Home Tags Header

Tag: Header

Hajime, the mysterious evolving botnet

Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks.
In this blogpost we outline some of the recent ‘improvements’ to Hajime, some techniques that haven’t been made public, and some statistics about infected IoT devices.

Personalized Spam and Phishing

Lately we have been noticing an opposite tendency occurring quite often, wherein fraud becomes personalized and spammers invent new methods to persuade the recipient that the message is addressed personally to him.

Thus, in the malicious mailing that we discovered last month, spammers used the actual postal addresses of the recipients in messages to make them seem as credible as possible.

Unraveling the Lamberts Toolkit

The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008.

The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

VU#834067: Apache Struts 2 is vulnerable to remote code execution

Apache Struts,versions 2.3.5 - 2.3.31 and 2.5 - 2.5.10,is vulnerable to code injection leading to remote code execution(RCE).

Now’s the time to get caught up on Windows and Office...

There were almost no patches from Microsoft in February, and the ones that were released haven’t caused any problems.
So it makes a lot of sense to apply those few patches now, since… who knows what could happen next.A tiny Windows 7 security patch was released in January, and there were no Windows 7 patches at all in February. Meanwhile, the list of problems is growing; two zero-day exploits in IE and Edge were confirmed in February—the gdi32.dll heap boundary error and the CSS token sequence/JavaScript table header bug.

The vulnerability that caused SMBv3 protocol crashes hasn’t been fixed, either. So there is likely a lot of stuff ready to hit the fan.To read this article in full or to leave a comment, please click here

Google reports “high-severity” bug in Edge/IE, no patch available

String of unpatched security flaws comes after February Patch Tuesday was canceled.

Cisco Secure Access Control System XML External Entity Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulner...

Cisco AsyncOS Software for Cisco ESA and Cisco WSA Filtering Bypass...

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to by...

KopiLuwak: A New JavaScript Payload from Turla

A new, unique JavaScript payload is now being used by Turla in targeted attacks.

This new payload, dubbed KopiLuwak, is being delivered using embedded macros within Office documents.

AVG AntiVirus Free (2017)

Everybody needs antivirus protection. Everybody! And I don't mean the antivirus built into Windows—it just doesn't measure up. Fortunately, you can get that protection without spending a penny. AVG AntiVirus Free (2017) looks a bit different from its previous edition, and it includes some new technologies. In our own tests and tests by the independent labs, it earned very good scores.

Last year, Avast acquired AVG, but fans of either company needn't worry, as both product lines continue their separate existence. Why would a company want to acquire such a similar competitor? Both AVG and Avast have huge followings, but globally each is strong in different areas. The combined company has a worldwide reach.

Of course, AVG only makes money if somebody purchases the for-pay security suite. There's a certain amount of upsell when you go to install the free antivirus, but it's much more laid back than, for example, Comodo. You can choose the free antivirus or start a 30-day free trial of the suite. You don't have to enter a credit card, and if you do nothing, at the end of the trial it reverts to the free antivirus. It does offer to install a plug-in for all of your browsers, and replace your home page, new tab page, and default search. However, as I'll explain below, installing AVG in the browser gets you a ton of useful security features.

Management by Zen

Like all AVG products, the antivirus includes AVG Zen, a management and launching utility that offers an overview of AVG security on all of your devices. It's similar in many ways to the component that helps you manage McAfee AntiVirus Plus and other McAfee products.

Four panels dominate Zen's main window, devoted to antivirus, PC tuneup, VPN, and Web Tuneup. Each panel contains a circle that can be fully or partially colored, depending on whether or not you've installed all possible protection in that area. If all is well, the circle glows green; if your attention is needed, it changes color.

When you install the free antivirus, you see a three-quarter circle in the antivirus panel. That becomes a full circle only if you upgrade to the paid edition. If you followed the installer's instructions regarding Web Tuneup, that panel displays a full circle. As for the VPN panel, that one remains empty unless you separately install the Hide My Ass VPN.

Likewise, you won't see anything in the PC Tuneup panel unless you install AVG PC TuneUp. You do get a one-day trial of the tuneup product along with the free antivirus; I'll discuss that below.

New User Interface

Last year's edition of the antivirus looked extremely similar to AVG Zen, with the same color scheme and the same circle-based status indicators. This year, the color scheme hasn't changed, but almost everything else has.

