LNK Files – Shortcuts to Faster Infections

lnk_shortcuts_system_drive

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

These shortcut files are actually called Shell link files. Microsoft filename extension: “.LNK”

Let’s dig a little deeper and check the typical properties of an example LNK file. Just right click on the shortcut and then select “Properties. There are now several options which can be changed. In this case we will focus on the “Target” field which contains the path to the application or folder.

“C:\Program Files (x86)\Avira\Avira Antivirus\avcenter.exe”

Looks easy, right? When you click on the shortcut it performs the command specified here. In this case our trusted Avira Antivirus is being launched. This is actually what you can expect and want when clicking on a shortcut.

Unfortunately these shortcut files also have drawbacks since you don’t know exactly what hides behind them without explicitly looking. At Avira we are currently seeing a trend that more and more malware threats are using this kind of propagation method. You can follow this and more trends by visiting our Avira Threats Landscape.

Malware authors are starting to use this method because nowadays most novice users might know that clicking on a suspicious executable file might be dangerous for their systems. But clicking on a shortcut is normally not associated with bad behavior.

I like to show you how malware is actually misusing the usually helpful LNK files by giving an example of an actual in-the-wild malware detection named: VBS/LNK.Jenxsus.Gen

This variant uses LNK files to spread an infection via removable drives. The trick is very simple since it actually creates shortcuts to your files and folders stored on the USB stick and then hides the originals from you.

Let’s see what a folder structure looks like once the USB drive is infected.

Folder View of an infected USB drive:

Folder View of an infected USB drive

Nothing unusual here at first glance, right? Except maybe that the icons have all a small arrow in the bottom left corner which indicates that they are actual shortcut files. But you can still access all your files and folders when clicking on them.

We will now take a closer look at what actually is hidden behind the shortcut files by telling the Windows Explorer that we want to see all “Hidden system files”

Directory view with “Hidden System files” shown.

Directory view with “Hidden System files” shown.

When we focus on the “avira-logo” you can see there are actually two files there. One is the LNK file and the highlighted one is the actual “hidden” jpg image file.

This means when you click on a trusted file on the USB drive you are actually clicking on the shortcut which will execute the following command stored inside the LNK target instead of just opening the image.

C:\WINDOWS\system32\cmd.exe /c start dlbfbiicvg.vbs&start avira-logo.jpg&exit

Target path of an infected LNK file.

What this command does is silently execute the malicious “dlbfbiicvg.vbs” via cmd.exe and then use the “start avira-logo.jpg” to open the file you clicked on to avoid any suspicion.

Additionally the malware also adds Run-Key entries to the Registry to infect other USB drives if they are plugged into the system.  This makes also sure that the malware gets executed with each system boot.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] dlbfbiicvg”=”wscript.exe //B \”C:\\DOCUME~1\\USERNAME\\LOCALS~1\\Temp\\dlbfbiicvg.vbs\””

Example of a malicious Run-Key added by the malware.

The filename and the Registry value of the Run-Key are always randomly generated by the malware on an infected system.

At last the malware can also deploy a backdoor on your computer to send out information about the operating system, sites you visited and so on.

USB drives are still popular because there are very convenient way to transfer large files from one location to another especially if you have limited internet bandwidth available.

So if you want to share some data with a family member or friend, be very careful when you plug-in your USB drive into an unprotected computer. Your USB drive might get infected or vice versa you could spread the infection from your USB drive to his computer.

Of course nobody has the time to check every shortcut this closely before clicking on it.

One easy solution is to use our Avira product which automatically scans for malicious content and will protect you from this kind of malware threat.

Source : blog.avira.com

Avira Tech Support : Blog

Sharing and the fine art of stopping malware

stop_malware_using_avira

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

There are an array of technical and business issues that have to be solved: What format do the files need to be in? Who pays for the bandwidth? And the list goes on and on.

Regardless of these technical issues, there are a number of advantages to sharing – particularly for the average computer user. This user – let’s call him Joe Six-Pack – gets much faster and deeper information about any potential threats than if he kept news of his malware misadventures all to himself.

