We received a worrying notice today from the Internet Crime Complaint Center (IC3) which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), The headline reads: “Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections.” We felt that the warning which followed the headline was serious enough to relay it promptly to our readers in its entirety:
Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers abroad through pop-up windows while establishing an Internet connection in their hotel rooms.
Recently, there have been instances of travelers' laptops being infected with malicious software while using hotel Internet connections. In these instances, the traveler was attempting to setup the hotel room Internet connection and was presented with a pop-up window notifying the user to update a widely-used software product. If the user clicked to accept and install the update, malicious software was installed on the laptop. The pop-up window appeared to be offering a routine update to a legitimate software product for which updates are frequently available.
The FBI recommends that all government, private industry, and academic personnel who travel abroad take extra caution before updating software products on their hotel Internet connection. Checking the author or digital certificate of any prompted update to see if it corresponds to the software vendor may reveal an attempted attack. The FBI also recommends that travelers perform software updates on laptops immediately before traveling, and that they download software updates directly from the software vendor’s Web site if updates are necessary while abroad.
Anyone who believes they have been a target of this type of attack should immediately contact their local FBI office, and promptly report it to the IC3's website at www.IC3.gov. The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration. The complaint information is also used to identify emerging trends and patterns.
You can find a copy of the alert here and you might want to consider signing up for future alerts here. Additional defensive measures that you can take include doing the following three things before you leave home on your travels:
Perform a full backup of your laptop.
Make sure your antivirus software is up to date.
Install the latest operating system and application updates.
If we obtain any further details about this threat we will publish them here. If you are currently traveling and want to perform a virus scan of your Windows laptop, you can use the free ESET online scanner.
The wave of new data technology making its way into the next generation of cars – ranging from vehicles which semi-autonomously drive themselves, to realtime data streaming onto head's up displays – begs the question: will they be safe from cyber shenanigans, or will you have to deploy security software on your next (probably hybrid) car?
At Blackhat last year, I watched a demo of hacking a car using wireless, where they were able to unlock its doors and start it up. The team that did the demo disclosed the situation to the car manufacturer, with the hope they could put protections in place to stop those with less-than-noble intentions (and free time) to try the same. But what if the hacking team decided to go the “Dark Side” and started unlocking cars and driving them off to chop shops?
Traditionally, cars have had rudimentary computing systems, implemented to carry out fixed tasks like measuring fuel for injection, making your transmission shift more smoothly under gentle acceleration or to improve gas mileage – things like that.
But with some manufacturers hoping to roll out location-aware browser-based or embedded information systems, can scams be far behind? Browser-based exploits have a long and inglorious history on more traditional platforms. So with the computer power required to launch these new data-driven cars, ushering in a raft of accompanying full-featured embedded computers, can that be a more full-featured scam platform as well? As we've seen with recent Java-related exploits (with more independence from the underlying host OS), it's easy to imagine a Java app working its way into the car systems and doing things you wouldn't suspect in your car, like exfiltrate your data to some remote location (or far worse).
To be sure, manufacturers of cars tend to test their systems a little more fully than a hot Silicon Valley startup vying for VC capital, where the motto tends to be “launch fast, iterate fast.” But cars tend to stay around for 10 years or more, making a vulnerability in the software stack more tricky to manage, especially over time. Automotive recalls are famously expensive, and tend to have a cooling effect for the brand in general, but what happens when some corner-case (or mainstream) hack crops up on a several year old model, as in the case of the Blackhat demo? While there may be an update cycle that can be pushed over-the-air, updates and patch cycles gone awry could have much more scary side-effects than, say, your mousepad not scrolling like it used to.
Generally speaking, auto manufacturers seem to be planning more batches of read-only interfaces than read-write, where the car simply reports on systems and information, so there's less chance of systems introducing problems, say, from users grabbing a keyboard, logging in as Administrator, and then installing things. That's a good thing. But still there are myriad wireless technologies in the works to serve up information to occupants, and that tends to also have the ability to be susceptible to nefarious downloadable nastiness.
Will we see anti-malware software for your car? I think it's too soon to tell. Hopefully good design will blunt or remove the need. On the other hand, it certainly opens up new horizons for those seeking to socially engineer you based on information that may be gathered from your car's systems, obtained either ethically or otherwise, directly from the car, or down the line. If retail marketers knew you always drove past their store, they might target their messaging to be relevant to you, especially if they could data-mine from the streams reported by your car. And the thought of automotive-based ransomware is very scary indeed; whether or not it could disable your car or simply purport to, it's still unnerving.
