Tag Archives: Threats

Avira

Browser Extensions that nobody wants… but a lot of people have!

Leave a comment

The marketplace for browser extensions is quite big. With Firefox alone, there have been more than four billion add-ons downloaded. But not every extension makes the user happy:

In the last couple weeks, we monitored rampant spreading of browser extensions with new machinery for harming the user – via the publishing of unwanted advertisements. The list of names of such extensions is long: Browsefox, Swiftbrowse, Betterbrowse, Browsesmart, Browseburst… All share the same two major traits: They user doesn’t want them, and they are hard to remove from the computer.

Of course, we’ve had our attention on this kind of browser extension, with the aim to protect and warn Avira customers about it. We tracked the extensions’ speed of global growth, created specific Avira Intelligent Repair System (AIRS) routines, and adjusted our engine detection to detect these types of unwanted browser extensions.

Finally, with the engine detection pattern “Adware/Browsefox.Gen,” included in Avira version 8.3.24.22, we took the first step forward.

And the first results are incredible:

Since the release of the engine version, we were able to recognize more than 20 million detections in the ‘Avira World’. And regarding the spreading of these extensions: During our initial research, we noticed extreme propagation for the browser extension in Germany. But after the release of the generic detection, we saw that even more regions in the world have these unwanted extensions installed. Now, we can see better their global movement.

extension-worldwide-detections

But what exactly are these browser extensions doing on your computer? Their primary goal is to make money. And, as mentioned, their means of doing such is, after the installation, to publish unwanted advertisements on your computer. For example, it will show coupons with their offers. And this is exactly their means of earning money. With each additional advertisement, the cash flows.

extension-ads

The list of names using this tactic is long. Very long. But if you take a look at some of their “official” websites, you will see that they are all related. They share the same style and options. Only the name of the product changes, along with different photos…

extension-ads-photos

Also interesting is the word ‘official’. We tried to find out the official company or person behind these sites, but there is no official contact information.

extension-blog

How would you get this extension? It would most likely be installed as a third-party software in other setups. For example, if you are looking for a new Internet Browser, search for it in your search engine of choice and pick the first offer – you will get an installer and won´t recognize that this installer was not from an official website. When starting the browser installation process, the extension will also be installed – silently. The behavior of these components is typically the same. They create new folders on your computer in the following directories. Here is one example with the extension ‘BrowseBurst’:

%PROGRAM FILES%BrowseBurst
bin
utilBrowseBurst.exe
BrowseBurst.BrowserAdapter.exe
FilterApp_C64.exe
BrowseBurst.PurBrowse64.exe
BrowseBurst.PurBrowse.exe
BrowseBurst
updater.exe

On the registry, there are some changes made by installing the extension:

HKLMSoftwareBrowseBurst
HKLMSoftwareWow6432NodeBrowseBurst
HKLMSoftwareMicrosoftInternet ExplorerApproved Extensions
Value: %CLSID%
HKLMSoftwareMicrosoftWindowsCurrentVersionexplorerBrowser Helper Objects{%CLSID%}
HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallBrowseBurst
HKLM SYSTEMCurrentControlSetservices%ExtensionName%

The extension may contain options (Browser Helper Object) that the extension will load into the memory all the time. This is why the combination of detection and repair routine by AIRS is so important.

If you like to know more details about the extensions’ behaviors, our virus researchers have created a detailed description:

Adware/Browsefox.Gen: http://www.avira.com/en/support-threats-summary/tid/8495/tlang/en

The post Browser Extensions that nobody wants… but a lot of people have! appeared first on Avira Blog.

Avira

Kyle & Stan Malvertising Hits Amazon, YouTube

Leave a comment

The “Kyle and Stan” method is an example of a particular type of exploit known as ‘malvertising’, because it inserts malware into online advertising, so as to infect visitors of legitimate, high-traffic websites. Because online advertisements are served up by a relatively small number of ad-publishing networks that reach many popular websites simultaneously, malvertising is a very efficient means of malware distribution.

This particular exploit is called “Kyle and Stan” because the malware code contains references to specific sub-domains with the URLs “kyle.mxp2038.com” and “stan.mxp2099.com.”

