Lost your mobile device? “Yell” or catch the thief in his nest

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

The new Anti-Theft feature in our Avira Online Essentials dashboard has a couple cool tricks to help you get back your lost smartphone or tablet. And, this feature is available on Android and iOS devices – and your home PC.

Here’s how it works:

The first step is simply to register your devices with Avira, activate the “Device Administrator” feature, and afterwards you can remotely control them using the Online Essentials dashboard. Soon after activation, finding your smartphone or tablet will be just a couple of clicks away.

1st scenario: You misplaced the device

Go to the “Can not find your device” section of the Online Essentials dashboard and trigger the “Play Sound” button. A really powerful signal will start sounding and if the device is nearby, you will surely find it. If it’s in somebody else’s hands, just imagine the panic on his face.

After you are sure that the device has been stolen, it’s time to go to “Lock your device” function. Add a PIN code that is known only by you and preset a message with contact details, which will be shown on the smartphone’s screen to its new “owner”.

On iOS, you have an additional contact option. While you can only send a message on an Android device, on iPhone you can directly call the person that has the device. Just go to the closest computer and access your Online Essential account.

Capture1

2nd Scenario: Your device was stolen for sure and you get no answer

Hmmm, that’s nasty! But don’t lose hope. Go to “Think you lost your device?” function, click on “Wipe” and then you can select the data that shouldn’t get into wrong hands: Delete the storage, the SIM card or you can do a factory reset directly. Of course, shortly after this, the Police must be informed about the theft. The “Device data” gives you a complete report on your smartphone and provide all the necessary information for the investigation such as IMEI number and other product details.
Capture2

Locate the device

If you want to solve the theft problem faster and more efficiently, you can always activate the “Locate” function in Online Essentials. This will show you the exact location of the missing device and also a Google Street View of the place where it can be found. But bear in mind that this works only if the location settings are enabled and if the battery is not drained or removed.

Now, that you know what Anti-Theft feature can do, you can start preparing your devices for this kind of situations. Download Avira Free Antivirus, pair one or more devices and make it into a companion that will always be there to help when you can’t find your smartphone or tablet.

Source : blog.avira.com

Avira Tech Support : Blog

The new Avira Phantom VPN: Stop exposing yourself online!

phantom-VPN-PR-BLOG

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Avira is now protecting users from exposing themselves online with the release of its new Avira Phantom VPN (Virtual Private Network).

Avira’s Phantom VPN for Windows and Android keeps you covered – virtually, of course – by encrypting all communications between your device and the Internet, shutting eavesdroppers out from your private communication and stopping cybercriminals from capturing your data. Avira Phantom VPN also masks your devices’ true IP address, enabling you to browse anonymously and helping you unlock geo-restricted content.

Unsecured public WiFi networks are known to be vulnerable to virtual Peeping Toms, but the use of VPNs among consumers is still shockingly low. A BITKOM survey on cybercrime found 68% of users had antivirus software installed on their devices – but only 9% used a VPN.

Without a VPN, data packets sent to your devices can be sniffed out and read by a passerby (‘man-in-the-middle’ attack) or captured from the router itself. This captured data can be more than that embarrassing message content, these packets of data also tell where you are and give out details about your device.

But with the Avira Phantom VPN, your data packets are placed in a secure and encrypted envelope – something like certified mail. For this reason, VPNs are a mandatory component in most corporate laptops used for travelling and remote office log-ins.

“As more people bring their laptops into cafes and log into banking sites and online accounts from their smartphones, they risk exposing themselves online,” stated Melanie Weber, head of the VPN project at Avira. “We’ve made Phantom VPN free and very simple to install on both your Windows and your Android devices. There’s no reason not to get it today.”

Avira Phantom VPN provides superior benefits in four major ways:

• Protects your individual privacy. Without a VPN, online activities are being constantly tracked and analyzed. With Avira Phantom VPN, you can control what personal data is collected.
• Secures and anonymizes your browsing. Avira Phantom keeps others from eavesdropping on online activities and the data exchanged with friends, online shops, and banking websites.
• Opens up the internet. Some news channels, social media, and video-streaming websites cannot be accessed from certain regions and countries. Avira Phantom unlocks these geo-restrictions.
• Applies across all your devices. Phantom VPN can be used on almost all devices, including PCs with Windows 7 or newer operating systems and Android devices running 4.0.3 and above

The Avira Phantom VPN is available free to all users, both for registered and unregistered users at http://www.avira.com/en/avira-phantom-vpn.

Unregistered users have a data allowance of up to 500 MB/month and registered users with a higher limit of 1GB/month. Users subscribing to the Pro version also receive unlimited data traffic.