The main window has two main panes. The Basic protection pane includes icons for computer protection and for Web and email protection, both enabled. The Full protection panes icons represent protection for private data, protection during online payments, and protection against hack attacks, all three disabled. To enable those, you must upgrade to AVG's non-free security suite.

In the middle, below the two panes, is a big button labeled Scan Computer. Clicking it launches a full scan, which does more than just scan for malware. It also scans for junk files, revealing browser traces, system logs, and Registry problems—but if you want to fix those you must start your short-time trial of AVG PC Tuneup.

In testing, the full scan finished in just six minutes, which led me to peruse all the scan options. I found another option called Deep Virus Scan. This scan took over an hour, quite a bit longer than last year's edition of AVG. However, because the scan flags safe files that don't need to be looked at again, a second scan goes much faster. I found that a repeat scan finished in just a few seconds.

Lab Scores High and Plentiful

It may seem counterintuitive, but in most cases antivirus makers pay for the privilege of having products included in testing by the independent labs, but they do benefit. A high score gives the company bragging rights; if the score is poor, the lab lets it know what went wrong. When the antivirus doesn't bring in any income, a company might be tempted to avoid the expense of testing. Not AVG. I follow five independent testing labs that regularly release reports on their results; all five of them include AVG.

Testers at AV-Comparatives run a wide variety of tests on antivirus and other security products; I follow five of those tests closely. As long as a product meets the minimum for certification, it receives a standard rating. Those that go beyond the minimum can receive an Advanced rating, or even Advanced+. AVG participates in four of the five, and received two Advanced and two Advanced+ ratings. Note, though, that Kaspersky and Bitdefender Antivirus Free Edition both rated Advanced+ in all five tests.

AV-Test Institute reports on antivirus capabilities in three areas: protection, performance, and usability. With six points possible in each category, the maximum score is 18 points. AVG took six points for usability, meaning it didn't screw up by flagging valid programs or websites as malicious. It came close in the other two categories, with 5.5 apiece.

A total of 17 points isn't enough for AV-Test to designate AVG a Top Product; that requires 17.5 or better. Bitdefender, Quick Heal, and Trend Micro earned the necessary 17.5 points, while Kaspersky and Avira Antivirus managed a perfect 18.

AVG scored 81.05 percent in Virus Bulletin's RAP (Reactive And Proactive) test, just a hair below the current average. SE Labs tests products using real-world drive-by downloads and other Web-based attacks, assigning certification at five levels: AAA, AA, A, B, and C.

While most of the labs report a range of scores, tests by MRG-Effitas are more like pass/fail. Half of the products tested failed at least one test; 30 percent, including AVG, failed both. Since not-quite-perfect and epic failure get the same rating in this test, I give it less weight when coming up with an aggregate score.

Avast Free Antivirus, AVG, ESET, and Kaspersky are the only products in my collection that currently have results from all five labs. AVG's aggregate score is 8.7 of 10 possible points, better than many commercial products. At the top is Kaspersky, with 9.8 points, followed by Avira and Norton with 9.7.

Very Good Malware Blocking

Malicious software from the Internet must get past numerous defenses before it can infect your PC. AVG could block all access to the malware-hosting URL, or wipe out the malware payload before the download finishes—I'll discuss those layers shortly. If a file is already present on your computer, AVG assumes it must have gotten past the earlier protection layers. Even so, it checks one more time before allowing such a file to execute.

To test AVG's malware-blocking chops, I opened a folder containing my current collection of malware samples and tried to execute each one. AVG blocked almost all of them immediately, wiping them out so fast it left Windows displaying an error message that the file could not be found. It wiped out most of those that managed to launch before they could fully install.

Initially I determined that AVG detected 94 percent of the samples and scored 9.0 of 10 possible points. However, upon checking with my company contact, I learned that for full protection I should enable detection of potentially unwanted applications, sometimes called PUAs or PUPs. With that setting enabled, AVG's scores rose to 97 percent detection and 9.5 points, better than many commercial programs. I wish, however, that AVG either enabled detection of PUAs by default or, like ESET NOD32 Antivirus 10, made the user actively choose to enable or disable this protection.

Webroot and Comodo Antivirus 10 scored a perfect 10 in this test. However, when I checked Comodo against hand-modified versions of my samples, it missed quite a few.

