Tag Archives: Technology

Avira

The changing perception of cybercrime

Leave a comment

In the minds of many, cybercrime was just something that was poorly depicted in movies from the past couple of decades, but the general public is starting to take it much more seriously now that major attacks are becoming a regular occurrence.

There are a number of reasons why this point in time has brought about so many online attacks. One of the most obvious ones is that many of us are moving more of what we do online or into the digital world, and the criminals are just following the trail. This digital shift applies to our communication and data, but it also applies to our financial transactions. The chances are high that you’re using less physical money and more digital payment solutions and credit or debit cards.

Since your data and money are moving around digitally, a criminal doesn’t need to make contact with you or your property in a personal way to inflict damage. Because of this, they can also attack more people in less time, and if you’re a criminal, that’s an attractive proposition.

Additionally, we often talk in a positive way about how easy it has become to learn new tech skills online, but there is a dark side to online education, as well. While there are plenty of ways to learn useful technical skills online, the Internet has also become a haven for cybercriminals to recruit others, share techniques, and coordinate attacks. Whether they’re a prior criminal or not, someone with bad intentions can learn a lot with just a few targeted online searches. The publicity that many attacks have been getting could even encourage certain individuals to do this research and see what’s involved in making the attacks happen.

There’s certainly no end in sight to cybercrime. As we continue to rely on digital solutions to an even greater extent and the systems containing this data continue to be analyzed from top to bottom by criminals, we can count on our perception of crime to become even more digital than it is today.

The post The changing perception of cybercrime appeared first on Avira Blog.

Avira

Internationalization and the Internet

Leave a comment

The Internet is a child of the United States of America, so it does not come as a surprise that only Latin letters and some scientific characters were used when the systems and the software (then called ARPANET) were designed. In today’s world, where roughly half the global population, with its different letters and alphabets uses the Internet, things look different.

The Need for Internationalization

You might have seen a so-called IDN before. IDN stands for internationalized domain name and all it boils down to, is a web address with special characters. This can be of great help for Internet users that live in regions where the primary alphabet in use is not Latin-based or is extended with special characters. Take Swedish for instance: the letters ä, ö and å augment the standard Latin alphabet. Without the support of IDNs, you would have to agree on a different (Latin) character for domains – like a or aa instead of å. Instead of visiting the website of your favorite Swedish bakery with www.pågen.se, you would have to go to www.pagen.se. This is okay until another company with the name Pagen appears and wants to claim that domain name. It becomes confusing very quickly for the visitors.

Wait…IDN what?

The Domain Name Service (short: DNS), which is used to translate a web address to something the computer understands, only accepts Latin characters. To make internationalized domains work, a system called punycode is used. A complete explanation of the algorithm is way out of scope for this article, but here is a short one. Whenever you enter an address like pågen.se, punycode prepends xn--, skips all non-Latin characters of the domain (å) and appends a dash to the remaining characters (pgen). So far, the result is xn--pgen-. Now, some black magic (finite state machines and generalized variable length integers) is used to represent the location and the identity of the skipped characters. In the end, the result looks like xn--pgen-qoa.se. This is the domain that your browser will access. You, as a user, will not feel any difference as this is done transparently by your browser. Arguably the first internationalized domain (rather subdomain in this case) was http://räksmörgås.josefsson.org.

How it affects you?

There are alphabets which contain letters similar to the ones in other alphabets. Take the Cyrillic script for instance: the Cyrillic letter а resembles the Latin character a. In a so-called IDN homograph attack, a cyber-criminal uses exactly this resemblance to mimic trusted websites. Imagine the domain in the following pictures.

Internationalized version of a domain. The first a is Cyrillic, not Latin

Internationalized version of a domain. The first a is Cyrillic, not Latin

From the looks of it, it is paypal.com. You would almost have to be psychic to note that the first a is a Cyrillic letter. Now the attacker only needs to design a page that looks exactly like PayPal’s and send the login credentials to his or her email address – Mission accomplished.

