a system with an auto-pilot, basing the security decissions on our backend databases and our experience
  • This auto pilot will also automate repetitive tasks away
  • Before you ask: Skilled users can take over the wheel and override it
  • You can install additional extensions. It is your browser after all

The whole project is based on extensions and chromium. Both are Open Source. We will pay for our ride: We contribute to them to guarantee a perfect browsing experience. Of course we will also integrate our Avira technology.

If you want to test it, the just head for the Avira Beta Center !

  • There you can get the debian package that runs very well on my Ubuntu 15.4
  • Or the Mac packages that runs on my boss’s Mac
  • Or the Windows installation files requested by management – because some of you run Windows

We will also be happy to listen to your ideas and experience, so feel free to share yout thoughts with us. We would really appreciate it.

Upcoming will be a separate article describing our development process and tactics, so stay tuned.

The post Avira’s Secure Browser appeared first on Avira Blog.

Avira

How safe are the apps on your Android?

Leave a comment

Privacy Advisor

As the name suggests it, the newest feature offered by Avira Antivirus Security for Android allows registered users to increase the level of privacy on their smartphones and tablets by avoiding and potentially uninstalling high risk apps.

The apPrivacy advisor - android appsps that are most likely to be included in this category ask for very sensitive and personal data related permissions during the installation process.

In worst cases, malicious apps can take advantage of SMS permissions to send premium messages and register users for unwanted services, sometimes leading to financial losses.

Even if there are applications that may have an important impact on the users’ privacy, some of them have a high number of permissions related to personal data because their purpose of being demands them. These applications may either be trusted by Avira itself (e.g. Community Trusted applications) due to the developer’s reputation and/or high number of downloads or can be trusted by the user himself if he knows for a fact that the app is not a security risk.

Coming soon… on Android Optimizer

Three months after releasing its Android Optimizer app, we already helped almost 500.000 users optimize the overall speed and performance of their mobile devices. Following users’ feedback, the app has already been localized to three more languages (French, Italian and Portuguese), making it easier to use.

In order to make the app even better, our mobile development team will soon release a version that supports an always-on widget, enabling users to instantly optimize their devices, at the tap of the screen.

12 million downloads and numerous awards

Avira’s efforts of enhancing mobile security are paying off, as Avira Antivirus Security for Android excels in all Independent Labs Test results. Only last month, AV-Test nominated Avira as “The best antivirus software for Android”, with 100% detection rates and a total score of 6/6 on Protection and Usability. PCSL also awarded 5 Stars for Avira in the April edition of its Android Malware Detection Test.

More than that, 12 million users have already downloaded Avira Antivirus Security for Android, making this the best reward for the Product team.

“Avira users should feel safe and protected on every device they use to connect to the Internet. My team has the important mission of securing their mobile devices and preventing all types of attacks from happening. As private data becomes an easier target on smartphones and tablets, protecting the users’ privacy is a top priority for us. We strongly believe that a feature like “Privacy Advisor” will make it easier for people to know which app is interested in their personal information and gives them the power to decide if they agree to share it or not” said Corneliu Balaban, Mobile Development Manager at Avira.

The newest version of Avira Antivirus Security for Android (version 4.1.3643) was uploaded on the Google Play Store and can be downloaded for free.

 

The post How safe are the apps on your Android? appeared first on Avira Blog.

Avira

EFF Privacy Report 2015: Which Companies Have Your Back?

Leave a comment

On Wednesday the EFF published their yearly report called “Who Has Your Back? 2015: Protecting Your Data From Government Requests”. It answers important questions like which companies follow industry-accepted best practices, tell their users about government data demands, disclose policies on data retention or government content removal request, and oppose backdoors.

For the EFF report 24 companies are evaluated and being awarded (or not awarded, depending on the outcome) stars in the five categories mentioned above. Nine companies managed to get stars in all of them: Adobe, Apple, CREDO, Dropbox, Sonic, Wickr, Wikimedia, WordPress.com, and Yahoo.

