Tag Archives: Antivirus

AV-TEST certifies Avira Antivirus Pro as Top Security Product

AV-TEST certifies Avira Antivirus Pro as Top Security Product

Avira confirms again the long series of recognition for its great performance products. The Avira Antivirus Pro was awarded the “AV Top Product” seal following its high scores in the independent testing organization’s search for the best antivirus software for Windows Home User. The test looked at security software for computers with Windows 10 from […]

The post AV-TEST certifies Avira Antivirus Pro as Top Security Product appeared first on Avira Blog.

Read More

Worms vs. Viruses: What’s the difference?

Worms, viruses, bots, oh my! Such names sound less like monikers for malicious software than characters in a sci-fi novel. Despite their fictional-sounding names, the monetary damage these types of malware can cause to computers and data is very real. Studies put the global cost of ransomware attacks for 2017 between 1 and 3 billion dollars.

Most types of malicious software (aka malware) work differently, but all have the same function: to install unwanted software on your computer or network for malicious purposes ranging from simple annoyance to corporate espionage.

Two of the most common forms of malware are worms and viruses. Knowing how they work can limit the damage of a malware attack sooner and help avoid infection altogether.

Spreading the Word Doc

Worms and viruses differ in two main ways: how they spread or “replicate” and their level of autonomy. To function, viruses need a host file (e.g., a Word document) or a host program (e.g., that free PDF splitter you downloaded). To replicate, viruses need humans to send them through emails, messages, attachments, etc. They can’t do this on their own.

Worms are viruses that can replicate themselves, emailing themselves to other computers and networks without help from pesky humans. A worm’s autonomy tends to make it more aggressive or contagious, while a virus may lay dormant for years waiting for a user to open an infected file. To use a cinematic analogy, worms are more like predators, viruses are more like aliens.

How viruses replicate

Computer viruses are transmitted like biological ones. For example, the common cold spreads through person-to-person contact. We pass our cold germs to other people through coughs and sneezes. Unsuspecting victims breath in our virus spray and presto! We’ve just replicated the virus to them. The point: It takes a human action (i.e., coughing and sneezing) to replicate a virus.

We replicate computer viruses by sending (sneezing) infected attachments through emails, instant messages, etc., to other users. Like us, they unknowingly download and open the attached file. Most recipients will open these attachments because they trust us. Replication of the virus took a human action and a little gullibility.

Social engineering

Social engineering is a way of tricking people into spreading malware to others. Hackers use our own assumptions and confirmation bias to fool us.

For example, when we visit our bank’s website, we usually first look for the most recognizable features: company name, logo and the familiar layout of the page. All of these features tip us off that we’re in the right place. Instead of applying a more critical eye, we quickly compare what we see to what we expect. When those basic expectations are confirmed, we click ahead.

Everyday, hackers create malicious copies of legitimate websites and emails to steal our private credentials. These digital fakes don’t need to be perfect copies either, just close enough to match our expectations. That’s why it’s best to avoid clicking email links to common websites and instead use a browser bookmark so you always know you’re in the right place.

Even a worm will turn

Worms are actually a subclass of virus, so they share characteristics. They also are passed through files like attachments or website links, but have the ability to self-replicate. Worms can clone and transmit themselves to thousands of other computers without any help from humans. Consequently, worms tend to spread exponentially faster than viruses.

Worms have this viral superpower in part because they don’t rely on a host file like a virus. While viruses use these files and programs to run, worms only need them as disguises to sneakily wiggle into your computer. After that, the worm runs the show. No more host files or social engineering required.

How to protect yourself

Even though worms and viruses are different, you take similar precautions to avoid them.

Avoid opening unfamiliar messages and attachments

Social engineering is powerful and preys on our assumptions and familiarity, but you can fight it by paying more attention to your online interactions. Inspect emails closely. Phishing emails usually have telltale signs they’re scams. Most importantly, never open an email attachment from an unknown source. If you can’t confirm the source, delete the attachment. One moment of satisfying your curiosity isn’t worth the risk.

Avoid non-secure web pages

Non-secure websites don’t encrypt how they talk to your browser like secure ones do. It’s easy to identify websites that are non-secure. They start with HTTP in their URL address. Try to visit only secure sites that start with HTTPS. The ‘s’ stands for ‘secure’. Browser plugins like HTTPS Everywhere can make searching only HTTPS sites easier.