Just from the perspective of Avira, cooperation has its organizational costs – but brings clear benefits down the road.

Avira was one of a “Gang of Five” security companies that set up MUTE, the Malware URL Tracking and Exchange back in 2008.

Avira web developers were volunteered by the company and shared their expertise to set up the backend infrastructure for the group’s members to combine and share their collections of malicious web addresses. The initial outline of Avira’s system specs could be placed on four PDF slides. Today, the system is far more complex and requires a whopping 44 slides to describe its operations. And that is not all of the sharing. Avira also founded VIREX, a web-based application for helping security analysts organize their bits and pieces of malicious code, clean samples, and URLs. Yes, Avira is proud of its sharing efforts.

But you could still ask, what does Avira get out of its investment in sharing — addition to fresher bits of malware? I can think of two primary benefits.

1. Greater back-office expertise in coordinating data flows.
2. Experience in collaborative working outside of the company environment.

Put these two advantages together and there is a third one:

3. Avira expertise that can fit under the banner of other companies as an OEM product.

That is exactly what we have done with the recently announced Lavasoft deal. We’ve licensed our new  Avira URL Cloud (MURL) and program classification service (AUC) to Lavasoft and they’ll  use this to beef up the security levels in their Ad-Aware Web Companion.

Sharing is a good thing – whether in a real or a virtual sandbox.  It makes life a better, richer, and yes, more secure experience.

Source : blog.avira.com

Avira Tech Support : Blog

Mac AV ready for OS X 10.11 alias El Capitan

Mac_Av_ElCapitan

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

 Codename: Made in California

Named after a vertical rock formation in Yosemite National Park, the latest version of operating system suggests that there are no major changes compared to the previous version of OS owing to the close geographical proximity of their names.

This is probably true, as long as you’re talking about the small changes to the design or the improvements to window management and the integrated apps. Lift the hood though, and you’ll see Apple has prepared an OS upgrade that is designed to offer stability and security with performance enhancements and Rootless mode, which protects system-critical files from being written to even by the root user.

Apple shows openness regarding update policy

Apple changed its update strategy right from OS X Mavericks and now issues its new OS X versions free each year. Ever since OS X Yosemite, the OS Developer Preview which accompanies Apple’s annual keynote has also been followed by a public beta which gives every  interested user access to the latest OS X version. This increases pressure on developers as nobody wants to deal with the shame of having a substandard program that attracts bad press.

At Avira, we not only follow the keynote on our screens with a huge amount of excitement – we also test the Developer Preview the very next day with our Mac AV product to give recommendations to the tech-savvy users of our products as soon as possible. Testing Developer Previews in good time is just as essential as resolving any issues. Precisely this needed to be done the last time OS X Yosemite was updated.

With this update, Apple made it mandatory to sign kernel extensions. The kernel extension of Mac AV was affected. This makes real-time protection possible, and it just refused to work. You’d think it’d be as easy as signing the kernel extension and sending it off to the customer, wouldn’t you? Well, it didn’t turn out to be as straightforward as that.

The development cycle

This is because quite a bit of time passes from the moment a developer starts to update the source code until an update is released to the customer. First, development takes place in a two-week rhythm. This results in an improved product that can pass the test-automation process – during which the product is really put through its paces. Following that, it is presented internally at Avira and handed over to the Avira Beta Center the very same day.

The Beta Center is a curious place where volunteers try out Avira’s latest products and provide qualitative feedback to support our developers in improving our product. If you’re interested in contributing toward improving Mac AV, please sign up – we’ll take all your feedback on board.

Following the two-week beta phase, we usually let the product rest for a further week before releasing it to the end customer at the end of the three-week development period. That’s the theory anyway. As we’re also still in a development phase, this period may extend to five weeks.

Talking about the current example of the public beta of OS X El Capitan, things are getting a bit tight. As the initial Developer Preview released on June 8 was followed four weeks later by the public beta, and as our Mac AV product entered beta testing on July 15, this meant a week had already passed since the public beta of El Capitan appeared until we were able to provide a copy of Mac AV to our tech-savvy users with a clear conscience that it also ran on Apple’s beta version. For everyone else, this version will be issued three weeks later on August 4.