When AVG detects a file that's completely new to the system, never before seen, it prevents that file from launching and sends it to AVG headquarters for analysis. I managed to invoke this feature using one of those hand-modified samples. AVG killed the process, triggering a Windows error message. To show it wasn't really an error, AVG attached a CyberCapture tab to the error message.

A few other files merited special scrutiny. AVG displayed a message stating, "Hang on, this file may contain something bad," and promising an evaluation within 15 seconds. All of my hand-coded testing utilities triggered this warning; all three got a clean bill of health.

Detecting my months-old samples is one thing; protecting against the very latest threats is quite another. My malicious URL test uses a feed of URLs detected within the last day or two by MRG-Effitas. An antivirus product gets equal credit if it prevents all access to the malware-hosting URL or if it eliminates the downloaded malware immediately.

I test URL after URL until I've recorded data for 100 verified malware-hosting URLs, then tally the results. AVG blocked access to more than half of the URLs and eliminated almost another quarter at the download stage, for a total of 73 percent protection. That's quite a bit better than Comodo, which lacks URL-based blocking and scores just 37 percent. However, others have done quite a bit better than AVG. Symantec Norton AntiVirus Basic holds the lead, with 98 percent protection; Avira managed 95 percent.

Antiphishing Disappointment

Trojans and other malicious programs must successfully infiltrate your compute in order to steal data. Phishing websites, by contrast, only have to trick you, the user. If you log in to a fraudulent site that's pretending to be your bank, or your email provider, you've handed over your account to a crook. Such sites get discovered and blacklisted quickly, but the crooks simply set up new ones.

The most dangerous phishing sites are those that haven't been analyzed yet, so I scour the Web for sites that have been reported as fraudulent but not yet verified. I discard any that don't pretend to be some other site, and any that don't include fields for username and password. I launch each URL in a browser protected by the program under test, and in another protected by long-time phish-killer Norton. I also launch the URL in Chrome, Firefox, and Internet Explorer, relying on the browser's built-in protection. If the URL returns an error message in any of the five browsers (and they often do), I discard it.

Because the URLs themselves are different every time, I report each product's results as the difference between its detection rate and that of the others. In last year's test, AVG lagged Norton's detection rate by 28 percentage points, which is still actually better than the majority of competing products. This time around, it lagged Norton by 70 percentage points, putting it near the bottom. My contact at the company checked with the developers and confirmed that they know about the problem and are working on speedier updates.

Even though Norton is my touchstone for this test, it doesn't beat every single competitor. Check Point ZoneAlarm Free Antivirus+ 2017 tied with Norton in its most recent test. Bitdefender, Kaspersky, and Webroot actually beat Norton by a few points.

Bonus Features

The AVG Web TuneUp plug-in installs in all your browsers and offers several useful and important security benefits. First off, the Site Safety component warns when you visit a website that's risky or actively dangerous. You can click for more details, and click again for a full website report online. However, the full report isn't as detailed as what you get from Norton and a few others. And where Norton marks search results with red, yellow, and green icons, AVG only offers a rating once you try to visit a site.

Advertisers love to track your Web surfing, so they can show you ads they think you'll like, and avoid showing the same ad too often. But tracking by advertisers and others is a bit creepy, enough so that there's a header in the HTTP standard specifically designed to tell websites you don't want to be tracked. Alas, the header has no teeth. Your browser can send a Do Not Track header, but sites and advertisers can ignore it.

AVG's Web TuneUp includes an active Do Not Track component, one that checks each page you visit for trackers and optionally cuts off their tracking. It's disabled by default; I suggest you turn it on. A similar feature in Abine Blur uses its toolbar button to display the number of trackers on the current page and let you fine-tune its tracker blocking. AVG just blocks all trackers when this feature is turned on.

The last tune-up feature, Browser Cleaner, doesn't add a lot to your security. It tracks things like browsing history, saved Web form data, and cookies, and lets you click to delete them. But in Chrome, Firefox, and Internet Explorer, you can simply press Ctrl+Shift+Del to do the same, with finer control over what gets deleted.

As noted, you can at any time install a one-day free trial of AVG PC TuneUp. Don't do this until you have a little free time, so you can make full use of your short-term trial.

The final bonus feature is a little hard to spot. Buried in the right-click menu for files and folders, you should find a new item titled Shred using AVG. If you choose this item, AVG overwrites the file's data before deleting it, thereby foiling any attempt to recover the deleted file's data.