Source : blog.avira.com

Avira Tech Support : Blog

Avira has just launched AppLock+ your Android world – Avira Support

Avira-Antivirus-Pro-2015-Free-Download

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Avira has just launched AppLock+, the app that puts you in direct control of what, where, and when each app is used on your Android  – even when the device is off at school and out of arms reach.

AppLock+ lets you restrict app activity by your choice of PIN password, time of day, or even the device location. In addition, you don’t even need to have your device in hand as AppLock+ allows you to remotely manage devices with the Avira Online Essentials dashboard.

”AppLock+ answers the essential problem faced by parents around the globe: How we  keep  children from playing with smartphones or accessing social media accounts during school hours, but still be accessible,” said Andrei Petrus, product manager at  Avira.

And it’s not just for parents, it’s also for the privacy conscious. “AppLock+ lets device owners decide what they want to share or not – solving Android’s weakness of a single default device lock,” points out Petrus.

AppLock+ gives users three big benefits:

  1. Parental Control – Smart controls with a soft touch

AppLock+ lets parents to set limits on their kids’ smartphone usage without being intrusive. Game and social apps can be blocked by time limits or blocked at the school door with Geo Lock restrictions.

  1. Privacy Protection – Share it on your own terms

With AppLock+ you decide how much someone with your device can access your apps and private data. Apps can be locked by PIN and managed individually or in groups.

  1. Remote management – Oversee device activities from anywhere

Applock+ includes Avira Online Essentials – the online dashboard in our consumer and business antivirus security products – to let device owners remotely manage app use.

AppLock+ is free for downloading at the Google Play Store and the Avira website. The Geo Lock and other features are available only with the premium product.

It’s your device, it’s your choice with AppLock+.

Source : blog.avira.com

Avira Tech Support : Blog

Android: The phone is not the target, your money is

android-target-money-malware

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Having grown in popularity, Android devices are naturally the favorite target of cyber-criminals. They are concentrating their efforts in breaching the Google developed OS. The lack of attention that many Android users have is also being manipulated. A key factor is that users aren’t paying attention to what they are downloading from Google Play Store. Many devices are getting infected with malware that gives itself root access after being downloaded, followed by an immediate start of malicious operations.

The most-known malware for mobile platforms is currently the Locker ransomware. It usually starts as a “message” from law enforcement agencies like the FBI, BKA, LKA and they use various tricks to obtain payment from their victims. This malicious software is becoming more and more professional, even offering up alleged “examples” of user misdeeds that could be used as evidence against the user to ensure that payment is made as quickly as possible. The bitcoin payment methods used make it next to impossible to either trace or to recover the ransom money.

But how do you get rid of this malware from your Android device?

One of the most important steps in reducing potential damage from malware is to make a weekly backup of the most important files on the Android device. In this way, after a user restarts in safe mode, the most important data on the phone will remain untouched. Beyond that, the default factory settings may have to be restored if it is not possible to make the device work again due to the malware intrusion.

Most attacks on Android have a clear purpose: making money from users. That is why only a small amount of the malware is focused on directly attacking the phone. The growth curve is developing similarly as it  happened with Windows; as Android becomes more known and apps are more easy to develop, cybercriminal attacks increasingly focus on it. Although they are still, at least at the moment, far lower than the attacks on Windows PCs, the numbers of these attacks are quickly rising over time.

Security you can trust

At Avira, we have developed a free security system for Android which is available in the Google Play Store. Independent testing labs have found that Avira Free Antivirus for Android has a superior detection of mobile device threats when compared to most paid solutions. Also,  Avira prevents unwanted premium calls (a prime way that cybercriminals make money from mobile malware), blocks banking Trojans, and stops Ransomware from restricting access to data or encrypting it. Free Antivirus for Android also includes features that protect your e-mails and browsing and. It contains the Android Optimizer which accelerates the phone’s operation by freeing up extra memory (RAM), protecting your privacy, and extending the device’s battery life.

Source : blog.avira.com

Avira Tech Support : Blog

More Secure Email for web-hosting companies with Avira

web-hosting-avira

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Avira has launched Secure Email, a new anti-spam and antivirus cloud service designed for web-hosting companies. Avira Secure Email quietly went to market this week at the World Hosting Conference in Rust, Germany.

The launch venue was by design. The WHC is one of the biggest events anywhere for the hosting and cloud industry – and certainly the biggest for the German speaking regions of Europe. Last year’s event was attended by 6,300 visitors from 83 countries.

The goal of the Avira team was to simply to walk potential clients through the new product.