Hopefully, manufacturers will engage the security community early and throughout the process to help with analysis, recommendation, and testing, which will hopefully keep us all safer from car-based hacks. If that fails, you may find even more motivation to dust off that Corvette restoration project sitting in the back of your shed and breath new life into it. It's old and boring technologically-speaking, but you know what you're getting, and not more.
This week sees the launch of the latest quarterly AVG Community Powered Threat Report.
So what did the first quarter of 2012 Q1 2012 reveal in terms of threats?
Blackhole Toolkits:
Cyber criminals are adopting an increasingly entrepreneurial attitude through the marketing of ‘commercial’ crimeware kits. These kits are available to purchase online and effectively give anyone the tools to become a cyber criminal.
This quarter, other commercial crimeware kits lost market share to the most advanced crimeware offering, the Blackhole exploit kit.
During 2011,AVG research shows that the Blackhole toolkit was most popular and the toolkit of choice for cyber criminals, with AVG research showing that on average, 70 per cent of attacks were performed by variants of Blackhole.
Blackhole is a sophisticated and powerful exploit kit, mainly due to its polymorphic nature, and it is heavily obfuscated to evade detection by anti-malware solutions. These are the main reasons why it has a high success rate.
Mac computers running the beta version of avast! Free Antivirus for Mac were not infected by the Flashback Trojan.
“We’ve confirmed our app’s detection abilities for Flashback within the test lab and with reports from our beta testers,” says Jiri Sejtko, director of AVAST Virus Lab operations.
The Flashback Trojan linked to the Mac botnet is a derivative of last year’s DevilRobber Mac OS X Trojan. The AVAST Virus Lab now has 18 variants of this malware in its antivirus database.
“With an estimated 600,000 infected Macs, this botnet is just a large example that the Apple operating system is not immune from malware,” said Jiri. “Add a growing market share that makes Mac an attractive target for the bad guys together with a user base that insists they do not need a security app – you have all the conditions in place for an epidemic to rip through.”
The latest Flashback variants can infect vulnerable Macs without requiring the victim to enter a password. “Mac malware has historically been dependent on social engineering – convincing the user to enter the required password. Now these days are over and Mac users can pick up malware just by visiting an infected website,” adds Jiri. “Welcome to the real world.”
Flashback is a logical step in Mac malware’s steady evolution, he points out. Initial malware samples were rather simple, just compiler-generated code, with no encryption whatsoever, but it has since evolved to be more “custom”, with encrypted strings and code, and structured to avoid security apps like LittleSnitch(firewall software for Mac OS) or Apple’s XProtect. During 2011, there were some large-scale attempts to spread Mac malware via Google Image poisoning.
“It takes 1-2 years for malware guys to adapt to a new technology – it took a similar time when they switched from DOS to Windows. This latest botnet did not fall out of the clear blue sky. The conditions have been building for some time and I’m glad that our security app will soon be available for Mac users,” says Jiri.
avast! Free Antivirus for Mac is currently in the late BETA stage. It includes the latest avast! antivirus engine, three shields (Web, File, and Mail) and the WebRep reputation and anti-phishing plugin for Safari browser. avast! Free Antivirus for Mac builds on the AVAST Software tradition of providing a full-fledged security app which is completely free. More details coming very soon.
What do printed QR codes and NFC (Near Field Communication) chips have in common, besides storing instructions that computers can read? They are both hackable and their ability to store and communicate computer instructions is bound to be abused, if not already, then sometime soon. This happens to every new means of communication; QR and NFC are no exception. Call it “Cobb's first law of communications abuse” or just a statement of the obvious: Every new means of communication will be abused. Of course, the second law states that the abuse will include, if at all possible, the spreading of malicious software.
This blog post is not about how to abuse QR codes or NFC chips–sooner or later people are going to figure that out for themselves–we just want to take a moment to urge companies and coders working with these technologies to implement them as sensibly and securely as possible. Failure to heed this warning could mean cool technology being crippled by clumsy protection schemes bolted on to fix security issues created by naive implementations.
Germany leads EU in unpronounceable consumer protection
Germany has become the first country to enact a new EU law to protect online consumers against new types of fraud. One visible change will be a “Zahlungspflichtig bestellen” button on internet sites which translates into “order with an obligation to pay” button.