Facebook and Twitter received four out of five stars, with Facebook “not providing transparency into ways it cooperates with the U.S. government to block content and remove accounts” and Twitter „not providing notice after an emergency has ended or a gag has been lifted”.

The worst rating with only one star went to WhatsApp who at least opposes backdoors but seems lacking in all other privacy regards. The EFF recommends WhatsApp to “publicly require a warrant before turning over user content, publish a law enforcement guide and transparency report, have a stronger policy of informing users of government requests, and disclose its data retention policies.”

Take a look at the full report to find out more.

 

The post EFF Privacy Report 2015: Which Companies Have Your Back? appeared first on Avira Blog.

Avira

The Dawn of Privacy-Driven Social Networks

Leave a comment

As Avira focuses on privacy and security issues, and social networks now play a major role in people’s lives, CNET journalist Laura Hautala caught my attention yesterday with her article “Non-creepy social networks make it to your smartphone” (CNET, 15 June 2015).

Partly in response to outrage (in the wake of Edward Snowden’s disclosures) over government surveillance abuses and companies selling personal data from their customers to the highest bidders, a few companies are now attempting to disrupt the dominant paradigm – i.e. to provide private, encrypted alternatives to Facebook and other networks that the public perceives as being more concerned about profit than the privacy of their customers.

Meet the innovative Minds

Manhattan-based Minds, which has run an alternative social media website for two years, just launched a lightweight social-network app for mobile (for Android and iOS) that encrypts all communications – so they are secure and anonymous (able to be read only by the intended recipient). According to the company, Minds is the first social network with an encrypted app and it’s all based on open-source code to ensure that any attempts to read what shouldn’t be read will be transparent to developers.

According to Co-Founder and CEO Bill Ottman, the app launched this week with a two-year base of 30,000 people already using its social website. As Hautala points out, it’s not a number that will cause Facebook any pain (with its near 1.4 billion users), but the IT world can and often does change rapidly.

In addition to encryption of the data going through the app, Minds collects none of its customers’ data. So even if intelligence agencies demand users’ data, the company has nothing to give them.

As for earning revenue, Minds plans to give up traditional ad sales (which it has used on its website version) and instead offer ‘VIP services’ for points, which can be either purchased outright or earned free via interaction. Such services include being able to expand the reach of your content beyond your personal connections.

Others en route

With a focus on similar principles – namely, data privacy, anonymity, and seeing customers are more than just numbers – the Vermont-based social network Ello also plans to launch a mobile app for iOS, Android, and Windows devices. More will come.

While I have personally suggested to friends and colleagues that ‘privacy’ may have been a short-lived concept in human history (and is in fact already gone from our lives in the way our grandparents knew it), it seems that companies led by freedom-loving people continue to rise up against privacy’s seemingly increasing absence.

While writing this, I downloaded the iOS version of the Minds app myself. I’ll activate an account later today and, if I find it to be a promising social experience, maybe I’ll see you there.

The post The Dawn of Privacy-Driven Social Networks appeared first on Avira Blog.

Avast

iCloud celebrity photo hack: What’s fappening?!

Leave a comment

Via: Huffington Post

Just about a year after a plethora of celebrities’ nude photos were leaked online, two homes in south Chicago have been raided and investigators have named one of the suspected hackers. As this controversial story and investigation continues to unfold, Avast researchers have come up with a few speculations regarding the origin and motivation behind the initial hack. We’ve discussed the case with one of Avast’s security researchers, Filip Chytry, who has put in his two cents about the situation:

GR: Why might have Apple not flagged or investigated an IP address’ 572 iCloud logins and attempted password resets?