If the domain is considered suspicious, modern browsers will show the punycoded variant

If the domain is considered suspicious, modern browsers will show the punycoded variant

Not all is lost

Fortunately, it is not that simple to deceive unsuspecting users anymore. Modern day browsers indicate that you are browsing an internationalized website as the image below shows.

Internationalization feature of Internet Explorer: shows a small icon in the address bar

Internationalization feature of Internet Explorer: shows a small icon in the address bar

In contrast to typosquatted URLs, where you might be able to spot phishy URLs by looking at them twice, IDNs can pose a real problem. You have to rely even more on a strong Web protection. It shows that common sense does not protect you from everything on the Internet and that it is crucial to have an up-to-date antimalware solution on all your devices.

Recommended Reading & Resources

Internationalized Domain Name
Punycode
Internet Usage Statistics
Internet
Homograph Attack
DNS

The post Internationalization and the Internet appeared first on Avira Blog.

Avira

2015 Resolutions: The Nerd’s List

Leave a comment

We like nerds. We love nerds. We are nerds. And, as any respectable nerd would do, we have already thought about our 2015 resolutions. Check out what some of the coolest Avira nerds have planned for next year. It will give you a good hint of our guilty little pleasures.

Our gamers, in particular, have big plans…

  1. Avoiding Steam sales: No Steam,you won’t get my money this year!
  2. Play more indie games.
  3. Don’t flame and troll. Ok ok. Flame and troll less. At least a bit.
  4. Don’t buy games immediately after they are released, especially if you already know in advance that it will just be a paid beta test.
  5. Buy an Oculus Rift. Come on, I know you want it too.

...what about their other passions?

  1. Get Android Auto as soon as it’s launched: steering wheel controls and smartphone connected to access music, contacts, and messages while you keep your eyes on the road? Can’t wait to be driven by Android!
  2. Operate Full Home automation with Raspberry Pi: wireless sensors, OCR, connect front door camera to smartphone… it already feels like home.
  3. Convince my friends that the perfect birthday gift would be a mini tablet with retina display for kick-ass resolution
  4. Get into machine learning and data mining (who owns big data is ready to rule the world – to be followed by an evil laughter when read aloud)
  5. Get back into manga drawing and super edit my makeup photos with the help of this beauty (you didn’t see this one coming, did you?)

Special thanks to my colleagues who accepted the challenge of going public with their nerdiest 2015 resolutions: Nicole, Daniela, Cornel, Eliza, Ovidiu, Calin, Bogdan… you just made it to the Nerd Hall of Fame!

If you also have “nerdy” wishes on your Resolutions list, please share them with us in the comments section below.

Happy New Year from the whole Avira team!

The post 2015 Resolutions: The Nerd’s List appeared first on Avira Blog.

Avira

3 Tips for Geeks to Save Their Holidays

Leave a comment

If you’re a geek, like most people, you’ll probably visit your family for Christmas.
Like most people, you probably want to enjoy nice holidays with relatives and friends.
Unlike most people, you’ll probably have to face (many) tricky infosec-related questions during this period. So here are a few tips for geeks on that topic.

Heartbleed

  1. you want to unlock your phone, so you concentrate, and think about your PIN
  2. someone near you shouts “tell me what you think, chicken”
  3. you answer honestly (because you’re vulnerable to this particular word, like Marty McFly)
  4. you just leaked your secret PIN :(

To be exact, Hearbleed is not about a PIN, it’s about encryption key, but they both grant access if you know them.

It’s not about a phone, it’s about a widely used security library called OpenSSL – and in particular the “Heartbeat” extension of OpenSSL (hence the name Heartbleed)
It’s a bit more complicated than just shouting ‘chicken’, but it’s not too complicated either :(

And like Heartbleed, it’s about ‘attacking’ at the right moment: you’ll just get whatever is in the target’s mind at the moment of the attack: “buy bread & milk”, or what’s on TV tonight… or an access PIN.