“We’ve talked with numerous international customers which were interested in what we are doing and they gave us a lot of positive feedback,” said Nina Heiler, business development manager at Avira. “They like the German brand, they feel secure with our product, and they liked the clear and simple design of the web interface.”

While Avira Secure Email is a new product, it is not a new reach into a new specialization. “The experience we’ve gained in spam detection combined with our award-winning anti-malware software makes our new solution stand out from the competition – and also makes it attractive for hosting providers,” explained Wilfred Schoonderbeek, head of the Secure Email development project. “This is an extension of our core business strengths. Our goal at WHC was to let the right people know about it.”

With AVIRA Secure Email, all incoming traffic is scanned on the Avira cloud platform: Questionable emails are blocked or quarantined, while safe communications are automatically delivered to the mail server.  Avira Secure Email provides the following benefits:

  • Best-in-Cloud threat analysis and detection – The Avira Protection Cloud (used throughout the Avira product lineup) is the basis for the award-winning malware detection.
  • Plug-and-play capability – The Secure Email API can be easily integrated with the existing control panels of web-hosting providers.
  • Competitive model – The no-hardware, one-domain structure provides an easy way for web hosting companies to add high-level email protection.

Avira Secure Email is available directly from Avira and through selected partners.

Source : blog.avira.com

Avira Tech Support : Blog

Malware: Just believe and follow our directions

avira_visual_2018_technology

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

It all starts when the computer user opens the attached .zip file and executes the excel icon file inside. This kicks off an “installation process” that has the popup warning of a suspicious root certificate from the “COMODO Certification Authority” flashing by in less than a second. It’s just like the best of Dr. Who – blink and you will miss it – no additional help needed. But there is a problem with this certificate: It’s not from Comodo.

Name recognition counts

“The Comodo name is well known and just does not look suspicious on certificates,” explains Oscar Anduiza, malware analyst at Avira.

Self-issued root certificateComodo is the largest Certificate Authority(CA), one of the global “trust anchors” at the top of the “chain of trust” charged with verifying identities and levels of authorization.

But, this certificate is self-signed by the issuers –  not Comodo. Self-signed certificates are equivalent to a schoolyard know-it all’s statement: “It’s good because I said so. Don’t ask questions, everything will be just fine.” The email address listed on the certificate is me@myhost.mydomain.***. And, a root certificate is a carte blanche that empowers the issuer to do almost anything to the computer – very useful for data-stealing malware.

Spoofed information about the issuer

The spoof continues on other certificate tabs, making it appear that their certificate comes from Comodo, despite it being self-issued from someone else. “Instructions on how to do this are easily obtainable on the internet – from official and other sources,” he adds.

Just follow the directions

In case the downloader does not automatically open or is stopped by the recipient’s antivirus software, this malware comes with directions that can cure that problem. The directions come as a inside_zipzipped “readme.txt” file alongside the Trojan downloader. They give computer users detailed directions how to execute that malware.

readme installation text

Here is a summary:

  • Just click to agree to everything: Double click on the extracted file. And from there, just click on “Agree” and then “Run”. For PCs with Windows 8 or the newer 10, click on “More Information” -> “Download anyway” at the standard SmartScreen warning.
  • Disable or turn off your antivirus or firewall: AVs and firewalls can block all files downloaded from the internet. If there are problems, add this file to the exceptions list and try again. Or, temporarily turn off the AV or firewall until the file has been downloaded.

“They really want to be sure that the user ‘properly’ gets infected,” says Anduiza. “These directions are pretty much exactly 180 degrees off from what computer users should actually do.”

The readme.txt file is in standard, but slightly irregular German, but does not appear to be a machine translation. This indicates that the text has been written for the German mass-market but is probably also being distributed in other languages such as English.

“This gives the cybercriminals a second chance at a successful installation, especially after the AV has blocked the initial attempt,” he points out. “This is an interesting social engineering trick, especially as the downloader and malware are not especially sophisticated.”

Start me up with malware

The malware downloads a malicious file from a compromised URL hxxp://lebensbau.de/%%/dftrxtretxetxer.exe. The file that is copied to three places in the computer, one of which is the Startup folder, insuring the malware will be executed every time the computer starts Windows.

  • c:\ProgramData\VCFKARJR.com
  • c:\Users\All Users\VCFKARJR.com
  • c:\Users\%user%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif

As of early March, the installed malware was a banking Trojan that steals credentials and financial information. This downloaded malware is detected by Avira as TR/Crypt.XPack.xxx by Avira.