Update your operating systems

Hackers love to find security holes in operating systems like Windows. It’s a game of cat and mouse played with software engineers who constantly test, identify and patch ways of infiltrating their own software. The result of their efforts is the security update. Updating your OS applies those patches as soon as they’re released, increasing your protection level. Set your system to auto-update.

Be picky about your programs

Like operating systems, individual apps on your devices also need updating – and for the same reason. Aside from updating them, you should also decide whether you even need them at all. Remember, viruses need host files and programs for execution and disguise. Decide whether you actually need the app, or if you already have it, how often you use it. The more apps you have, the more updates. The more updates, the more opportunities for a security breach or infection.

A couple of programs you will want to give special attention to are Adobe Flash and Acrobat Reader. Both are popular targets for cyber criminals. If you don’t use them, uninstall them.

Get antivirus protection

The easiest and most effective action you can take to protect yourself from worms and viruses is to get a total antivirus protection plan. Antivirus software can’t be manipulated by social engineering tricks. It never assumes anything. It scans every file you open and every program you run for viruses and worms. Good ones do this in real time.

Every worm and virus discovered gets assigned a ‘signature’, a unique indicator that says “this is a virus!” Antivirus software keeps a list of those signatures and compares them to all of the data coming through your system.

You now understand the differences between worms and viruses, how they spread and where they hide. Be more critical the next time you open an unfamiliar email or visit a familiar website. Following these tips and getting antivirus software is the best way to avoid malware.

Antivirus protection against ransomware

The post Worms vs. Viruses: What’s the difference? appeared first on Panda Security Mediacenter.

Read More

The modern Wild West’s guide to mobile malware

The modern Wild West's guide to mobile malware

Smartphones are mobile – which is precisely why we spend so much time with them instead of our more stationary computers. We do surfing, mobile banking, shopping, chatting – even watching advertisements. In fact, just about everything we do online is now done on the go with our smartphones. This huge amount of face time […]

The post The modern Wild West’s guide to mobile malware appeared first on Avira Blog.

Read More

Is Roblox Safe for Your Kid?

The internet continues to create conflicts for parents who want to give their children the benefits it provides without exposing them to the dangers it harbors. Online videos games are part of that struggle. Staying up-to-date on safety issues helps parents better negotiate the benefits and costs of online gaming.

Parents want to provide their children with the tools for expanding their imaginations. Once it was the humble Lincoln Log set. Now it’s user-generated, multi-platform, immersive online gaming systems. With games like Roblox, kids now have the power to build any world they can imagine and socialize with other players from around the world.

Roblox touts 64 million active players every month, who log on to “create adventures, play games, roleplay, and learn with friends.”

Children put in hundreds of hours playing games like Roblox, and they’re emotionally connected to their accounts — to a level many adults may not consider. When a child’s account is stolen, they’ve lost more than just their username and password; they’ve given up the worlds they’ve built, the items they collected, the avatars they’ve customized, the friends they’ve made and any future plans for the game. It can be devastating.

Given the power and creativity Roblox provides children, the company takes a proactive stance to protect their players from inappropriate content, online hackers, cyber thieves and other internet dangers. Roblox provides resources like in-game moderators, parental guides and content controls to help parents. However, it’s impossible to monitor the activity of so many players.

Hackers can steal player accounts or infect computers with malware, but knowing the common safety issues will help you keep your devices safe and your child’s imagination on track.

Can you get a virus from Roblox?

It’s impossible to get a virus playing within the Roblox platform because the game doesn’t “permit, or have the functionality, to upload, retrieve, or otherwise disseminate harmful executables or malware via its platform,” says Brian Jaquet, the company’s Senior Public Relations Director.

However, while hackers can’t introduce a virus within the Roblox game, they can find ways to get kids to leave the platform where infection or account theft is possible.

Phishing attacks

Pop-up ads or chat links offering free Robox or custom items can lure children to fake phishing websites designed to infect your computer or steal your child’s Roblox account. It’s similar to how phishing attacks work on YouTube. Roblox hackers entice users away from the game with promises of free gifts or Robux, the platform’s in-game currency, if they click a link within a chat message or pop-up ad.