Although most malvertising exploits do not harm individual users directly, they will often make unscrupulous revenue by generating fake advertising clicks, or by redirecting users to other scam websites, or installing spyware or back-doors that are later used to hijack the users’ computers for misuse, for example as botnets. In the case of the Kyle and Stan exploits, users are redirected to websites that offer a legitimate media-player app that, when downloaded, comes bundled with a malicious browser hijacker that installs itself automatically.

Unfortunately, this new threat makes detection extra difficult by creating a unique profile for each and every installation.

In the bigger picture, the Kyle and Stan malvertising exploit may represent a new style of malware distribution that is OS-agnostic and highly efficient. We may soon see an industry call for ad publishers to more carefully scan the ads that are distributed through their networks. Our experts will monitor the progress of Kyle and Stan and will inform you as we learn more.

The post Kyle & Stan Malvertising Hits Amazon, YouTube appeared first on Avira Blog.

Avira

Read before clicking: Potential app permission risks

Leave a comment

Who is allowed to do what – when it comes to the world of apps, this isn’t a straightforward question to answer. Whether you’ve got an iOS, BlackBerry or Android device, apps on all operating systems require your permission to access specific functions like network communications or the camera and microphone. While BlackBerry and Apple review the permissions prior to store approval, Google leaves this task up to the user. If you use an Android tablet or smartphone, you’ll be familiar with the list of app permissions requested prior to installation. You have a choice: Either you agree to all the app’s wishes or you have to do without the app – no ifs or buts.

Of course, many developers handle this situation responsibly, only asking for permissions the app actually needs to do its job. But the temptation to ask for a few more pieces of information than are needed is huge: Details about user preferences can be gleaned and data sold on straight away to make a little bit extra on the side. Free apps in particular are infamous in this respect. A while ago, the example of the Brightest Flashlight was in the media spotlight. While it didn’t require any permissions for it to work, it practically granted itself full access to the smartphone – the developer then sold all the data it harvested.

The app is still listed on the Play Store, it still asks for permission to access everything, and has meanwhile racked up over 50 million downloads.

An app tells you, more or less, everything it wants to know and influence prior to installation. It does this either when you actually download it or right at the bottom in the Play Store under “Permission” and “View details”. All the details of “dangerous” permissions are shown, whereas permission requests deemed less critical are not. To view them, you have to click the “Display all” tab. This can be problematic especially when it comes to updates for installed apps. This is due to a change to the Play Store’s permissions-management system (version 4.8) which saw Google introduce “simplified permissions”. Permissions are now divided into the following 13 groups:

  • In-app purchases
  • Device & app history
  • Cellular data settings
  • Identity
  • Contacts/Calendar
  • Location
  • SMS
  • Phone
  • Photos/Media/Files
  • Camera/Microphone
  • Wi-Fi connection information
  • Device ID & call information
  • Other

If you initially granted permission during installation and another permission has since changed in the same group, you are no longer informed about it. The newly requested permission is granted without so much as a whisper. To some degree the groups are also fairly unclear and this has some really surprising impacts. For instance, the “Phone” group includes the following functions: Directly call telephone numbers (including chargeable numbers), write call log, read call log, reroute outgoing calls, and modify phone state.

If you want to learn more about which app can do what, take a look at “Settings” and then “Application manager” followed by choosing the app’s name and “Permissions”. The free app Permission Viewer makes things a bit easier.

It lists every app (incl. internal system apps) and displays apps’ permission levels using colored bars. That said, knowing about potential weaknesses does not lead to greater security. To do that, you need the help of other apps such as App Guard by Backes SRT. The security company, a spin-off of Saarland University, offers a security and data-protection app for Android smartphones and tablets with Android version 2.3 and later for € 3.99. There’s also a free demo version which can monitor up to four apps. App Guard lets you monitor other apps and make subsequent changes to their permissions. Superfluous permissions can be revoked without needing root access.

By contrast, App Ops Starter is free but it only works on Android versions 4.3 to 4.4.1. The app starts Android’s integrated but hidden “App Ops” mode. It’s also possible to revoke individual permissions from apps without root access. Rooting your device opens up further options to monitor and change access permissions such as by using XPrivacy.

Everyone has to be clear about one thing: people who experiment with permissions can render an app unusable. Less experienced users should stay away from system services; otherwise the entire Android operating system could quickly become unstable.

