Is Government Malware unstoppable?

government-malware

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

What is Regin?

According to Virus Bulletin, we are looking at a multi-staged threat (like Stuxnet) that uses a modular approach (like Flame), a combination that makes it one of the most advanced threats ever detected. Researches show that Regin has been used in espionage campaigns for the last 6 years. This sophisticated backdoor Trojan affects Microsoft Windows NT, 2000, XP, Vista, and 7 and it is able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization.

Protection against government malware

In this context, we would like to remind our users that Avira is a founding member of IT Security made in Germany and we pride on providing our customers a guarantee of Quality and Reliability.

We thus committed ourselves, among other things, to:

  • Exclusively provide IT security solutions no other third party can access.
  • Offer products that do not cause the transmission of crypto keys, parts of keys or access recognition.
  • Eliminate vulnerabilities or avoidance methods for access control systems as fast as possible once detected.

Additionally, we would like to clarify our standpoint on malware developed by government. Whenever we discover a new piece of malware, we are adding detection for this for all of our customers, regardless of the source of the malware. It is the case for recently discovered Regin as well, since our Antivirus products already detect all known Reging samples.

We strongly believe that no malware is unstoppable, not even government malware. Users need to make sure that they are protecting all of their digital devices with the latest technology, keeping their operating system, 3rd party applications and of course their antivirus software up-to-date.

Source : blog.avira.com

Avira Tech Support : Blog

How to safely access the Internet while on vacation

phantom-VPN-PR-BLOG

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Posting your latest vacation photos to Facebook whenever you want is easy to do now even while abroad, especially as the EU has now capped roaming costs in Europe. Maximum price caps for data roaming have been introduced at 23 euro cents per Megabyte, with an automatic cost-brake kicking in to cut off the mobile Internet connection once the limit of 59.90 euros per month has been reached. That said, roaming charges further afield can be much higher, with costs varying depending on the cellular network provider even in a few European countries like Switzerland. You really need to know the terms of your cell phone contract, even if you only want to connect to the Internet occasionally to, for example, retrieve the weather forecast. Most installed apps communicate constantly with the Internet in the background; they also collect data, send location information, and attempt to download and install their latest versions. What’s more, it’s tedious and sometimes completely impossible to deactivate these resource-hungry apps.

Protect your wallet
The best thing to do is to contact your network provider before going on vacation, as contracts are not always clear and transparent – especially those notorious bundle deals which combine SMS, talk-time, and data allowances. If you use up your allowance for data and you’re still in credit in terms of your SMS and talk-time allowances, the bundle offer remains valid, but data is charged at a much higher standard price. In such cases, it makes more sense to buy a temporary international roaming bundle. Many providers offer these and they often include cheap-rate talk-time and SMS allowances. You can now also do this while abroad. They will send you information on the current tariff conditions when you first register with the foreign network and provide you with updated conditions afterwards.

Monitor your usage
Knowledge is power, and that also applies to the costs you accumulate. Many providers offer an app which lets you see how much you’ll be charged for the talk-time you’ve used. This lets you pull the emergency brake and deactivate the mobile data connection if it gets too expensive. Another option is to use your precious data resources more economically. Opera and Chrome browsers let you compress websites before you download them, resulting in data savings of 80 to 90%. However, this method has one disadvantage: since Opera and Google servers compress the data, they can tell which websites you’ve been visiting.

Pros and cons of WiFi hotspots
Privacy and data security are important vacation topics anyway. WiFi hotspots are often used to connect cheaply to the Internet. One global company offering access is Fon, which says it has over 13 million hotspots worldwide at around 3 US dollars per day to use. This would pave the way for unrestricted surfing, were it not for one or two digital threats lurking around every corner. WiFi hotspots are notorious for their lax security. Anyone can see the wireless signals, with communication often continuing over an unsecured connection once the user has logged in. The user has no influence on this as the hotspot provider defines how the connection is secured. What’s more, anyone who has access to the hotspot provider’s Wi-Fi network and is near the hotspot can see the data.