The law is designed to combat internet “subscription traps”, sites that lure consumers with a free offer but actually sign them up for a service where the real costs are hidden and conditions can be misleading if not fraudulent. By late 2012, customers at German ecommerce sites will have to click a button labeled “zahlungspflichtig bestellen” to complete their online purchases instead of the current “anmeldung” (registration) button.
The “Button Law” adopted by the German Bundestag is a result from EU Directive 2011/83/EU on consumer rights. And, it might be used as a model for the other EU countries to copy as the 2013 deadline on the consumer rights Directive approaches. Since Germany is the largest economy in the European Union, this new law might just have a knock-on impact on consumer rights that goes outside of the country’s borders.
According to Jana Pattynova, a partner at the Prague office of Pierstone, an international law firm, pointed out that along with the new button, potential customers will get information on three basic points:
This is not a free service – Customers have to explicitly acknowledge that the service they have signed up for will cost them money.
What is it going to cost – Customers will get information – in a readable font size and color – on the real cost of the service.
What is the deal – Accurate summary of the contract terms, duration, and conditions.
Based on an interpretation of German law, in Ms Pattynova’s view, if a site has an incorrectly labeled order button, the contract is null and void.
Of course, any site asking for your credit card number should be looked at with certain degree of suspicion.
AVAST Software has ongoing conflicts with subscription traps that ostensibly offer our free antivirus products and combine this with hidden costs and conditions buried deep in the EULA contracts. Some of these sites we block as malware, others are listed in the knowledgebase section of our website. However, it is difficult to keep people from visiting these sites before they have initially downloaded avast!.
Our message to computer users worldwide is that avast! Free Antivirus is just that – free. If a site tries to charge for the privilege of downloading it – leave immediately and tell us about it.
If you aren’t sure where to look, just visit the official www.avast.com site which will automatically redirect you them to the nearest reputable download location.
Does this situation seem familiar? I have just downloaded an awesome application which should contain thousands of new desktop pictures. The site name is www.bestsoftwareforever.com and wow, it must be pretty good. So, I run it and then this avast! AutoSandbox popup appears. Oh guys, why are you annoying me? I know what I am doing.
In few seconds, the AutoSandbox scan ends and another message appears: “This file appears to be malware”. Oh @$#%%, what is this application about? Probably it is a fake application which would harm my private data stored on the hard drive. Luckily, avast! and the AutoSandbox feature saved me this time.
The scope of behavior for AutoSandbox has been expanded for the new avast! 7.
The new AutoSandbox is now able to scan and analyze the behavior of selected files. In addition, this feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab. This is a marked difference from the previous avast! 6 which was limited to only sandboxing suspicious files.
It also happens that the AutoSandbox toaster appears for programs which you are pretty sure are not infected. And in many cases, this can be intensely irritating: especially if you are a vendor of the application and you don’t want it to be marked as a potentially harmful program. In avast! 7, there is a new option to disable AutoSandbox. This might be useful for software developers when, for example, their internal application builds are being AutoSandboxed as low-reputation files.
Several reasons why we activate the AutoSandbox:
Static analysis finds the file suspicious
Static analyses checks file content and looks for suspicious strings in file headers similar in virus definitions. Main static analysis reasons are:
Application is not signed
It’s not mandatory to have a signed application, but signed software is statistically less likely to be harmful.
Use of executable file encryption/compression
App writers and installers(self extracts) like executable compression/encryption because it makes reverse engineering more difficult. But, it is also used by malware to hide from antivirus scanners. A compressed/encrypted file without a digital signature is doubly suspect.
The file prevalence/reputation is low
All new unknown files are potentially dangerous. Whenever they have become widespread, there will not be a reason to AutoSandbox them anymore.
The file origin/source is suspicious
Freewebs and some file distribution servers have a reputation for paying less attention to the quality and origin of their software than official distribution servers. This is a long-run issue of reputation and income management.
The file is executed from a remote/removable media
Running an application from the USB drive may cause the AutoSandbox dialogue box to appear –but the same app from your local hard drive may not. That is because many harmful apps are spread through removable media, increasing the odds of potential danger.
Generic heuristics/suspicious context
Invalid digital signatures
Suspicious file names
And there are more…
The guiding principle is that we secure your computer not only from known viruses/malware but also from viruses/malware which have not yet been uncovered.
So, the next time if you see an AutoSandbox popup appearing for your new application, read the message carefully. If you are not sure, run the app first in the AutoSandbox to prevent potential damage.