Goto fail

Here is a dialog between you and your grandma:

  • You: “Grandma, you’ll guard that door. Follow exactly the instructions I’ll tell you now.”
  • Grandma: “OK”
  • Y: “The door should be closed”
  • G: “OK”
  • Y: “if it’s grandpa, leave the door open”
  • G: “OK”

But then, your child comes behind you, and just repeats the last part of your sentence, imitating your voice.

  • child: “leave the door open”
  • G: “OK”

Now the door is permanently open. Just because a statement was accidentally repeated, out of its original context.

Consequences

This is as simple as that: since a conditional piece of code was executed in all cases because of a mistake, one of the security doors of Apple’s operating system was always open: if you knew which door to go to, you could bypass the whole security and enter without any problem.

Shellshock

Your grandpa speaks an old forgotten dialect.
You only know one sentence in this language.
Because you learned it so long ago that you can’t clearly remember, you just think it’s a common greeting.
But it actually means “do this now”.
And your grandpa – a fragile person due to his age – would actually blindly do anything you ask him.
So far, no one noticed because no one gave an order to your grandpa in his dialect.

Yet he was vulnerable all the time (or at least, for the past 25 years). He’d just do anything if asked the right way.
Sadly, it turned out that a lot of people would actually also do the same.
It wasn’t a mistake, just some old dialect that very few people consciously understood.

Conclusion

Of course, there were much more than 3 major events this year, but that might be enough to convince your audience, and save your holidays :)

I hope this will help to face your relatives & friends’ questions without boring them.

May you enjoy nice holidays – Merry Christmas / happy solstice!

The post 3 Tips for Geeks to Save Their Holidays appeared first on Avira Blog.

Avira

VMCloak – Create a Virtual Machine the Easy Way

Leave a comment

… and – in this we were correct – they are. You can basically find virtual machines:

  • In companies running their internal servers as a VM for easier maintenance
  • On Thin Client, where the end-users have simple terminals instead of “real” systems (for reasons of easier maintenance again)
  • In clouds like the Amazon cloud where you can just “click your own system” within minutes
  • As virtual appliances, simple systems which only have one job (like a network proxy). Easy to install.

However, due to our assumption we decided not to bother with the virtual machine detection.

That’s where we went wrong.

Now, at the end of 2014, about 20% of the malware out there still detects VMs. Especially the complicated-and-interesting malware does. Back when we started, we estimated that not more than a one-figure number would be able to do it by now!

Symantec released an article which covers that topic. Furthermore our own numbers show similar results (ours are a bit biased though: For the iTES project we filter out all the “boring” malware before we send the remaining samples to Cuckoo).

Malware detects virtual machines just to annoy the antivirus vendors

One way to classify samples in a virus lab is to run the suspicious sample in a VM and monitor its behavior. If it does attack the system, it’s malware – and that’s why malware is detecting whether or not it is running in a virtual machine and changes its own behavior accordingly. In the Avira Virus Lab we do not rely on a single classification method but combine several ones. So this is not really an issue.

But for our research project I wanted to observe the malicious behavior of even the trickiest malware in a virtual machine … a problem that obviously needs to be solved.

VM Detection and a Paranoid Fish

There are many ways to detect if your program is running in a VM. The most common ones are:

  • Detect hardware configuration
  • Network MAC address
  • HD vendor Name
  • BIOS vendor
  • Video BIOS vendor
  • Detect installed guest additions
  • Detect specific registry keys
  • Some malware detects a specific machine ID (for example based on a fingerprint on the user ID and the hardware being used)

These tricks are surprisingly simple and yet seem to be very effective.