Best approach for now
The easiest way to avoid such risks is to use a Virtual Private Network (VPN). This encrypted tunnel protects information right from the start to the end of its transfer. To use it, you need to have software installed on your mobile phone, tablet or notebook and a node which creates the tunnel only after you have logged in correctly. Companies like OpenVPN and Hotspot Shield offer free or reasonably priced VPN connections. These types of connection are merely a restricted type of VPN where the connection between the device and the server is secured by the provider; after that, data packets escape into the Internet unencrypted. Despite this, at least third parties in the direct vicinity of the hotspot cannot eavesdrop on the network connection. That said, the question remains as to whether the VPN provider handles the information with due care; after all, it can read all the data as plain, unencrypted text.

Public PCs at hotel or Internet cafes can be extremely dangerous to use while on vacation. The computers are often infected with viruses and Trojans that log key strokes (with spyware known as ‘keyloggers’) to intercept your private data. If you absolutely need to transfer sensitive information using such a device, you should take a secure operating system environment with you on a DVD or write-protected USB stick and use this to boot the computer.

The best thing to do is to send as little personal information as possible over an unsecured connection while on vacation. In addition, you should enable the firewall on your device and install the latest version of a security software solution such as Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus (also available for iOS & Android).

Source : blog.avira.com

Avira Tech Support : Blog

Expanding your security zone: Being online while traveling

online-traveling

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

It’s been a few years now since Internet connections were limited to homes and offices. Cheap mobile flat-rates are your permanent link to Facebook, Twitter, and emails. And when you can’t connect for cost reasons or due to poor reception, WiFi hotspots are increasingly available at many central locations. German telecoms operator Deutsche Telekom, for instance, plans to expand its network of WiFi hotspots to 2.5 million access points by the end of 2016. And when the legal risks are eliminated in Germany with the amendment of the Duty of Care Act, more private access points will be available again. This would pave the way for unrestricted surfing enjoyment were it not for one or two other digital threats lurking around every corner.

Major weakness in public WiFi
Hotspots in particular are notorious for their lax security. Anyone can see the wireless signals between the device and the hotspot’s access point. Communication often continues via an unsecured connection even after the user has logged in, which must also be carried out unencrypted. Anyone with a notebook and the right software sitting anywhere within a range of a few dozen meters can then read whatever data you and the world are exchanging. As a user, you have no influence over whether and how the provider encrypts wireless traffic. Even when data packets between device and Wi-Fi router are encrypted, it only helps guard against the unwanted eavesdropper at the neighboring table. Every piece of information is still directly readable on the router and all Internet nodes behind it.

How to secure your data on public WiFi
To ensure your data stays private, you’ll need to encrypt it. You can do this in a variety of ways that we’ll look at now. Emails can be protected using special encryption programs like EnigMail or GnuPG. While installing them isn’t always easy for total novices, when the system’s up and running anyone can use it. There are also a few web-mail services offering encryption under the “E-mail Made in Germany” initiative. You can also secure all your browser activities. Secure Sockets Layer (SSL), usually identifiable by the little padlock icon in the address bar, protects the data transferred between Firefox, Internet Explorer or Chrome and the node on the Internet. You just need to access a website starting with https://… instead of http://. Plug-ins for many browsers can also take care of this automatically if required, such as HTTPS Everywhere for Firefox and Chrome.

Instead of securing each application separately you can also secure all data traffic, from the start until the end of transfer, by using a virtual private network (VPN). Companies usually install a VPN on users’ devices that they use for business. Private users too can protect their privacy using a VPN. To use it, you need to have software installed on your smartphone, tablet or notebook and a node which creates the tunnel only after you have logged in correctly. Countless companies like OpenVPN and Hotspot Shield offer free or reasonably priced VPN connections. These types of connection are only one narrow type of VPN where the connection between the device and the server is secured by the provider; after that, data packets escape into the Internet unencrypted. Despite this, at least third parties (e.g. hackers) in the direct vicinity of the hotspot cannot eavesdrop on your network connection.