We at AVG pride ourselves on our Facebook community, which at over 700,000 members is one of the most active and helpful communities around. To recognize the people that are busy making the AVG community a great place to come and chat or get help for whatever you may need, we came up with our monthly Community Awards. The members which are the most helpful and supportive we reward with special AVG VIP status. So without further ado, here is our latest AVG VIP, Tyrone Villacrusis.
OK so just hold on there before we even start. It is very important that we make our message on this subject clear from the outset. If we say that the greatest risks to financial data security come from inside the business, we are not saying that firms should inherently mistrust their accountancy staff or any other employees.
Foreign Travel Malware Threat Alert: Watch out for hotel Internet connections
We received a worrying notice today from the Internet Crime Complaint Center (IC3) which is a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C), The headline reads: “Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections.” We felt that the warning which followed the headline was serious enough to relay it promptly to our readers in its entirety:
You can find a copy of the alert here and you might want to consider signing up for future alerts here. Additional defensive measures that you can take include doing the following three things before you leave home on your travels:
If we obtain any further details about this threat we will publish them here. If you are currently traveling and want to perform a virus scan of your Windows laptop, you can use the free ESET online scanner.
Could your next new car be hacked (should you be scared)?
The wave of new data technology making its way into the next generation of cars – ranging from vehicles which semi-autonomously drive themselves, to realtime data streaming onto head's up displays – begs the question: will they be safe from cyber shenanigans, or will you have to deploy security software on your next (probably hybrid) car?
At Blackhat last year, I watched a demo of hacking a car using wireless, where they were able to unlock its doors and start it up. The team that did the demo disclosed the situation to the car manufacturer, with the hope they could put protections in place to stop those with less-than-noble intentions (and free time) to try the same. But what if the hacking team decided to go the “Dark Side” and started unlocking cars and driving them off to chop shops?
Traditionally, cars have had rudimentary computing systems, implemented to carry out fixed tasks like measuring fuel for injection, making your transmission shift more smoothly under gentle acceleration or to improve gas mileage – things like that.
But with some manufacturers hoping to roll out location-aware browser-based or embedded information systems, can scams be far behind? Browser-based exploits have a long and inglorious history on more traditional platforms. So with the computer power required to launch these new data-driven cars, ushering in a raft of accompanying full-featured embedded computers, can that be a more full-featured scam platform as well? As we've seen with recent Java-related exploits (with more independence from the underlying host OS), it's easy to imagine a Java app working its way into the car systems and doing things you wouldn't suspect in your car, like exfiltrate your data to some remote location (or far worse).
To be sure, manufacturers of cars tend to test their systems a little more fully than a hot Silicon Valley startup vying for VC capital, where the motto tends to be “launch fast, iterate fast.” But cars tend to stay around for 10 years or more, making a vulnerability in the software stack more tricky to manage, especially over time. Automotive recalls are famously expensive, and tend to have a cooling effect for the brand in general, but what happens when some corner-case (or mainstream) hack crops up on a several year old model, as in the case of the Blackhat demo? While there may be an update cycle that can be pushed over-the-air, updates and patch cycles gone awry could have much more scary side-effects than, say, your mousepad not scrolling like it used to.
Generally speaking, auto manufacturers seem to be planning more batches of read-only interfaces than read-write, where the car simply reports on systems and information, so there's less chance of systems introducing problems, say, from users grabbing a keyboard, logging in as Administrator, and then installing things. That's a good thing. But still there are myriad wireless technologies in the works to serve up information to occupants, and that tends to also have the ability to be susceptible to nefarious downloadable nastiness.
Will we see anti-malware software for your car? I think it's too soon to tell. Hopefully good design will blunt or remove the need. On the other hand, it certainly opens up new horizons for those seeking to socially engineer you based on information that may be gathered from your car's systems, obtained either ethically or otherwise, directly from the car, or down the line. If retail marketers knew you always drove past their store, they might target their messaging to be relevant to you, especially if they could data-mine from the streams reported by your car. And the thought of automotive-based ransomware is very scary indeed; whether or not it could disable your car or simply purport to, it's still unnerving.
Hopefully, manufacturers will engage the security community early and throughout the process to help with analysis, recommendation, and testing, which will hopefully keep us all safer from car-based hacks. If that fails, you may find even more motivation to dust off that Corvette restoration project sitting in the back of your shed and breath new life into it. It's old and boring technologically-speaking, but you know what you're getting, and not more.
Read more:
Could your next new car be hacked (should you be scared)?