FC: “Putting it simply, Apple just doesn’t have security implemented on this level. Even though they might sound large to us, attempting to track this number of logins and attempts to reset passwords is similar to discovering a needle in a haystack when it comes to Apple’s ecosystem. To give you a better idea of what I mean, a group of users who are connecting via a VPN and using the same server will appear under a single IP address. On the other hand, it’s quite common these days for companies to implement an automatic system which is capable of detecting any source(s) of traffic. It could be an automatic system which is able to learn from daily traffic and, using gathered data, detect if there is an anomaly present (such as the one in this case). Another key factor relevant in this attack is the timeframe over which it took place. If the hackers had accessed the various accounts over a much shorter period of time, such as a few hours, it would have undoubtedly been a huge red flag for Apple.”

GR: Couldn’t it be that a neighbor or another person in a remote location could have used the two PCs as a bot to execute the hack, similar to what’s discussed in the Tweets published within this Fusion article? Could it be that someone took control of the two PCs or the routers they’re connected to and used them to perform the hack?

FC: “Although DNS hijacking could very well be the culprit here, the extended period of time over which the hacks occurred makes this possibility less likely. It’s my theory that the suspected hacker(s) could have accessed the login details of a certain database that was uploaded by other users on a warez forum. They could have then used these login details to execute the iCloud logins using a script.”

There are a handful of coincidental components present in this investigation, leaving many questions unanswered in terms of finding the true path that led to the celebrities’ photos getting leaked. To many of us, the main thing that seems fishy about the malicious attack is the fact that the potential hackers didn’t make use of an IP-masking or anonymizing tool, making them come across as rookies within the hacker world. Since the cybercriminals behind this case didn’t appear to be clever enough to anonymize themselves, it’s even possible that they had ulterior motive for performing the hack in the first place – perhaps to be noticed and/or admired by other individuals or businesses. Based off of the current facts, we’re highly interested in seeing which direction this malicious attack’s investigation will take next.

Avira

Emojis: We Want To Be Your New PIN

Leave a comment

Intelligent Environments solution to your run of the mill 4 digit PIN is not some pill you swallow or “secrets” you and your smartphone share. Their idea involves lots of little pictures so called emojis, that will replace your accounts’ PIN. The emojis are the evolved smilies that sometimes really remind you of the god old Windows cliparts. You normally use them when chatting on WhatsApp (or any other app really) with your friends and family.

Now you might ask yourself the same thing I did: Why would I ever replace my trusty old PIN? The answer to that question is pretty simple. A normal PIN which you would use in order to secure your account, most of the time only uses four digits from 0 to 9. This means that a traditional PIN has 7290 unique permutations of four non-repeating numbers. An emoji Passcode that relies on a base of 44 emojis would sport 3,498,308 million unique permutations of non-repeating cute little images.

According to Intelligent Environments there are other advantages as well apart from being mathematically more: “This new emoji security technology is also easier to remember as research shows humans remember pictures better than words.”  And memory expert Tony Buzan adds: “The Emoji Passcode plays to humans’ extraordinary ability to remember pictures, which is anchored in our evolutionary history. We remember more information when it’s in pictorial form, that’s why the Emoji Passcode is better than traditional PINs.”

Well – I’ve had no issues so far when it comes to my four digit pin but I would certainly not mind using emojis at all!
1f4bb1f5121f5101f602

The post Emojis: We Want To Be Your New PIN appeared first on Avira Blog.

Avira

OPM: Are Personnel Records of All Fed Workers Exposed?

Leave a comment

Two weeks ago OPM, the US Office of Personnel Management got hacked and the information of 4 million federal government workers was exposed. This is of course, horrible. But it’s not all: On Friday we learned that the issue at hand was huge and much bigger than everyone believed at first.

As can be read in a letter to OPM Director Karen Archuletta, David Cox, the president of the  American Federation of Government Employees, believes that “based on the sketchy information OPM has provided, the Central Personnel Data Files was the targeted database, and the hackers are now in possession of all personnel data for every federal employee, every federal retiree, and up to one million former federal employees.”