The risks are more manageable if you log into the Internet using a cellular network data connection. The data between the device and the cellular network provider’s base station is encrypted and not shared with other users. This means snoopers who are standing nearby won’t be able to eavesdrop on the connection. That said, as soon as the data leaves the base station, it is, in principle, freely readable again. Here too, only a VPN will protect information right from the start until the end of its transfer.

Encryption also becomes a key consideration if you use cloud services. Whether you use OneDrive from Microsoft, Google Drive, Dropbox or Wuala – in principle, all of these online storage providers have access to every file stored in the cloud. The only thing that will help here is to encrypt the data on the device itself before sending it to the cloud. In the past, it was possible to recommend TrueCrypt as a secure encryption software solution. However, after its development came to a somewhat unclear stop, it is questionable whether the software isn’t a backdoor for intelligence services. Possible alternatives, for which security questions still remain, include AxCrypt, BlowFish Advanced, GnuPT/GnuPG, and Gpg4Win. Boxcryptor even explicitly supports all major cloud storage services, making the job easy. By the way, if you don’t want to put the effort into encrypting files and emails, you should at least secure your passwords, PINs, and TANs. Password safes like KeePass are easy to use, available for many operating systems, and are the better alternative to Post-it notes kept stashed beneath your keyboard. In addition, you should always enable the firewall on your device and install the latest version of a security software solution such as Avira Antivirus Pro, Avira Internet Security Suite or Avira Free Antivirus.

Safeguarding the dilemma of small size
The sheer portability of tablets, phablets, and smartphones also has a down side: What fits easily into your pocket will also fit easily into someone else’s. The loss or theft of portable devices has been on the rise for many years owing to the value of these prestigious digital objects. You’re limited in what you can do to protect yourself against this. If you’re traveling and distracted even for a brief moment while sitting at a table, you won’t notice that lightning-fast grab which leaves you deviceless. To ensure that the most you lose is only the device itself, you should keep an up-to-date backup of your data. In this respect, cloud services are perfect – provided the data is encrypted. Other important countermeasures include adequately long log-in codes or PINs as well as software like Avira Android Antivirus Security, which helps you find and track your smartphone or tablet again, or at least wipe the data on it remotely and make the device unusable for the thief.

Source : blog.avira.com

Avira Tech Support : Blog

Bad Rabbit – the not so cute ransomware

bad-rabbit-ransomware

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Yesterday, Avira labs recognized an attack by a new ransomware variant called Bad Rabbit. It is the typical file cryptor that will make all your personal files unreadable and will force you to pay a ransom for decrypting them. It overwrites the MBR file to deliver this message to the victim after the computer reboots.

Bad Rabbit - the not so cute ransomware - in-post

This threat comes to the victim’s computer as a drive-by-attack. We’ve identified the payload as being downloaded from h(tt)p://1dnscontrol(.)com/flash_install.php behind. It seems that for this attack, the criminals have not gone for an ordinary phishing attack (where the payload is mostly attached) but instead more likely used a malicious advertising banner or hacked website.

They haven’t chosen phishing for spreading the infection but they have used another famous social engineering method to get on the user’s computer. The dropped file needs to be executed by the user with admin rights to work. So, they probably decided that hiding it as a Flash Player installer was the best method. Recently we have seen quite often type of malvertising (a combination of malware and advertising) where you might need to install Flash Player first before watching the banner. Many people click daily on a fake Flash Player icon thinking that it is a new update:

  
If the malicious fake Flash Player is executed it drops the malicious DLL as C:\Windows\infpub.dat. This is launched using rundll32 and it drops a dispci.exe (the file decoder) and a cscc.dat (utility tool) file into the windows folder (c:\windows). In parallel, it also tries to spread these files on related computers in the network via brute forcing the administrative shares (\\computername\admin$) with a list of hardcoded credentials (e.g. sex, qwe123, qwe321, …)

For the dropped files in the Windows folder, it creates three task jobs.