 

The post Read before clicking: Potential app permission risks appeared first on Avira Blog.

Avira

What can actually happen #IfMyPhoneGotHacked

Leave a comment

Everybody will know what you did last summer

The danger of getting your data stolen might seem rather abstract to you as the word “data” usually makes you think of valuable information you would not have on your phone. With “data” we mean everything on your phone: photos, videos, documents and browsing information, regardless of their economic “value”. Remember the selfies you took with your phone this summer but never had the courage to share with your friends? How about the Justin Bieber playlist you secretly stored in a hidden music folder? Well, if your phone gets hacked, it will all become public. And do trust us when we tell you that the “I don’t know how they got there” argument doesn’t stand a chance.

PS: don’t even make us open up the Browsing History subject; once it’s compromised, no superpower can save you from what’s coming next. Moving to a different country might be the only option left.

I just called to say…who are you?

If only the thought of some strangers having your phone number scares you, imagine how it would be if those strangers could also access all of your contacts and your recent dials? Not only would they be able to store and even sell all this private information about your family, friends and colleagues but they might also bother them with all sorts of pranks. And no, texts are not protected either so make sure you don’t ruin the flirt you’ve got going on because of some disturbing replies coming from people controlling your phone. Some of them can have a pretty twisted sense of humor.

Peekaboo I see you

We all use the “Big brother is watching” expression often enough that it has become a matter of speech more than a matter of fact. What if your newest “big brother” is a hacker who can activate your phone’s camera and spy on you whenever he feels like? One thing is sure: you’ll regret not being able to separate yourself from your phone in no situation. Too many examples of exposing the smartphone to private…events come to our mind (we’ll let you think of the most uncomfortable ones yourself). Now imagine sharing those images with a bunch of strangers. In real time. Sufficiently awkward yet?

Social Networks come just as a cherry on top of any hacking scheme mentioned on the #IfMyPhoneGotHacked thread. All of your data could go public (and even viral depending on the level of compromising information you store on your devices) in a matter of hours after your phone gets hacked. Just make sure you stay protected.

The post What can actually happen #IfMyPhoneGotHacked appeared first on Avira Blog.

Avira

Online dating is the latest trend – But is it also safe and secure?

Leave a comment

The Internet is new territory, apparently. To government officials perhaps, but not when it comes to finding a partner. According to a study, 30% of relationships begin online[1]. And many of those are made to last offline: in 2013 16.4 % of all new partnerships in Germany began with the couples flirting online[2]. It’s great when things work out with the neighbor, but just as searching for a partner in the supermarket, bar or swimming pool isn’t without its risks, the online world has its pitfalls too. Take untruthful profiles for example. “Men make themselves taller, women younger”, that’s what a former product manager of Yahoo Dating said summarizing her experiences. These sorts of little white lies are relatively harmless as they’re easy to spot on the first date. It gets more difficult when something doesn’t add up about the job, and the chosen one doesn’t turn out to be a doctor after all, but unemployed, in debt, and on the hunt for some funding.

Cyber scammers have created an entire industry from people’s desire to be together. The “romance scammers” search the lonely hearts sites specifically for woman with whom they initially email and call for weeks at a time to establish trust only for them to then ask for money for medical treatment, medication for mom, a trip to their sweetheart’s country or whatever it may be. The meet-up itself isn’t risk-free either. Blackmail through secretly or openly filmed sex tapes has already happened more than once, just like alleged pregnancies which nobody will ever find out about if the victim contributes to the abortion costs. While this is dramatic, generally the worst thing those who flirt online have to fear is enduring an endlessly boring evening on the first date.

Here are a few simple tips that will help guard against both dangers – criminality and boredom. On the first date, meet in public and never at your home. Tell a friend, relative or your parents where you will be and arrange for them to call you at a set time so you can give them the all clear. By the way, you can also use the call to your advantage to fake an emergency and escape a boring date early.

Spam messages from those looking for love can also end up in your mailbox through no fault of your own, and people who date online are more likely to open the wrong attachment by mistake. Not every jpg image is what it appears to be, and those ominous-looking Word, PDF, and PowerPoint attachments from romance-seeking Natashas from Belarus are also best sent directly to the recycling bin. The latest version of a comprehensive antivirus software solution like Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus blocks viruses, worms and Trojans and, in the best case, also evaluates websites before you click them. This minimizes digital dangers and searching for a partner online doesn’t lead to additional risks.