Instead of writing a documentation on how to detect a VM I decided to add the identified tricks to a cool Open Source project: The Paranoid Fish (PaFish. If you are interested you can find my changes in the dev-chaos branch). For me as a programmer writing code (especially as simple and structured as required for PaFish) is like writing a documentation that executes and helps in the next step:

VM Cloaking

This step starts with hardware configuration to create a cloaked VM. You will have to do this before being able to install any operation system. After the OS is installed there will be other buttons to press: Registry settings and basic program configuration. Back in the “good old days” we had whole manuals on how to do it and configured the virtual machines manually; a quite boring and error prone task. Instead of writing another how-to we (Jurriaan Bremer and I) decided to fix it once-and-forever: We created a tool called VMCloak that can mass-produce ready-to-use cloaked VMs.

Just add your requirements to a configuration file, start the script, wait 2 coffees and you will have a dozen VMs.

Please welcome VMCloak

VMCloak will:

  • Set up the virtual machine, including the appropriate hardware setup -like proper hardware ids, >50 GB of HD space (lesser is a sign for a VM), …
  • Install the OS
  • Set up networking
  • Install applications
  • Do some system config to cloak the machine
  • …and it can install everything required for Cuckoo Sandbox

To give you a small glimpse of the very useful features VMCloak offers I’ll go into more detail concerning its dependencies (aka “automatically install programs”). A complete documentation can be found here.

When analyzing the behavior of a malicious sample you normally want some programs installed which then will be attacked by the malware. That can include old browsers, PDF readers, Flash players, you name it. Also, when doing a manual analysis, you want you default tools to view the running processes, system changes, etc.

Dependencies are small configuration snippets that allow VMCloak to automatically install programs after the OS has been set up. They define the filename of the setup file, which buttons have to be clicked to get through the installation and some additional information like flags, description, and even dependencies.

Without any kind of automation one would waste minutes to hours in order to click the next button.

Test your skillz

PaFish and VMCloak are Open Source and available for everyone. Especially VMCloak is still very young and there are lots of opportunities to test it and show your superior skillz:

  • Add application packages (dependencies) for automatic program installation
  • Add more cloaking (add PaFish VM detection followed by VMCloak cloaking, chess against yourself)
  • Windows 7 installation or other – for programming admins
  • Create virtual machines using VMWare, KVM, …

The opportunities are endless, so just go ahead.

TL;DR:
No need to ever create a virtual machine for malware analysis again. Use VMCloak.

For Science !
Thorsten Sick

ites

Sponsored_by_Federal_Ministry_of_Education_and_Research

The post VMCloak – Create a Virtual Machine the Easy Way appeared first on Avira Blog.

Avast

12 ways to boost your router’s security

Leave a comment

hns2aWith the increasing number of network security breaches, we need to improve awareness regarding the security of your home network.

We simply need to follow some rules to control and prevent system penetration and also bandwidth theft (and losing money!). Safeguard your valuable information available through your home wireless connection and do not be easy target for hackers!

Here are 12 ways to boost your router’s security:

  1. 1. Install your router in a safe place where the wireless signal is available only inside your own house. Avoid placing it near to a window.
  2. 2. Turn off WPS, the automated network configuration method that makes your wireless password more vulnerable to hacker attacks.Turn on WPA2 encryption and, if you can, protect it with a strong password.
  3. 3. Change the default admin username and password to a strong password. Do not use default passwords because they’re generated from well-known algorithms that makes hacker attacks even easier. Do not use your name, date of birth, home address or any personal information as the password.
  4. 4. Upgrade your router firmware to fix known vulnerabilities of the router.
  5. 5. Don’t forget to log out after managing the router, avoiding abuse of the authenticated browser sessions.
  6. 6. Disable remote management of the router over the internet. In a business environment, if you need this management, it will be safer to use NAT rules allowing SSH or VPN access only.
  7. 7. To prevent CSRF attacks, don’t use the default IP ranges. Change the defaults 192.168.1.1 to something different like 10.8.9.7.
  8. 8. Prevent ROM-0 abuse (i.e., access to the secret data stored in your router: your ADSL login/password combination and WiFi password) of your router and forward port 80 on the router to and non-used IP address on your network. Check how-to here.
  9. 9. Set your router DNS servers to automatic mode (or DHCP) or for a static value that you manually set exactly according to your ISP.
  10. 10. Disable IPv6 on the router or, if you really need IPv6 services, replace the router with a IPv6 certified one.
  11. 11. You can save bandwidth and allow only specific computers or devices to access your WiFi even if they have the security key to enter. Find the computer MAC address (the “physical address” listed with the command line ipconfig/all at a cmd window). Into your router settings, you should look for the Mac filtering settings to add this identifier there.
  12. 12. Use a secure VPN in open/public WiFi hotspots. You can read more on how Avast SecureLine can protect PC, Mac and Android devices in these situations. If you cannot avoid using public WiFi, then try not to log in or enter your credentials (specially banking or credit card ones), but also your email and phone number. If you really need it, always prefer the secure protocol HTTPS (check the browser address bar).

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

 

Avast

How to disable IPv6 support in your router settings

Leave a comment
Your WiFi network is not secured

Your WiFi network is not secured

After the previous articles you should be convinced that router vulnerabilities are one of the major concerns in network security. As you already know, the new Avast 2015 version includes a security feature called Home Network Security (HNS) which scans your network and router for vulnerabilities and prevent threats.

One serious problem occurs when when IPv6 (Internet Protocol version 6) is enabled (both by the ISP and on the router), but there is no IPv6 firewall being used. Which means that anyone on the Internet can access devices on the network (like printers, network disks, etc.). This is often the case because the routers are small, embedded devices that cannot handle IPv6 firewalling.

The main advantage of IPv6 over IPv4 is its larger address space: it allows 2128 or approximately 3.4×1038 addresses (or sites) which is an enormous number! In addition to offering more addresses, IPv6 also implements features not present in IPv4: it simplifies address assignment, network renumbering and packets processing.

In fact, a proper IPv6 firewall requires quite some processing power and RAM, so it’s no wonder that many of the cheap routers don’t have that functionality at all (or it’s not working properly).

The remediation is relatively simple: Just disable IPv6 on the router. In most cases, this shouldn’t have any impact on other services, unless they require IPv6 (in which case, it would be good to replace the router with something better which is IPv6 certified).

Avast Internet Security and Premium products offer full support to IPv6 for your computer on our silent firewall. Take into account that other devices, like network drives connected to the router won’t be protected.

 

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on FacebookTwitter and Google+.

 

Avira

Avira: Best Antivirus for Windows

Leave a comment

AV-TEST certification earned with perfect score

Avira earned a perfect 18/18 score, topping all three major categories of testing:

  • To evaluate the protection against malware infections (such as viruses, worms or Trojan horses), the testers took into consideration the protection against 0-day malware attacks, inclusive of web and e-mail threats (Real-World Testing) but also the detection of widespread and prevalent malware discovered in the last 4 weeks.
  • Performance was under the scope as well with the average impact of the security product on the speed of the computer in daily use cases: visiting websites, downloading software, installing and running programs or copying data.
  • Finally, the testers focused on the usability of the products by counting disruptions caused by false positives and false warning messages (false warnings or blockages when visiting websites, false detections of legitimate software as malware during a system scan and false warnings or blockages of certain actions carried out whilst installing and using legitimate software).

AV-TEST results

The results show an increase of 1.5 points compared to the last round of testing, evolution observed by Journalists as well. Avira becomes the best antivirus for Windows, offering users protection, performance and usability at the highest level.

Great level of Self-Protection

This time, AV-Test experts ran also a test to evaluate the self-protection of 32 security solutions for both consumers and businesses. The goal was to establish if these applications are adopting protection technologies like DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) for their own use and how well they perform from this point of view. Avira occupied a top position in this area as well, with an average use of 99.7% in 32 and 64 bit versions.