Malware

While on a malicious website, hackers trick users into downloading an executable program having an .exe extension. Once opened, the program infects the computer with malware designed to steal data, which can include your banking formation and passwords.

Stolen Passwords

Phishing attacks can also steal Roblox accounts while on fake websites. Players are prompted to login with their Roblox username and password with promises of free Robux. Their information is then saved and can be used to steal their password. The image below is from a phishing website.


The Roblox community rules clearly state players are forbidden to “sell, trade or give away Robux, digital goods or game codes except through official channels on the Roblox platform.” Players can buy and sell game items, but only as Builders Club members. Sharing outside programs on the Roblox site is not allowed, but it does happen.

Scams

Hackers can also steal from players while on the Roblox platform. These scams commonly use pop-up ads promising free items, but instead of a new weapon or t-shirt, players get their Robux stolen or accounts hijacked.

Fake maintenance

The so-called “Fake Maintenance Scam” is a phony graphic user interface (GUI) that tells users the site is “undergoing maintenance”. The scam is effective because it tricks players into giving away their login information. Younger or newer players, upset at their game’s interruption, are more likely to sign back in without questioning the GUI’s authenticity.


Here are some maintenance guidelines to help children identify when Roblox is actually undergoing maintenance:

  • An orange banner (see above) will appear on the Roblox website warning you before maintenance begins.
  • When the banner changes to red, you won’t be able to play Roblox until maintenance is finished.
  • Maintenance usually occurs when you’re asleep or at school.
  • Roblox will never ask for your username and password anywhere except the home page.

Botnets

Scammers can use “bots” to make money from Roblox players. Bots are automated programs that perform a specific set of tasks. On Roblox, the most common bot task is to create a fake account and message players, asking them to visit a website to get free Robux.

Hackers released thousands of bots or a “botnet” during the 2017 Group Wall Scam. The botnet was sending thousands of players to a monetized YouTube video to increase its number of views.

How to prevent attacks

Here are some ways to keep your little Roblox players and their devices safe.

Enable two-step verification

Two-step verification adds an extra layer of security to your child’s account by requiring an extra step to prove your identity. Any time your child signs in on a new device, Roblox will require you to enter a six-digit security code. For your child’s account, use a secure email address only you can access. Anyone trying to change the account’s password will need that security code.

Create a strong password

Even without phishing scams and fake GUIs, hackers have ways of guessing your child’s passwords using software. Teach your child that they should never write down their password or share it with anyone except you. Follow password creation guidelines to help them build a strong password that’s easy to remember.

Sign out when on shared devices

If your child plays Roblox on multiple devices, like a friend’s or a school’s computer, remind them sign out of their account when they’re done. It’s easy for others to access accounts when they’re simply left open in a browser.

Check the link before you click

You never want your child going to another website from the Roblox platform. If they do, they’re probably somewhere they shouldn’t be. Help them understand that URLs are an address for websites, like the one where they live. Just like they need to make sure they’re getting off the bus at the right stop, they need to check to make sure they’re on the right web address. For the Roblox website, they can look for the roblox.com address in the browser’s address bar. For example: https://en.help.roblox.com.

Set messaging and chat to “Friends”

Control who can communicate with your child through the account’s privacy settings. In the “Privacy” settings tab, users can control who can chat, message, invite and join them in the game. Restrict contact to “Friends” to keep your kid’s interactions safer. They’ll be less likely to encounter a malware link. However, you will still need to manage who their “Friends” are to keep the group safe.

If your child is part of the Builders Club, they can set their group to “Private” to keep out scammers.

Report Abuse and Scammers

Roblox employs moderators to monitor content, blocking inappropriate ads and warning players of scams. But with the game’s large number of users, player interactions, trading systems and user-generated content, it’s challenging to monitor everything.


Encourage your children to report any inappropriate behavior or scams. Roblox makes it easy for them to report others for a variety of abuses, from cyberbullying to posting offsite links. Tell them to find a grown up — either you or a moderator — if they have a bad feeling.