It is interesting here to notice how the cybercriminals label the task job names because “Drogon”, “Rhaegal” and “Viserion” are dragons from the world-famous Game of Thrones series. But not only those ones. They also use the name of another character, “GrayWorm”, as the product name for the exe file. It is not the first time that the criminals mix popular culture icons with malware as we have seen before with Mr. Robot, James Bond, Pokemon, and much more.

This ransomware also has some special techniques to avoid leaving traces behind after the infection. One interesting method is deleting the usn journal.

Fsutil.exe usn deletejournal /D c: provides the solution to delete the journal cache. The cache detects, among other things, what changes have been made in a file after an encryption. In this way, only the cybercriminals (or anyone) can keep this information.

The file decoder sheds a light on what kinds of users the cybercriminals would like to target if you look at the list of file types.

It especially checks for filetypes of Virtual machines (e.g. vhdx, vmdk, vbox,…). This means they are also targeting the corporate arena and not just the “home user”.

The file decoder gives us an insight into what would happen on the victim’s computers’ if he paid the ransom.

The user should disable their antivirus or anti-malware program and should click on the decryption.lnk on the desktop. Additionally, after the files are decrypted, the filecoder plus the created task will be deleted from the system. Anyway, we recommend never to follow these instructions from cybercriminals.

The camouflaged file cscc.dat is originally a sys file which is part of the open encryption solution called “DiskCryptor” used by the ransomware.

This encryption method doesn’t change the file extension like many other file encryptors such as Locky. It remains the same but appends a string at the end of the file where “encrypted” can be read.

This time, it looks like the criminals spent more time creating the onion link page. It even has a loading animation of a decryption.

But don’t worry, Avira is already protecting you against this ransomware.

Source : blog.avira.com

Avira Tech Support : Blog

Support Scam: Your browser has been locked for support (that you just don’t want)

support-scam

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

With viewers’ browsers as a target, online scareware/scam pop-ups keep spiking in early August. The typical message for the latest wave of scareware promises users that the website has updated browser support and that these users need some special help to get back online. Along with this message, the scam often maximizes the browser and makes it impossible for the user to close it or click anywhere else.

We call it a support scam. The notices claim to have a malware infection or similar and try to scare the user with this news. These pages are absolutely annoying for the customer. While some may not be directly harmful, others redirect users to adware applications. — Oscar Anduiza, malware analyst at Avira.

The newest wave of support scam has the Avira Protection Services racking up over a hundred thousand new detections daily in early August. 

Crossing the grey line

While support scam can appear out of nowhere if you surf to “normal” sites it most often happens in the grey zone where users are streaming online content that may or may not be completely legal.

We see this more commonly in the grey/dark zone. Especially with the illegal movie and TV streams that are streaming copyrighted content like Game of Thrones, and on some porn sites.  — Oscar Anduiza, malware analyst at Avira.

Most of them are related to some kind of advertisement redirection or pop-up.

Keeping that browser clean 

Even if not visiting illicit streaming sites, there is a chance that a service scam will be encountered. However, staying secure is not too complicated.

  • Have an Antivirus installed and up-to-date. This will help ID and stop any additional malware from being bundled with the service scam.
  • Listen to your Antivirus. If the Antivirus signals that something is not quite right – even if it messes up that streaming experience – listen to it.
  • Stay updated. Think of it as a vaccination. The more up-to-date your device is, the less apt you are to catch something nasty.

Source : blog.avira.com

Avira Tech Support : Blog

Back in Black malware at your power company could put out the lights

crashoverride-malware

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Malware can do more than just hold up your device for ransom; they just might flip off the electrical power switch for an entire city. New malware is targeting the power grid infrastructure, say analysts, and this first attack is likely just a taste of what could come in the future.

The malware, called Industroyer or Crash Override, came into view in late 2016 when it knocked about 700,000 homes off the grid for few hours outside the Ukrainian city of Kiev. And that’s the good news. The bad news is that this malware knows its way around the power grid, can send out malicious commands to mission-critical equipment, and once configured and deployed, can be scaled out without direct hacker involvement.

