Author Archives: Avast Blog

Fake mobile antivirus apps promise rainbows and safety forever

fakeAVads4.pngAnnoying popups advertising fake antivirus apps appear in mobile browsers.

Those evil popups. We all know them, we all see them every day on our PCs while we are reading news, watching videos, or just generally – clicking. As tempting as they might sound, let me assure you that you’re not a 1000000th visitor and you certainly just didn’t win a lottery. Also no magic diet pills for you. Popups are not your friend. Close them, block them, and never trust them.

Safeguarding Business at CeBIT 2016

      No Comments on Safeguarding Business at CeBIT 2016
 
20160316_111751.jpg

Last week was an exciting week for professionals in the security industry. CeBIT 2016, an annual global conference with an emphasis on digital business and transformation, brought in security experts from across the globe to Hanover, Germany.

During the third day of CeBIT, Avast CEO Vince Steckler spoke on a panel titled “Safeguarding Business”.

TGIF: Avast security news wrap-up for March 2016

Get your Avast update on ransomware, mobile security, social media, and enterprise security.

Mac ransomware demands paymentMac users get first taste of ransomware

Mac users got attacked by ransomware in the first fully functional attack on OS X. Now that hackers have proven that Mac users are a viable target, it’s time to move on from the myth that Macs are impervious to attack and get protection. 

Locky_campaign_flow-132996-edited.pngA closer look at the Locky ransomware

Ransomware attacks targeting PC users are quite successful. New variants are introduced, but they have the same format- encrypt your files and demand payment for the key to unlock them. The Avast Virus Lab did a deep analysis of ransomware dubbed Locky. This is deep look was followed by Locky’s JavaScript downloader, which describes the phishing campaign that has emerged as the main infection vector.

Locky’s JavaScript downloader

      No Comments on Locky’s JavaScript downloader

Locky is a considerable security threat that is now widely spread.

It seems that Locky’s authors are now predominately using one campaign to spread the ransomware. Last week, we published a blog post about Locky Ransomware, the ransomware that is most likely being spread by the infamous Dridex botnet. In our last blog post, we described three campaigns the Locky authors are using to spread their malware. Now Locky’s authors are mainly using the campaign with javascript packed into a zip file sent to people through phishing emails.

Making security a priority in mobile enterprise environments

20160316_105220.jpg

Today at CeBIT 2016, Avast CEO Vince Steckler delivered a keynote speech focusing on the security risks in mobile enterprise environments. In his presentation, he discussed how mobile activity influences both employees and employers alike. Let’s take a closer look into the speech:

A closer look at the Locky ransomware

      No Comments on A closer look at the Locky ransomware

Today, we bring you a deep look into the latest ransomware called Locky. This new file encryptor, targeting PC users, has most likely been created by authors of the well-known Dridex botnet and is spread the same way.

Locky uses all “top class” features, such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA-2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.

We monitored the Locky family this past month and discovered a second variant of the malware, which has new features and program code improvements. Locky’s authors added a new hard-coded seed to the domain generation algorithm, which allows them to deactivate Locky on Russian PCs.

Infection vector

Locky is spreading via spam email campaigns that are similar to those used by the Dridex botnet. They use similar file names, obfuscation, email content and structure of download URLs.

We have observed three different campaign versions of Locky and have described them below.

Below is an example of one of the spam emails. The emails are designed to make people believe they were sent from large companies such as Nordstrom, Symantec and Crown Holdings.