An Excellent Choice

With the Avast acquisition, both the outward appearance and the technology inside are changing for AVG AntiVirus Free, and that's not a bad thing. The antivirus gets very good marks from all of the independent labs that I follow, and also did quite well in my malware-blocking test. It wasn't quite as good at blocking malicious downloads, but still beat many competitors. Yes, its antiphishing performance wasn't great, but phishing protection isn't a central antivirus component. Overall, it's an excellent choice.

But don't just take my word for it. Go ahead and give the program a try; it's free, after all. While you're at it, have a look at Avast Free Antivirus and Panda Free Antivirus, our other Editors' Choice products in the free antivirus realm.

Back to top

PCMag may earn affiliate commissions from the shopping links included on this page. These commissions do not affect how we test, rate or review products. To find out more, read our complete terms of use.

WordPress plugs eight holes in latest release

Cross-site scripting, request forgery, and more! WordPress has patched a series of vulnerabilities in its content management system shuttering bugs affecting more than 10 million users. The release of version 4.7.1 closes eight vulnerabilities including cross-site scripting, cross-site request forgery, and other remotely-acessible attack vectors. "This is a security release for all previous versions and we strongly encourage you to update your sites immediately," WordPress security bods say. The CMS crew says version 4.7 which bears the bugs has been downloaded some 10 million times since its 6 December release, however those vulnerabilities are likely to also affect earlier versions. The vulnerabilities include possible remote code execution in PHPMailer which is not known to affect WordPress directly and is updated to squish the reported bug out of caution. A flaw with REST API exposed user data for all users who had authored a post of a public post type, WordPress types say. Two cross-site scripting holes were found, one through the plugin name or version header on update-core.php, and another via theme name fallback. Uploading a Flash file creates opportunities for cross-site request forgery bypasses in unpatched systems, WordPress says, as does the accessibility mode of widget editing. Weak cryptographic security for multisite activation keys was also squished. WordPress is the world's most popular content management system with some 140 million downloads. ® Sponsored: Flash enters the mainstream. Visit The Register's storage hub

WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities

WordPress developers are encouraging users of the content management system to apply a new update, pushed this week, to resolve eight security issues, including a handful of cross-site scripting (XSS) and cross-site request forgery (CSRF) bugs. Aaron D.

Campbell, a WordPress core contributor announced the release, 4.7.1, Wednesday afternoon. WordPress 4.7.1 Security and Maintenance Release https://t.co/Qxgd132Dw9 — WordPress (@WordPress) January 11, 2017 One of the XSS vulnerabilities could be triggered via the plugin name or version header on update-core.php, another could be exploited via theme name fallback, according to the release notes. One of the CSRF bugs, identified by Abdullah Hussam, an Iraqi security researcher who’s previously found bugs in Vine, Twitter, and Vimeo, could lead to a bypass if a specific Flash file was uploaded.

Another CSRF bug, discovered by Danish developer Ronni Skansing, was tied to how WordPress handled accessibility mode in widget editing.
Skansing has found several bugs in WordPress over the years. Last February he found a server side request forgery (SSRF) vulnerability in WordPress 4.4.1.

An attacker could have exploited the bug by making it appear that the server was sending certain requests, possibly bypassing access controls. Another issue in WordPress’ REST API could have exposed user data for any users who “authored a post of a public post type.” The issue, jointly uncovered by Brian Krogsgard, who runs the WordPress news site Post Status, and Chris Jean, a WordPress developer for iThemes, was fixed by limiting which posts are seen within the API. WordPress have now fixed my vuln on relation to weak crypto https://t.co/899unBLnKn — linkcabin (@LinkCabin) January 11, 2017 The update also fixes what WordPress calls “weak cryptographic security” in the way it handles multisite activation keys, in addition to 62 smaller bugs that have popped up over the last month or so since the release of version 4.7. Lastly it appears 4.7.1 includes an updated version of the email sending library PHPMailer. While Campbell claims “no specific issue appears to affect WordPress or any of the major plugins” he and other WordPress contributors investigated, they decided to update the library “out of an abundance of caution.” Developers with PHPMailer updated the library to version 5.2.21 two weeks ago to mitigate a remote code execution vulnerability discovered by Dawid Golunski of Legal Hackers.

Golunski warned that an attacker could exploited the vulnerability by targeting website components that use the library, like contact/registration forms, email password reset forms, and so on.