There’s a SCADA in the lightswitch

This attack targeted several SCADA protocols used in Europe. SCADA, short for Supervisory Control and Data Acquisition, is the system of hardware and software controls behind almost every industrial process. Once activated, the Crash Override malware cycles through a range of circuit-breaker addresses, trips them, then repeats the process.

Malware targeting SCADA was not a big surprise. With origins dating back to intersection of manual controls and mainframe computers – it has been described as “insecure by design” by experts. Efforts to make SCADA more secure are something like putting a band-aid on a chest wound.

Following an even earlier hacker attack (also in Ukraine) on the power grid, the industry has taken a two-pronged approach: trying to prevent attacks and, almost more importantly, getting quickly back online afterwards.

Tidy hackers at work

Investigators aren’t exactly sure who wrote this malware – although some fingers are pointing towards Russia. What they are sure of is that these hackers did tidy work – without recycling old code or leaving digital fingerprints behind – and that more events are coming. There simply have been too many resources invested in creating this malware for this to be a one-off event. Besides, the malware has additional features and payloads not even activated this time. Investigators have raised the specter that this attack was just a POC (Proof of Concept) for getting the bugs ironed out of the malicious software before they move on to a real target.

Electrifying points to consider

Most people, myself included, are absolute strangers to the intricacies of high voltage systems. However, there are three points from this event that are applicable to everyone online.

  1. It can happen to you – The simple awareness that bad things can indeed happen is critical – for both power managers and individuals.
  2. Be prepared for bad events – Preventing or reducing the damage means having an action plan prepared. For this malware, Dragos recommended having robust backups of engineering files. For the average computer user, preparation should mean a combination of having files backed up, antivirus software in place, and software fully updated.
  3. Stay involved – “Human defenders are required” is the last line of the Dragos report. This is true for your online security. The best defense against a social engineering or customized spear-phishing attack is you.

Source : blog.avira.com

Avira Tech Support : Blog

Worldwide botnet Avalanche smashed

botnet-avalanche-smashed

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

According to Europol, victims of malware infections were identified in over 180 countries. The monetary losses associated with malware attacks conducted through the Avalanche botnet are estimated to be in the hundreds of millions of euros worldwide. Computer users can check their devices with the Avira PC Cleanerto see whether their device was infected and part of the botnet. The free tool scans the computer and removes the malicious software. Users who already use Avira anti-virus software are protected against the botnet.

Within the Avalanche botnet, a total of 20 different botnets have been identified. The targeted activity of the international criminal gang was distributing spam and phishing e-mails, as well as spreading ransomware and banking Trojans for tapping account and transaction data as well as stealing passwords.

To play safe: what PC users should do now

Check and clean the PC

If you do not have an anti-virus software installed, you should check your computer for a possible infection using, for example, the free Avira PC Cleaner. If the computer is infected, Avira PC Cleaner will remove the Avalanche botnet code. Avira PC Cleaner also detects if other malicious software is on the computer and will also remove it as well.

If you already have an anti-virus software installed and want to be safe, you can also use Avira PC Cleaner as a “second opinion” to check your system.

Change passwords

After cleaning your PC, change all passwords for online banking/shopping, payment services, e-mail, social networks, and other applications.

Check the Windows security settings

Open the maintenance center via Start -> Run -> wscui.cpl and check that the network firewall, antivirus, spyware protection, and Internet security are all fully active.

Install antivirus software

To protect against future cyber attacks, we recommend installing an antivirus software. With the free Avira Free Security Suite, your PC is reliably protected against botnets and a wide assortment of malicious software. In addition, you can optimize PC performance and securely surf through a VPN client in public Wi-Fis.

 Source : blog.avira.com

Avira Tech Support : Blog

Gooligan steals more than 1m Google accounts

gooligan-steals-google-accounts

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

You may have read or heard about an Android malware attack campaign named Gooligan.

What is Gooligan about?

The main purpose of Gooligan is to steal Google accounts from devices with Android 4 (Jelly Bean, KitKat) and 5 (Lollipop). Later these accounts are used to promote, rate, and download apps from the Google Play Store – making it a huge advertising fraud scheme. Gooligan roots infected devices and steals authentication tokens that can be used to access data from Google Play, Gmail, Google Photos, Google Docs, G Suite, Google Drive, and more.