Free lunches

Use Roblox to teach your kids that there’s no such thing as a free lunch. If something sounds too good to be true, it probably is. If someone is offering free Robux or customized avatar t-shirt they’ve been wanting for weeks, it’s 99.9 percent likely to be a scam. The official Roblox trading system has specific rules to follow for exchanging items.

Download a good antivirus software

Antivirus software will protect your devices from getting infected by viruses or eliminating them if you do. There’s no substitute for vigilance, but downloading an antivirus software can eliminate the stress and worry that comes with the combination of children, the internet and digital devices.

As a parent, the last thing you want is to have your child’s social and creative Roblox experience end up as a bad memory. There’s more at stake than just a video game. Friends, digital worlds and hours of play can be stolen alongside usernames and passwords. Taking a little time to educate your kids about the real world can go a long way in keeping their digital one safe.

The post Is Roblox Safe for Your Kid? appeared first on Panda Security Mediacenter.

Read More

Kaspersky: NSA Worker’s Computer Was Already Infected With Malware

kaspersky-nsa-malware

Refuting allegations that its anti-virus product helped Russian spies steal classified files from an NSA employee’s laptop, Kaspersky Lab has released more findings that suggest the computer in question may have been infected with malware.

Moscow-based cyber security firm Kaspersky Lab on Thursday published the results of its own internal investigation claiming the NSA worker who took classified documents home had a personal home computer overwhelmed with malware.

According to the latest Kaspersky report, the telemetry data its antivirus collected from the NSA staffer’s home computer contained large amounts of malware files which acted as a backdoor to the PC.

The report also provided more details about the malicious backdoor that infected the NSA worker’s computer when he installed a pirated version of Microsoft Office 2013 .ISO containing the Mokes backdoor, also known as Smoke Loader.

Backdoor On NSA Worker’s PC May Have Helped Other Hackers Steal Classified Documents

This backdoor could have allowed other hackers to steal classified documents and hacking tools belonging to the NSA from the machine of the employee, who worked for the Tailored Access Operations (TAO) group of hackers at the agency.

For those unaware, United States has banned Kaspersky antivirus software from all of its government computers over suspicion of Kaspersky’s involvement with the Russian intelligence agency and spying fears.

Though there’s no substantial evidence yet available, an article published by US news agency WSJ last month claimed that Kaspersky Antivirus helped Russian government hackers steal highly classified documents and hacking tools belonging to the NSA in 2015 from a staffer’s home PC.

However, the article, which quoted multiple anonymous sources, failed to provide any solid evidence to prove if Kaspersky was intentionally involved with the Russian spies or some hackers simply exploited some zero-day bug in the Antivirus product.

Kaspersky lives up to its claims that its antivirus software detected and collected the NSA classified files as part of its normal functionality, and has rigorously denied allegations it passed those documents onto the Russian government.

Now, in the recent report published by the anti-virus firm said between September 11, 2014, and November 17, 2014, Kaspersky Lab servers received confidential NSA materials multiple times from a poorly secured computer located in the United States.

The company’s antivirus software, which was installed on the employee’s PC, discovered that the files contained malware used by Equation Group, a 14-year-old NSA’s elite hacking group that was exposed by Kaspersky in 2015.

Kaspersky Claims it Deleted All NSA Classified Files

Besides confidential material, the software also collected 121 separate malware samples (including a backdoor) which were not related to the Equation Group.

The report also insists that the company deleted all classified documents once one of its analysts realized that the antivirus had collected more than malicious binaries. Also, the company then created a special software tweak, preventing those files from being downloaded again.

“The reason we deleted those files and will delete similar ones in the future is two-fold; we do not need anything other than malware binaries to improve protection of our customers and secondly, because of concerns regarding the handling of potential classified materials,” Kaspersky Lab report reads. 

“Assuming that the markings were real, such information cannot and will not [be] consumed even to produce detection signatures based on descriptions.”

Trojan Discovered on NSA Worker’s Computer

The backdoor discovered on the NSA staffer’s PC was actually a Trojan, which was later identified as “Smoke Bot” or “Smoke Loader” and allegedly created by a Russian criminal hacker in 2011. It had also been advertised on Russian underground forums.