Source : blog.avira.com

Avira Tech Support : Blog

Android users: beware the porn-clicker Trojan in Play Store

porn-clicker-trojan-play-store

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Android devices are getting infected due to a Clicker Trojan, a family of Android malware, which is hidden in counterfeit versions of various apps. After installation, it uses the browser of the infected device to click on porn ads in the background. The way in which this Trojan manages to infect isn’t at all complicated. The virus is disguised in a version of a very popular game or app, from which it “borrows” even the name and icon. Also, the malicious apps are available for free, and are completely unrelated with the original.

Apps and games to avoid

As we have mentioned before, the Clicker Trojan usually has a popular name such as “Temple Run 3”, “Subway Surfers 2”, “Travel Wallpapers”, etc., and each app has a different icon matching the name. Once they are installed, they start a hidden browsing session, load different porn websites and trick the user to click on ads. This way, the malware authors are collecting revenue.

google-play-fake-app

Avira Antivirus for Android detects the Trojan

Avira Virus Lab ensures that Avira Antivirus detects the Trojan and they explain how it is possible for the porn-clicker to trick Google’s filters:

suspicious-permissions

A common feature of the Clicker family is that it is requesting “draw over other apps” permissions.

“The Clicker Trojan is a family of Android Malware that poses as legitimate apps but once they are installed they click on Porn ads in the background,” said Mihai Grigorescu, Virus Analyst at Avira Protection Lab – ”They are present in Google Play as they have been able to bypass Google’s automatic filters as well as the human review process. Avira Antivirus is detecting the Trojan as Android/Clicker with subtypes like Android/Clicker.B, Android/Clicker.AC, etc. and we are successfully blocking it.”

This type of malware usually deletes the shortcut from the android main menu, so that it apears it is not installed. You can find it by going to Settings and then Applications and safely uninstall it from there.

Also, in order to spot these fake Apps, Avira advises Android users to check carefully the name of the publisher, the number of downloads, and the number of positive reviews. The more comments it has, the better. Otherwise, when you notice plenty of bad reviews for an app, it’s a suspicious sign and please inform our Virus Lab team about this.

Source : blog.avira.com

Avira Tech Support : Blog

KeRanger ransomware is now a menace for your Mac too

keranger-ransomware-attack-mac

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Mac computers were attacked by KeRanger ransomware

As you know, ransomware is one of the fastest-growing types of cyber threats. It attacks by encrypting data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data. According to security experts, cyber criminals manage to get from their victims hundreds of millions of dollars a year, especially by targeting Microsoft Windows operating system.  Now it looks like they have just expanded their horizons.

Ryan Olson (Palo Alto Threat Intelligence Director)  confirmed the “KeRanger” malware, which appeared on 4th of March, was the first functioning ransomware attacking Apple’s Mac computers.

“This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom,” said Olson in an interview for Reuters.

This time the attack vector was very specific since an affected user had to download a specific program which download website was compromised.

How did it happen?

Hackers infected Macs through a tainted copy of a popular program known as Transmission, which is used to transfer data through the BitTorrent peer-to-peer file sharing network, Palo Alto said on a blog article posted on Sunday afternoon.

When users downloaded version 2.90 of Transmission, which was released on Friday, their Macs were infected with the ransomware, the blog said.

Apple’s immediate intervention over the weekend

Apple  had taken steps over the weekend to prevent further infections by revoking a digital certificate that enabled the rogue software to install on Macs. Other details were not provided yet.

Transmission, also, responded by removing the malicious version of its software from its website. On Sunday it released a version that its website said automatically removes the ransomware from infected Macs. Transmission users were advised to immediately install the new update, version 2.92, if they suspected they might be infected.

How the ransomware acts after infecting your Mac

Palo Alto said on its blog that KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker’s server and start encrypting files so they cannot be accessed.

Once the encryption complete, KeRanger demands a ransom of 1 bitcoin, or about $400, the blog said.

Olson also mentioned that the victims whose machines were compromised but not cleaned up could start losing access to data on Monday, which is three days after the virus was loaded onto Transmission’s site.

Be safe under Avira’s umbrella right away

Our Free Antivirus for Mac is able to detect the new KeRanger ransomware on Apple computers. If you are already seeking for solutions to protect your Mac against ransomware attacks.

Source : blog.avira.com

Avira Tech Support : Blog

To get infected, follow the directions – Avira Support

install-avira-free-antivirus

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

The directions come as a zipped text file along with the Trojan downloader with the malware hiding on the recipient’s computer behind the standard icon for an Excel file. If the downloader does not automatically open or is stopped by the recipient’s antivirus software, the directions in the readme.txt give detailed directions how to execute that malware.