Kaspersky Lab Releases New Version of Kaspersky Anti-Spam Software Development Kit
Kaspersky Lab announces the release of a new version of the company’s anti-spam product – Kaspersky Anti-Spam 5.0 Software Development Kit (KAS SDK)
See original here:
Kaspersky Lab Releases New Version of Kaspersky Anti-Spam Software Development Kit
Threat Report – analysis of the first three months of 2012
This week sees the launch of the latest quarterly AVG Community Powered Threat Report.
So what did the first quarter of 2012 Q1 2012 reveal in terms of threats?
Blackhole Toolkits:
Cyber criminals are adopting an increasingly entrepreneurial attitude through the marketing of ‘commercial’ crimeware kits. These kits are available to purchase online and effectively give anyone the tools to become a cyber criminal.
This quarter, other commercial crimeware kits lost market share to the most advanced crimeware offering, the Blackhole exploit kit.
During 2011,AVG research shows that the Blackhole toolkit was most popular and the toolkit of choice for cyber criminals, with AVG research showing that on average, 70 per cent of attacks were performed by variants of Blackhole.
Blackhole is a sophisticated and powerful exploit kit, mainly due to its polymorphic nature, and it is heavily obfuscated to evade detection by anti-malware solutions. These are the main reasons why it has a high success rate.
avast! Free Antivirus for Mac and the Flashback botnet
“We’ve confirmed our app’s detection abilities for Flashback within the test lab and with reports from our beta testers,” says Jiri Sejtko, director of AVAST Virus Lab operations.
The Flashback Trojan linked to the Mac botnet is a derivative of last year’s DevilRobber Mac OS X Trojan. The AVAST Virus Lab now has 18 variants of this malware in its antivirus database.
“With an estimated 600,000 infected Macs, this botnet is just a large example that the Apple operating system is not immune from malware,” said Jiri. “Add a growing market share that makes Mac an attractive target for the bad guys together with a user base that insists they do not need a security app – you have all the conditions in place for an epidemic to rip through.”
The latest Flashback variants can infect vulnerable Macs without requiring the victim to enter a password. “Mac malware has historically been dependent on social engineering – convincing the user to enter the required password. Now these days are over and Mac users can pick up malware just by visiting an infected website,” adds Jiri. “Welcome to the real world.”
Flashback is a logical step in Mac malware’s steady evolution, he points out. Initial malware samples were rather simple, just compiler-generated code, with no encryption whatsoever, but it has since evolved to be more “custom”, with encrypted strings and code, and structured to avoid security apps like LittleSnitch(firewall software for Mac OS) or Apple’s XProtect. During 2011, there were some large-scale attempts to spread Mac malware via Google Image poisoning.
“It takes 1-2 years for malware guys to adapt to a new technology – it took a similar time when they switched from DOS to Windows. This latest botnet did not fall out of the clear blue sky. The conditions have been building for some time and I’m glad that our security app will soon be available for Mac users,” says Jiri.
avast! Free Antivirus for Mac is currently in the late BETA stage. It includes the latest avast! antivirus engine, three shields (Web, File, and Mail) and the WebRep reputation and anti-phishing plugin for Safari browser. avast! Free Antivirus for Mac builds on the AVAST Software tradition of providing a full-fledged security app which is completely free. More details coming very soon.
More:
avast! Free Antivirus for Mac and the Flashback botnet
QR Codes and NFC Chips: Preview-and-authorize should be default
What do printed QR codes and NFC (Near Field Communication) chips have in common, besides storing instructions that computers can read? They are both hackable and their ability to store and communicate computer instructions is bound to be abused, if not already, then sometime soon. This happens to every new means of communication; QR and NFC are no exception. Call it “Cobb's first law of communications abuse” or just a statement of the obvious: Every new means of communication will be abused. Of course, the second law states that the abuse will include, if at all possible, the spreading of malicious software.
Here comes the “Zahlungspflichtig bestellen” button
Germany leads EU in unpronounceable consumer protection
Germany has become the first country to enact a new EU law to protect online consumers against new types of fraud. One visible change will be a “Zahlungspflichtig bestellen” button on internet sites which translates into “order with an obligation to pay” button.
The law is designed to combat internet “subscription traps”, sites that lure consumers with a free offer but actually sign them up for a service where the real costs are hidden and conditions can be misleading if not fraudulent. By late 2012, customers at German ecommerce sites will have to click a button labeled “zahlungspflichtig bestellen” to complete their online purchases instead of the current “anmeldung” (registration) button.