You should, however, pay particular attention to potential risks posed by revealing personal information. Even if endlessly long email conversations over many weeks are rather counterproductive, you should not be forthcoming with your personal information. Before you give your address and telephone number to the person you’ve been messaging, you should be absolutely sure that you won’t regret it. It’s a good idea to have a throw-away email address you only use for dating purposes. Another good tip is to stay completely within the dating provider’s web environment as it usually doesn’t allow real identities to be inferred from online identities. Above all choose the dating provider cautiously. Services you pay for sort at least some chaff, in the form of joke or fake profiles, from the wheat. All the best for your next date ;-)

 

[1]German study “Online-Dating-Marktreport 2013/2014″ (“Online Dating Market Report 2013/2014″) – singleboersen-vergleich.de, 2014

[2]“Vom Online-Dating zum Traualtar” (“From Online Dating to the Alter”, German survey of 827 German registry offices – singleboersen-Vergleich.de, 2013

The post Online dating is the latest trend – But is it also safe and secure? appeared first on Avira Blog.

Avira

Are all data breaches created equal?

Leave a comment

Companies both small and large have had to deal with a lot of hacker headaches recently, and for many people, news about these data breaches has caused them to change how they interact with the companies that have been affected. Not only is this bad for business for the companies, but it’s also embarrassing.

Even though revealing this information can make life difficult for the companies, it still makes sense that the public should always know about it, right? Well, maybe not. At least that’s what some executives have been saying lately.

It might come as no surprise that corporate executives would be the ones saying that not all data breaches need to be disclosed, but there are a couple different ways to look at this as a consumer that we’re going to focus on.

Tell me everything – In this situation, no matter what the hackers were able to get access to, you want to know about it. This could be sensitive data related to your password or credit card number, or it could be data about the company that’s not related to you.

Just tell me when it’s serious – Under this scenario, you’d only be notified when hackers access sensitive data about you that could be used to cause problems. Data breaches that don’t have a direct bearing on you or your privacy would not be publicly disclosed.

Which one of these options do you personally prefer? Disclosure might be the rule, but with the constant barrage of attacks that many companies have to deal with, some consumers might say that ignorance is bliss to some extent and the companies need to address their security issues privately unless there’s the chance that sensitive customer data has been compromised.

We’d love to hear your thinking on this matter in the comments section.

The post Are all data breaches created equal? appeared first on Avira Blog.

Avira

Eliminating file sharing security threats with subscription services

Leave a comment

Quite frankly, it became an addiction. Active users accumulated thousands of songs, and before too long, this file sharing madness spread into other areas, such as movies and software.

Getting whatever content you want whenever you want it sounds great on paper, but these early networks made it extremely easy to share content illegally, and that’s what they became popular for. Even though the Napster of old and other similar applications don’t exist anymore, downloading content illegally is still a simple task thanks to torrent sites and other dark corners of the Internet.

Of course, it’s not a good idea to be involved in this sort of activity just because it’s easy. For one thing, you’re accessing content illegally, and additionally, hackers love to use interest in illegal files to spread malware. Not only do many of the files contain security threats, but the sites that are used to distribute them can also often be plagued with malware.

Thankfully, if you want to access content online in a legal and secure way, then you have plenty of options that didn’t exist in the early days of Napster. Sure, you can buy a song or movie individually, but the trend these days is focused on subscription services. Part of the appeal of file sharing services is that they can give you access to everything at once, and that’s exactly what subscription services can provide legally for a small monthly fee. There are services like Netflix for movies and television shows, Spotify for music, Kindle Unlimited for books, and the list goes on.

The truth is that many of the people who download files illegally don’t necessarily want to do it, but they feel forced to do it because they can’t access the content in the digital way that they’d like to. Affordable subscription services are turning these people into legal consumers of content, and that’s a better solution for them and the content creators. Not only is the overall quality and experience enhanced for the user, but they’ll also have a clean conscience and avoid the security threats that come along with illegal file sharing.

The post Eliminating file sharing security threats with subscription services appeared first on Avira Blog.