Interestingly, this Trojan communicated with the command and control servers apparently set up by a Chinese individual going by the name “Zhou Lou,” using the e-mail address “zhoulu823@gmail.com.”

Since executing the malware would not have been possible with the Kaspersky antivirus enabled, the staffer must have disabled the antivirus software to do so.

“Given that system owner’s potential clearance level, the user could have been a prime target of nation states,” the Kaspersky report reads. 

“Adding the user’s apparent need for cracked versions of Windows and Office, poor security practices, and improper handling of what appeared to be classified materials, it is possible that the user could have leaked information to many hands.”

More details on the backdoor can be found here.

For now, the Kaspersky anti-virus software has been banned by the U.S. Department of Homeland Security (DHS) from all of its government computers.

In the wake of this incident, Kaspersky Lab has recently launched a new transparency initiative that involves giving partners access to its antivirus source code and paying large bug bounties for security issues discovered in its products.

Kaspersky Opens Antivirus Source Code for Independent Review to Rebuild Trust

kaspersky-antivirus-source-code

Kaspersky Lab — We have nothing to hide!

Russia-based Antivirus firm hits back with what it calls a “comprehensive transparency initiative,” to allow independent third-party review of its source code and internal processes to win back the trust of customers and infosec community.

Kaspersky launches this initiative days after it was accused of helping, knowingly or unknowingly, Russian government hackers to steal classified material from a computer belonging to an NSA contractor.

Earlier this month another story published by the New York Times claimed that Israeli government hackers hacked into Kaspersky’s network in 2015 and caught Russian hackers red-handed hacking US government with the help of Kaspersky.

US officials have long been suspicious that Kaspersky antivirus firm may have ties to Russian intelligence agencies.

Back in July, the company offered to turn over the source code for the U.S. government to audit.

However, the offer did not stop U.S. Department of Homeland Security (DHS) from banning and removing Kaspersky software from all of the government computers.

In a blog post today the company published a four-point plan:

  • Kaspersky will submit its source code for independent review by internationally recognised authorities, starting in Q1 2018.
  • Kaspersky also announced an independent review of its business practices to assure the integrity of its solutions and internal processes.
  • Kaspersky will establish three transparency centres in next three years, “enabling clients, government bodies & concerned organisations to review source code, update code and threat detection rules.”
  • Kaspersky will pay up to $100,000 in bug bounty rewards for finding and reporting vulnerabilities in its products.

“With these actions, we will be able to overcome mistrust and support our commitment to protecting people in any country on our planet.” Kaspersky’s CEO Eugene said.


However, infosec experts’ twitter commentary shows that the damage has already been done.

“Code review is absolutely meaningless. All Russian intelligence need is an access to KSN, Kaspersky’s data lake which is a treasure trove of data. Even open sourcing the entire product won’t reveal or even help with revealing that.” Amit Serper, the security researcher at Cybereason, tweeted.

Now it is important to see whether these actions will be enough to restore the confidence of US government agencies in Kaspersky or the company will be forced to move its base out of Russia.

For the want of a patch, the data was lost

For the want of a patch, the data was lost

Nursery rhymes nail it — from a horse’s shoe to a missed batch at Equifax leaking the private data on millions of people.

The post For the want of a patch, the data was lost appeared first on Avira Blog.

Read More

DNA virus brings malware full circle

pandasecurity-malware-dna

In what sounds like a science fiction story, scientists have successfully infected a computer using a virus encoded in DNA. The experiment was designed to prove that DNA could be used to successfully infect computers in the future.

During the test, engineers created an artificial strand of DNA and “programmed” malicious code inside it. The strand was then inserted into a computer capable of reading the DNA code, and the malware successfully installed itself before going on to fully infect the machine.

A fledgling industry

Storing computer data in DNA is still a very experimental technique. Microsoft has been investing millions of dollars in the technology because they believe DNA can store much more information than traditional hard drives. Early tests have been quite successful as scientists have managed to store and retrieve poems, pictures and other files using the organic material.

We are still many years away from seeing commercial DNA storage however – it still costs hundreds of thousands of dollars to create synthetic strands of the material.

Because the best security safeguards are designed alongside new technologies, it makes sense for scientists to test DNA malware capabilities now. That way they can engineer systems to block malware before they become publicly available.