The “Button Law” adopted by the German Bundestag is a result from EU Directive 2011/83/EU on consumer rights. And, it might be used as a model for the other EU countries to copy as the 2013 deadline on the consumer rights Directive approaches. Since Germany is the largest economy in the European Union, this new law might just have a knock-on impact on consumer rights that goes outside of the country’s borders.
According to Jana Pattynova, a partner at the Prague office of Pierstone, an international law firm, pointed out that along with the new button, potential customers will get information on three basic points:
Based on an interpretation of German law, in Ms Pattynova’s view, if a site has an incorrectly labeled order button, the contract is null and void.
Of course, any site asking for your credit card number should be looked at with certain degree of suspicion.
AVAST Software has ongoing conflicts with subscription traps that ostensibly offer our free antivirus products and combine this with hidden costs and conditions buried deep in the EULA contracts. Some of these sites we block as malware, others are listed in the knowledgebase section of our website. However, it is difficult to keep people from visiting these sites before they have initially downloaded avast!.
Our message to computer users worldwide is that avast! Free Antivirus is just that – free. If a site tries to charge for the privilege of downloading it – leave immediately and tell us about it.
If you aren’t sure where to look, just visit the official www.avast.com site which will automatically redirect you them to the nearest reputable download location.
Be free with avast!
The rest is here:
Here comes the “Zahlungspflichtig bestellen” button
AutoSandbox – why are you annoying me?
Does this situation seem familiar? I have just downloaded an awesome application which should contain thousands of new desktop pictures. The site name is www.bestsoftwareforever.com and wow, it must be pretty good. So, I run it and then this avast! AutoSandbox popup appears. Oh guys, why are you annoying me? I know what I am doing.
In few seconds, the AutoSandbox scan ends and another message appears: “This file appears to be malware”. Oh @$#%%, what is this application about? Probably it is a fake application which would harm my private data stored on the hard drive. Luckily, avast! and the AutoSandbox feature saved me this time.
The scope of behavior for AutoSandbox has been expanded for the new avast! 7.
The new AutoSandbox is now able to scan and analyze the behavior of selected files. In addition, this feature is connected to the FileRep cloud feature which identifies new files for additional analysis. So now we are able to warn you even before we have had the opportunity to examine this malware in our Virus Lab. This is a marked difference from the previous avast! 6 which was limited to only sandboxing suspicious files.
It also happens that the AutoSandbox toaster appears for programs which you are pretty sure are not infected. And in many cases, this can be intensely irritating: especially if you are a vendor of the application and you don’t want it to be marked as a potentially harmful program. In avast! 7, there is a new option to disable AutoSandbox. This might be useful for software developers when, for example, their internal application builds are being AutoSandboxed as low-reputation files.
Several reasons why we activate the AutoSandbox:
Static analyses checks file content and looks for suspicious strings in file headers similar in virus definitions. Main static analysis reasons are:
It’s not mandatory to have a signed application, but signed software is statistically less likely to be harmful.
App writers and installers(self extracts) like executable compression/encryption because it makes reverse engineering more difficult. But, it is also used by malware to hide from antivirus scanners. A compressed/encrypted file without a digital signature is doubly suspect.
All new unknown files are potentially dangerous. Whenever they have become widespread, there will not be a reason to AutoSandbox them anymore.
Freewebs and some file distribution servers have a reputation for paying less attention to the quality and origin of their software than official distribution servers. This is a long-run issue of reputation and income management.
Running an application from the USB drive may cause the AutoSandbox dialogue box to appear –but the same app from your local hard drive may not. That is because many harmful apps are spread through removable media, increasing the odds of potential danger.
The guiding principle is that we secure your computer not only from known viruses/malware but also from viruses/malware which have not yet been uncovered.
So, the next time if you see an AutoSandbox popup appearing for your new application, read the message carefully. If you are not sure, run the app first in the AutoSandbox to prevent potential damage.
Original post:
AutoSandbox – why are you annoying me?
Introducing AVG VIP: Tyrone Villacrusis
We at AVG pride ourselves on our Facebook community, which at over 700,000 members is one of the most active and helpful communities around. To recognize the people that are busy making the AVG community a great place to come and chat or get help for whatever you may need, we came up with our monthly Community Awards. The members which are the most helpful and supportive we reward with special AVG VIP status. So without further ado, here is our latest AVG VIP, Tyrone Villacrusis.
Tax and Finance: The greatest risks to financial data come from inside