That vulnerabilities are used for exploiting a mobile device and putting malicious programs on it, it isn’t something special. It’s a very popular method to compromise a system. And that’s the reason why protecting and updating your system is so important in our digital life. — Mikel Echevarria Lizarraga, Malware Analyst at the Virus Lab at Avira.

According to Checkpoint there are more than 80 malicious Gooligan apps. These apps have stolen more than 1 million Google accounts – and the number is increasing by 13,000 accounts per day!

Google’s director for Android security already published a statement on Google+:

Several Ghost Push variants use publicly known vulnerabilities that are unpatched on older devices to gain privileges that allow them to install applications without user consent. In the last few weeks, we’ve worked closely with Check Point, a cyber security company, to investigate and protect users from one of these variants. Nicknamed ‘Gooligan’, this variant used Google credentials on older versions of Android to generate fraudulent installs of other apps. — Adrian Ludwig, Google’s director of Android Security

Where do these apps come from?

The apps are found in 3rd parties stores, a fact that many may see as a relief. But it’s not! Users can be redirected to these apps while browsing the net and then be asked to install them – and a lot of them do.

Checkpoint states that 57% of the infected devices were detected in Asia. We recommend you to not relax or get comfortable nonetheless because this doesn’t mean that just Asia is being affected by “untrusted” download stores. Untrusted download stores are everywhere, they’re a dime a dozen on the internet. So if you are using other stores beside Google Play you will increase your risk for being affected – no matter if you’re in Asia or not.

We have your back!

Avira free Antivirus for Android has already been protecting you against this threat for several months. Download the app on Google’s Play Store for free!

We also recommend to check the configuration of your Android device, inside the settings > security menu. The options “Unknown sources” and “Verify apps” should be enabled by default. This will avoid the accidental installation of these malware applications.

Source : blog.avira.com

Avira Tech Support : Blog

Malware: Just believe and follow our directions

avira_visual_2018_technology

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

It all starts when the computer user opens the attached .zip file and executes the excel icon file inside. This kicks off an “installation process” that has the popup warning of a suspicious root certificate from the “COMODO Certification Authority” flashing by in less than a second. It’s just like the best of Dr. Who – blink and you will miss it – no additional help needed. But there is a problem with this certificate: It’s not from Comodo.

Name recognition counts

“The Comodo name is well known and just does not look suspicious on certificates,” explains Oscar Anduiza, malware analyst at Avira.

Self-issued root certificateComodo is the largest Certificate Authority(CA), one of the global “trust anchors” at the top of the “chain of trust” charged with verifying identities and levels of authorization.

But, this certificate is self-signed by the issuers –  not Comodo. Self-signed certificates are equivalent to a schoolyard know-it all’s statement: “It’s good because I said so. Don’t ask questions, everything will be just fine.” The email address listed on the certificate is me@myhost.mydomain.***. And, a root certificate is a carte blanche that empowers the issuer to do almost anything to the computer – very useful for data-stealing malware.

Spoofed information about the issuer

The spoof continues on other certificate tabs, making it appear that their certificate comes from Comodo, despite it being self-issued from someone else. “Instructions on how to do this are easily obtainable on the internet – from official and other sources,” he adds.

Just follow the directions

In case the downloader does not automatically open or is stopped by the recipient’s antivirus software, this malware comes with directions that can cure that problem. The directions come as a inside_zipzipped “readme.txt” file alongside the Trojan downloader. They give computer users detailed directions how to execute that malware.

readme installation text

Here is a summary:

  • Just click to agree to everything: Double click on the extracted file. And from there, just click on “Agree” and then “Run”. For PCs with Windows 8 or the newer 10, click on “More Information” -> “Download anyway” at the standard SmartScreen warning.
  • Disable or turn off your antivirus or firewall: AVs and firewalls can block all files downloaded from the internet. If there are problems, add this file to the exceptions list and try again. Or, temporarily turn off the AV or firewall until the file has been downloaded.