A headline grabbing experiment

A closer look at the DNA virus experiment shows that the problem of organic malware may not be as bad as expected (yet). The infected DNA was passed directly into the “reader” of its computer victim, which then read the instructions and executed the malware code – exactly as you might expect.

To put this into perspective, the process was no different to inserting an infected USB drive into your laptop, or executing an infected attachment in your email. Despite the unusual storage medium – DNA – there was nothing strange about the actual infection mechanism itself.

If you put a virus into an unprotected computer, you can expect the machine to be infected.

Replicating an ancient, natural phenomenon

Ironically infection by DNA is a truly ancient phenomenon. For thousands of years humans have been infected by the DNA carried by viruses, causing illnesses including the common cold.

During a human infection, the virus attaches itself to cells in the body, injecting infected DNA into them. This process is repeated in healthy cells over and over again, triggering the symptoms of the illness. Serious viral infections, like HIV or Hepatitis, can be fatal.

It is this natural process that gave computer viruses their name in the first place.

Prevention not cure is the answer

Viral infections in the human body cannot be cured with medication like antibiotics. Instead the body’s natural defences, the immune system, must fight the infection. For some serious infections anti-retroviral medications may be prescribed, with varying degrees of success.

The best way to prevent the spread of the virus is to avoid contact with it in the first place. When it comes to computers, that means installing antivirus software which can detect and block potential infections before they are installed. Even computers with DNA-reading capabilities.

To learn more about protecting your computer from viruses, download a free trial of Panda Security now.

The post DNA virus brings malware full circle appeared first on Panda Security Mediacenter.

Read More

DNA virus brings malware full circle

pandasecurity-malware-dna

In what sounds like a science fiction story, scientists have successfully infected a computer using a virus encoded in DNA. The experiment was designed to prove that DNA could be used to successfully infect computers in the future.

During the test, engineers created an artificial strand of DNA and “programmed” malicious code inside it. The strand was then inserted into a computer capable of reading the DNA code, and the malware successfully installed itself before going on to fully infect the machine.

A fledgling industry

Storing computer data in DNA is still a very experimental technique. Microsoft has been investing millions of dollars in the technology because they believe DNA can store much more information than traditional hard drives. Early tests have been quite successful as scientists have managed to store and retrieve poems, pictures and other files using the organic material.

We are still many years away from seeing commercial DNA storage however – it still costs hundreds of thousands of dollars to create synthetic strands of the material.

Because the best security safeguards are designed alongside new technologies, it makes sense for scientists to test DNA malware capabilities now. That way they can engineer systems to block malware before they become publicly available.

A headline grabbing experiment

A closer look at the DNA virus experiment shows that the problem of organic malware may not be as bad as expected (yet). The infected DNA was passed directly into the “reader” of its computer victim, which then read the instructions and executed the malware code – exactly as you might expect.

To put this into perspective, the process was no different to inserting an infected USB drive into your laptop, or executing an infected attachment in your email. Despite the unusual storage medium – DNA – there was nothing strange about the actual infection mechanism itself.

If you put a virus into an unprotected computer, you can expect the machine to be infected.

Replicating an ancient, natural phenomenon

Ironically infection by DNA is a truly ancient phenomenon. For thousands of years humans have been infected by the DNA carried by viruses, causing illnesses including the common cold.

During a human infection, the virus attaches itself to cells in the body, injecting infected DNA into them. This process is repeated in healthy cells over and over again, triggering the symptoms of the illness. Serious viral infections, like HIV or Hepatitis, can be fatal.

It is this natural process that gave computer viruses their name in the first place.

Prevention not cure is the answer

Viral infections in the human body cannot be cured with medication like antibiotics. Instead the body’s natural defences, the immune system, must fight the infection. For some serious infections anti-retroviral medications may be prescribed, with varying degrees of success.

The best way to prevent the spread of the virus is to avoid contact with it in the first place. When it comes to computers, that means installing antivirus software which can detect and block potential infections before they are installed. Even computers with DNA-reading capabilities.

To learn more about protecting your computer from viruses, download a free trial of Panda Security now.

The post DNA virus brings malware full circle appeared first on Panda Security Mediacenter.

Read More