To understand the importance of the self-protection factor in Antivirus Software, it’s useful to know that DEP uses CPU features to mark certain areas of the device’s memory as not executable while ASLR randomly locates executable code at load time. DEP and ASLR can thus protect against buffer overflow exploits and attempts to execute privileged code at known locations in memory.

AV-TEST self-protection results

We recommend Larry Seltzer’s analysis for a more in-depth understanding of the AV-TEST Self-Protection Results.

Your security: a long term commitment for our experts

Every successful test and earned certification shows how our antivirus is continuously evolving to face the digital challenges of today. It is a proof of strength and commitment of our teams towards millions of customers who trust us to secure their devices. Our experts will keep applying the best methods to discover, classify and detect new malicious applications until online safety becomes the natural state of things.

The post Avira: Best Antivirus for Windows appeared first on Avira Blog.

Avast

How to change your router DNS settings and avoid hijacking

Leave a comment

If your home router is hacked, you have a serious situation on your hands.

When an Avast Home Network Security scan finds that your router is already compromised, this notification will appear.

Your WiFi network is not secured

Your WiFi network is not secured

This means that the router has been hacked and the DNS settings have been modified to serve hacked contents to a cyberthief. This is a pretty serious situation. When hackers exploit router vulnerabilities, gain access to it, and modify the DNS servers settings, all your Internet traffic can be forwarded to rogue servers. This is called a man-in-the-middle attack.

The DNS or Domain Name System, is the “phone book” of the Internet, and an IP address is what’s listed in the book. DNS names computers, services, or any resource connected to the Internet or a private network. It translates easily memorized domain names, for instance, www.example.com, to the unique numerical IP addresses needed to locate the service worldwide.

What happens when your router is hacked?

Instead of connecting to a clean site or service, when your router is hacked, you’ll visit a rogue and hacked one. It’s obvious that your privacy will be violated, and your banking information could be captured – by the man-in-the-middle mentioned above. Even the usually secure SSL, the HTTPS protocol we have all been instructed to look for to indicate a secure site, won’t assure you’re protected. Instead, you’ll be proxied through malicious servers and the encrypted connection is cut in the middle. This illustration shows what happens.

 

Your WiFi network is not secured

Source: http://www.cert.pl//news/8019/langswitch_lang/en

This could also happen if your router is set to default/weak/factory password. So, the worst scenario of hacking is not that uncommon. See the latest news about webcams being hacked because of the owner’s using default passwords. Vincent Steckler, CEO of Avast, told VentureBeat that consumers are notorious for not updating default passwords, just as I’m talking about here. Some 63 percent of wireless routers run with default passwords, says Steckler.

The problem goes further than just one user or one device. The malicious effects can spread to all users in the local network, regardless of the operating system used.

How to protect ourselves against this plague?

First, scan your home network with Avast Home Network Security to verify if your device is compromised. If Avast alerts you, it’s already too late. You’ve already been compromised. You need to manually check the DNS servers in the router configuration.

By default, your router uses DNS servers automatically acquired from your Internet provider. All the devices on your network — PCs, smartphones, tablets, game consoles, and anything else connected to the network — get their DNS server from the router. You can change the DNS server on your router, therefore changing every other device on your network.

There are several good articles on the Internet about changing your DNS. Here’s one from howtogeek.com.

You also need to pay attention to your browser address bar. The HTTPS indicator should be there all the time. If it comes and goes, you may have already been compromised. In these cases, or for any other strange symptom you could be experiencing: Disable your Internet connection immediately and change the router username and password to unique ones (consult the router manual for instructions).

But, be warned, neither of these will be enough because if the router is vulnerable, it will take the attacker no time to change the settings back. Updating the router firmware or even changing it completely – as described in previous article – will be necessary.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.

 

Â