“They really want to be sure that the user ‘properly’ gets infected,” says Anduiza. “These directions are pretty much exactly 180 degrees off from what computer users should actually do.”

The readme.txt file is in standard, but slightly irregular German, but does not appear to be a machine translation. This indicates that the text has been written for the German mass-market but is probably also being distributed in other languages such as English.

“This gives the cybercriminals a second chance at a successful installation, especially after the AV has blocked the initial attempt,” he points out. “This is an interesting social engineering trick, especially as the downloader and malware are not especially sophisticated.”

Start me up with malware

The malware downloads a malicious file from a compromised URL hxxp://lebensbau.de/%%/dftrxtretxetxer.exe. The file that is copied to three places in the computer, one of which is the Startup folder, insuring the malware will be executed every time the computer starts Windows.

  • c:\ProgramData\VCFKARJR.com
  • c:\Users\All Users\VCFKARJR.com
  • c:\Users\%user%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\system.pif

As of early March, the installed malware was a banking Trojan that steals credentials and financial information. This downloaded malware is detected by Avira as TR/Crypt.XPack.xxx by Avira.

Source : blog.avira.com

Avira Tech Support : Blog

Avira now identifies SilverPush ad-tracking as malware

silver_plus_avira

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Even worse, they are doing it right in front of you – but you don’t know it.

Welcome to the world of cross-device tracking where the only thing you have to lose is your privacy as an autonomous human being.

This is no nightmare futuristic scenario, it is now. But it does not have to be for people using Avira antivirus software.  Avira, the German security company, now detects the SilverPush tracking software as Trojan malware.

Devices running Avira security software will now warn users if this software is present or about to be downloaded. If the software is already present, Avira will either remove or block it from operating. The new detection will protect the millions using Avira security software or the Avira anti-malware engine in their device.

SilverPushThe SilverPush technology enables advertisers to put an ultrasonic “sound beacon” signal into TV commercials which people can’t hear – but their devices can. This signal can be heard by apps which have SilverPush software – and they respond with a message sent back to SilverPush – identifying where the ad was seen and the precise broadcast channel. That’s just the start: The message also identifies the exact ID of the device, the Wi-Fi router MAC address, details about the device’s operating system, and best of all – the user’s phone number.

After putting the pieces together, SilverPush and its clients can have a very detailed portrait of the end consumer preferences. It’s a marketing dream – a technology that enables cross-device tracking and targeted ads – but who is taking care of the user and their need for privacy?

“What user privacy?—and this is a big, big problem for us,” says Travis Witteveen, CEO of AVIRA. “The functionality of the SilverPush software is way out of line for a legitimate advertising software development kit – given the way this software sucks up data on the individual user, the extent of this data, and the insecure transport of this data back to SilverPush – so we are now detecting this as a Trojan.”

Analysis from the Avira Virus Lab shows the detailed level of user data sucked up and broadcast by SilverPush. “They even transmit the user’s phone number – which is certainly classified as personally identifiable information … along with other data like the device’s IMEI or MAC address – details which identify the individual device,” pointed out Mr. Witteveen. “With this amount of data, SilverPush could order and deliver a pizza for viewers when they sit down to watch a Western on TV.”

SilverPush is not the only tech firm working on cross-device tracking. Others active in this area include Adobe, Drawbridge, and Flurry. But thanks to the way SilverPush sucks in and handles user data, they have been at the center of a media storm involving the US Federal Trade Commission and its review of cross-device tracking of users by marketing firms.

“The best solution is increased transparency and a robust and meaningful opt-out system. If cross-device tracking companies cannot give users these types of notice and control, they should not engage in cross-device tracking,” stated the Center for Democracy & Technology, an American advocacy group for internet privacy in a letter to the FTC.

At Avira, we agree with this position. And until these details are figured out, we will identify SilverPush for what it is. As the CDT has pointed out in the same letter, privacy is important and recent polls show that 91% of Americans feel like they have lost control over the way their personal data is being collected and used.

Source : blog.avira.com

Avira Tech Support : Blog