Here is a summary:

  • Just click to agree to everything: Double click on the extracted file. And from there, just click on “Agree” and then “Run”. For PCs with Windows 8 or the newer 10, click on “More Information” -> “Download anyway” at the standard SmartScreen warning.
  • Disable or turn off your antivirus or firewall: AVs and firewalls can block all files downloaded from the internet. If there are problems, add this file to the exceptions list and try again. Or, temporarily turn off the AV or firewall until the file has been downloaded.

“They really want to be sure that the user ‘properly’ gets infected,” pointed out Oscar Anduiza, malware analyst at Avira. “These directions are pretty much exactly 180 degrees off from what computer users should actually do.”

inside_zip

The readme.txt file is in standard, but slightly irregular German, but does not appear to be a machine translation. This indicates that the text has been written for the German mass-market but is probably also being distributed in other languages such as English.

malwarereadme

“This gives the cybercriminals a second chance at a successful installation, especially after the AV has blocked the initial attempt. This is an interesting social engineering trick, especially as the downloader and malware are not especially sophisticated,” added Anduiza.

ComodoIf users click, they begin an “installation process” that starts with a popup of suspicious root certificate. This official-looking certificate — apparently issued by COMODO — gives the issuers unlimited permission to make changes on the system, move freely past the firewall and circumvent the already installed AV.

The malware will download a malicious file that is copied to three places in the computer.  One of them is copied into the Startup folder, insuring that the malware will be executed every time the computer starts Windows.

c:\ProgramData\VCFKARJR.com
c:\Users\All Users\VCFKARJR.com
c:\Users\%user%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif

As of March 3, the installed malware was a banking Trojan that steals credentials and financial information. However, the precise link or new variants can be added by the cybercriminals at short notice. The current banking Trojans are covered by Avira detections.

Source : blog.avira.com

Avira Tech Support : Blog

Locky ransomware is dead, long live Locky

ransomware_is_dead_long_live_locky

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

The first wave of Locky has passed, but the ransomware is still being distributed globally and within the DACH region. While this secondary distribution seems to be smaller than the first wave, the financial success of this malware for its authors and distributors gives us some clues as to what features will likely be included in the NEXT rounds of malware. “Follow the money” was the key phrase in All the President’s Men, Robert Redford’s classic film on Watergate — and this very much applies to malware. These clues from Locky are a mix of technical, distribution, and operational features – and should be a warning for computer users and companies planning their defensive strategies.

1. Drive me baby – Locky encrypted all drives on computers and networks – even the unmapped drives and shares. This expanded reach for encryption is expected to be included in future ransomware variants.

Response: Have a solid backup plan in place, ideally with a cloud service, as they offer file versioning and rollbacks. For consumers, having a spare HDD/SSD for a local backup is fine – but only if the harddisk is disconnected after the backup is finished. This also protects the backup against damage from other dangers like lightning-caused electrical surges.

2. New money from old tricks – Locky went to work by directly using macros in Word documents – and also by tossing in a bit of social engineering to get document recipients to activate the macros. That is quite old school – but it worked and was profitable for the cybercriminals.

Response: While zero-day threats are sexy, don’t forget to do the basic protection against continuing vulnerabilities such as macro manipulation. Consider enabling only digitally signed Office macros and disabling the rest. For corporate networks, this can be done in a way where end users are not able to see this option.

3. What the FUD! – In the early moments of the Locky onslaught, security publications pointed out the low detection scores in VirusTotal by most antivirus companies. This is a valid – but incomplete – look at the situation. We consider Locky to be FUD-level malware (Fully Undetected Malware), which means that the malware files were “optimized” until no AV scanner detected them anymore. Cybercriminals are testing their malware samples against the publicly available detection in VirusTotal – or against private and internal testing systems that in a similar way. The low detection scores have to be read with caution. Only some of the AV firms have cloud detection or other advanced detection methods in their products enabled on VirusTotal – sometimes, just as in poker, it is better to not show your full capabilities.

Response: Be skeptical about everything and always keep your eyes open.

4. Wisdom from the cloud – Avira detects Locky on several layers within its cloud detection and analysis. At the Auto Dump layer, Locky is being detected after layers of obfuscation have been removed. In the Night Vision machine learning layer, files are scored according to around 7,000 features, allowing us to catch malware in a very efficient way. In case that other detection layers catch the malware first, the Night Vision system will dynamically learn about the sample within a few minutes, and subsequently cover variants of this malware sample. In addition, the cloud analysis is out of reach for the cybercriminals.

Response: For complete protection, make sure that the cloud protection in your AV is fully activated. We feel this is so important, we’ve automatically included our consumer users in the APC. Corporate clients must, for data protection issues, sign off that they approve the EULA before stepping into the APC.

Source : blog.avira.com

Avira Tech Support : Blog