Mac AV OS X 10.11

Ready for fall release

We are well prepared to deal with any eventuality in advance of this fall’s wide-scale roll out of OS X El Capitan . If you want to take part in Apple’s public beta or are interested in product development, we recommend joining the Beta Center to ensure maximum compatibility with Apple’s beta versions.

Source : blog.avira.com

Avira Tech Support : Blog

Avira Threats Landscape: Visualizing threats for you

avira_threats_landscape

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

Every day, thousands of different malicious programs are trying to infect as many devices as possible. The goal is the same for all of them: Get your data and if possible your money as well.

We have always been the firsts to learn about the threats that loom over every owner of a PC, Mac, tablet, or smartphone, but us having all the insights is not enough. While studying threats, keeping an eye on where they appear, and adapting our programs accordingly makes sure we keep our users as safe as possible, it’s still complicated to explain to the rest of the world why being protected is that important.

Sure, one reads about the newest threats, but only other people are affected by them, right? Especially big companies or governmental institutions seem to be the targets, so why bother at all. And that is where people are wrong. While the media most often talks about high profile cases, everyone else is at risk just as well! Every day there are millions of threats which have only one goal, namely to infect your devices. Be it your smartphone, laptop, Mac or PC – each and every one of them is at risk. Just think about the latest iOS and OS X exploits or the different ways cyber criminals try to gain control over what’s on your computer.

In order to make our point we decided to share our insights with you in form of an interactive map. Our Avira Threats Landscape allows you to not only see which countries are the top targeted ones but also which threats are popping up the most and how many threats were detected in your country. Take a look at it, you won’t regret it. And when you see just how far reaching and widespread those threats are, make sure to warn your family and friends as well.  The most important thing though: Stay protected!

Source : blog.avira.com

Avira Tech Support : Blog

Regin: Is Government Malware Stoppable After All?

avira-antivirus-suite-malware-url-blocked

Tags :- Avira Tech Support | Avira Support NumberAvira Refund.

What is Regin?

According to Virus Bulletin, we are looking at a multi-staged threat (like Stuxnet) that uses a modular approach (like Flame), a combination that makes it one of the most advanced threats ever detected. Researches show that Regin has been used in espionage campaigns for the last 6 years. This sophisticated backdoor Trojan affects Microsoft Windows NT, 2000, XP, Vista, and 7 and it is able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization.

Regin mainly affects companies, research institutes, governmental organizations, and individuals who have access to networks of special interest. This is why Avira has worked together with the German Federal Office for Information Security (BSI) to add new Regin detection routines to the widely implemented and proven tool Avira PC Cleaner.

How can the Avira PC Cleaner help me?

The tool can now detect the identifiable elements of Regin and remove them from the infected system. “PC Cleaner came about as a result of the German anti-botnet “botfrei.de” initiative which is backed by the BSI. The software was also further developed with the support and know-how of the BSI. Users now have an easy-to-use tool available to them which can track down Regin malware”, explains Dr. Dirk Häger, head of operational network defense at the BSI. If PC Cleaner detects Regin, the affected system can be cleansed and the relevant files quarantined. Even after a successful system cleanup, it is worthwhile running further scans to make absolutely sure that Regin has not infiltrated other areas of the network. This also makes PC Cleaner an early warning tool. If Regin is detected, affected organizations should definitely think about taking further steps to protect their IT infrastructure.

The really unique feature about Avira PC Cleaner is that it doesn’t need to be installed. This means there are no conflicts with other vendors’ antivirus solutions installed on the computer. As such, PC Cleaner gives users the chance to get a second opinion. This is why it is also called a 2nd opinion scanner, although it isn’t a replacement for a fully-fledged antivirus solution. As a result, PC Cleaner is ideal for detecting Regin and for checking the computer for any other malicious software. It is based on the proven malware detection capabilities of Avira antivirus solutions of which there are millions of installs.

Source : blog.avira.com

Avira Tech Support : Blog