Cox goes on and says that the thinks the hackers have the Social Security number, military records and even veterans status’ information of every affected person. Addresses, birth dates, job and pay histories, health and life insurances and pension information, age, gender, and almost everything else you’d never want anyone else to know are included on his list as well.

Sounds bad? It’s not all. The letter states: “Worst, we believe that Social Security numbers were not encrypted, a cybersecurity failure that is absolutely indefensible and outrageous.”

I bet they now wish that “only” 4 million records got stolen … :(

The post OPM: Are Personnel Records of All Fed Workers Exposed? appeared first on Avira Blog.

Avira

Homicide no longer requires proximity

Leave a comment

Although computerized hospital pumps are widely known to be beneficial for mitigating dosage errors, news of hackable hospital pumps came to public attention a few months ago when security researcher Billy Rios discovered a pump that doesn’t use authentication for its drug library – thus enabling a hacker to load a different library into the device, which in theory could lead to a deadly dose being delivered. But new findings by Rios indicate that hackers may now themselves be able to remotely administer a deadly dose of a drug to a patient.

The Vulnerabilities

According to Rios’s findings, a hacker could alter – from within the hospital computer network or even over the Internet – the allowable upper dosage limit to give either too low or too high a dose. Doctors or nurses could then accidentally set the machine to give too high or low a dose without the machine issuing an alert.

When the story initially broke, this alteration of dosage limits was not considered to be such a severe vulnerability as if the hacker could himself set the dosage amount (remotely). However, now Rios has found a new vulnerability that would allow hackers to remotely set the dosage amount by altering the firmware to gain total device control.

Coupling the previously known ability to change the drug library data with the newly found ability to remotely set the amount of the dose, a hacker can now potentially deliver a lethal dose of medication.

Pervasiveness of the Problem

How widespread the vulnerabilities are is yet unknown, but with estimates limited to just the one manufacturer whose pumps Rios discovered these vulnerabilities in, close to half a million intravenous medicine pumps globally could be affected.

Naïvety or Denial?

When Rios initially notified the company making the pumps in question, that its pumps could have their firmware changed by hackers, the company insisted that the pumps are safe because of partitioning between the comms module and motherboard. Rios found that, while the physical partition does exist, a serial cable connects the two components “in a way that you can actually change the core software on the pump.”

As the company uses this same approach for remotely delivering firmware updates to its computerized pumps, it is unclear as to why any computerized-equipment maker would be so skeptical of their own methods being used by hackers. Regardless, while the company works on a proof-of-concept that their devices have no vulnerabilities, Rios is working on his own proof-of-concept to the contrary, which he plans to share during the 2015 SummmerCon security conference in Brooklyn.

“You can talk to that communication module over the network or over a wireless network,” Rios told Wired (read the full Wired report here).

The post Homicide no longer requires proximity appeared first on Avira Blog.

Avira

The dummies guide to hacking Whatsapp

Leave a comment

WhatsApp – the super popular messaging app (800 million users), acquired by Facebook for $20 billion, has done it again… After a bug that exposed restricted profile pictures, data encryption that can be breached in 3 minutes, and the use of IMEI (International Mobile Equipment Identity) as a cryptographic key (it’s like using your Social Security Number as a password), WhatsApp is yet again in the headlines for privacy concerns…

The latest story – hacking Whatsapp. As reported by The Hacker News, anyone can hack your WhatsApp account with just your number and 2 minutes alone with your phone…

This video, posted on YouTube, shows how a hacker answers an authenticating call, intercepts a secret PIN, and uses that to access a WhatsApp account he just created on another phone.

This is not tied to a bug or loophole – it is the way that WhatsApp was built.

Bottom line? Please be very careful whom you lend your phone to, and make sure you don’t leave it lying around. Even locked, a garden-variety hacker can access your WhatsApp account in 2 minutes.

The post The dummies guide to hacking Whatsapp appeared first on Avira Blog.