Be aware of rogue security of Fake AVG software
February 1, 2011 by admin
Filed under Security News
We have noticed rogue antivirus software that pretends to be the AVG Anti-Virus 2011. As usually social engineering is in use - well known names (AVG, Microsoft Security Essentials) and designs of trusted applications are present in order to increase credibility.
AVG Rescue CD A powerful toolset for rescue & repair of infected machines
March 26, 2010 by admin
Filed under Removal Tips,Tools and Videos
The AVG Rescue CD is a powerful must-have toolkit for the rescue and repair of infected machines. It provides essential utilities for system administrators and other IT professionals and includes the following features:
- Comprehensive administration toolkit
- System recovery from virus and spyware infections
- Suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems)
- Ability to perform a clean boot from CD or USB stick
- Free support and service for paid license holders of any AVG product
- FAQ and Free Forum self-help support for AVG Free users
Key technologies
- Anti-virus: protection against viruses, worms and Trojans
- Anti-spyware: protection against spyware, adware and identity theft
- Administration toolkit: system recovery tools
The AVG Rescue CD is essentially a portable version of AVG Anti-Virus supplied through Linux distribution. It can be used in the form of a bootable CD or bootable USB flash drive to recover your computer when the system cannot be loaded normally, such as after an extensive or deep-rooted virus infection. In short, the AVG Rescue CD enables you to fully remove infections from an otherwise inoperable PC and render the system bootable again.
Apart from the usual AVG functions (malware detection and removal, updates from internet or external device, etc.), the AVG Rescue CD also contains the following set of administration tools:
- Midnight Commander – a two-panel file manager
- Windows Registry Editor– simple registry editor for more experienced users
- TestDisk – powerful hard drive recovery tool
- Ping – to test the availability of network resources (servers, domains, IP addresses)
- Common Linux programs and services– vi text editor, OpenSSH daemon, ntfsprogs etc.
Free of charge
The AVG Rescue CD is a free-to-use product that anyone can download. This also covers any new program versions and virus database updates. If you have any other paid AVG license, you are also entitled to receive our full technical support.
Download:
Download Rescue CD (for CD creation)
Download Rescue CD (for USB stick)
Tests Show Problems With AV Detections
February 7, 2010 by admin
Filed under Security News
Dateline: Moscow.
Here at a security press conference held by Kaspersky Lab, the company demonstrated how some malware detections are easily triggered by innocuous programs.
The problem arises when one vendor detects a threat. Samples are often passed on to other vendors, through multi-scanning services like VirusTotal. The fact that another vendor, particularly a respected one like Kaspersky, detects a threat is enough of a reason to take a serious look at the sample.
After suspecting such problems, Kaspersky created a test which demonstrated the phenomenon. They wrote a series of simple and innocuous programs, compiled them, created false detections for them in their engine, and then submitted the files to Virustotal. Only Kaspersky detected the files at this point.
But standard procedure with VirusTotal is that if at least one of the products detects a submitted sample, it is submitted to the others who didn’t detect it. The idea is that they can then analyze the file and create their own detection.
Instead, what they found was that other companies were creating detections for the false submissions from Kaspersky. The programs create some variables and perform simple mathematical operations on them. They don’t even touch the file system. Kaspersky provided me with the programs and the source code.
Click on these to see some of the detections:
- http://www.virustotal.com/analisis/5aee7…1264831301
- http://www.virustotal.com/analisis/0de6d…1264867956
- http://www.virustotal.com/analisis/b2a11…1264867934
- http://www.virustotal.com/analisis/7e79b…1264867923
- http://www.virustotal.com/analisis/0b974…1264831241
- http://www.virustotal.com/analisis/0b974…1264867640
But it turns out that the fact that Kaspersky was detecting the threats was not the only reason the others were. The real problems were the aggressive heuristics in the products and that fact that only a static scan was performed.
And there is something suspicious about a program that appears to do nothing and then exits. Other vendors I communicated with on the matter said that the behavior was not surprising and that a live on-access detection on a system with their product installed would not be the same. For instance, F-Secure said that “[o]n the end users Windows box, these alerts would show up as a prompt, asking the user whether he really trusts the program. In addition, we have massive whitelist databases in our back-ends, so such prompts would only appear from new, unknown applications.”
I suspected that the compiler used to generate the samples might itself be an issue, so I asked Kaspersky about it. They used the mingw crosscompiler, a gcc version for Linux that generates Win32 binaries. It’s possible that the same source code compiled with Microsoft Visual Studio would have generated a different reaction in the anti-malware products, not that it should make a difference. But Kaspersky then creates a “hello world” program with the same compiler and settings and uploaded it to VirusTotal; hours later, even though there were no Kaspersky detections, 2 other products called the sample “suspicious”.
This problem is not entirely new; Hispasec Sistemas Lab of Spain, the company that operates VirusTotal, wrote about it a few months ago (original Spanish, Google translation to English). As they point out, the volume of samples coming into company labs is so enormous that the vast majority has to be handled by automated analysis processes, and perhaps they are designed to be a little more paranoid than humans.
Kaspersky Lab has written an Analyst’s Diary entry on the issue as well.
By Larry Seltzer from PCMag.com
AVG LinkScanner Can Detect Malicious Short URLs
October 14, 2009 by admin
Filed under Protection Tools
URL shorteners may be handy for your tweets on Twitter. But they’re also known security holes since they don’t display the actual address of your destination. A free tool from security vendor AVG may provide a solution.
AVG has updated its free LinkScanner tool to detect malicious pages hiding behind shortened URLs. The company said the tool checks the actual destination of each URL link to make sure the page is legitimate.
More than a dozen URL-shortening services abound on the Net, including TinyURL and Bitly. With its 140-character limit, Twitter automatically shortens URLs in each tweet via Bitly. Other services like WordPress also include a built-in URL shortener.
But Web browsers don’t display the true address of a shortened URL, so you have no idea whether or not the destination page is safe. Hackers have easily been able to use the obscure nature of shortened URLs to conceal hazardous Web pages behind them.
“The problem with shortened links is that they usually don’t bear any resemblance to the original URLs, which means that users don’t always know what they’re clicking,” said Roger Thompson, chief research officer at AVG Technologies. “People click with the intention of going to a specific site, but the link can be easily hacked to send people to a site containing Trojans, spyware, rootkits, and other malware instead.”
AVG, formerly known as Grisoft, bought LinkScanner in late 2007 as part of a larger acquisition. The tool has already proven helpful to Web surfers by analyzing Web pages behind each link that is either clicked on or typed into the browser.
Other solutions do exist to reveal the truth behind a short URL. The Web site LongURL can display the long version of a short URL. A Firefox plug-in called LongURL Mobile Expander can also translate from short to long.
But according to AVG, LinkScanner is now the only security tool on the market that can find poisoned Web pages behind a short URL. The company says it does not rely on blacklists and instead checks each link in real time.
by Lance Whitney from Cnet
AVG update detect iTunes as virus
July 27, 2009 by suwari
Filed under Security News
AVG is a popular antivirus solution by AVG Technologies that offered free or paid antivirus software.
A recent AVG file update identifyies all iTunes/iPod realted files as viruses. The update will removing and deleting all files thus iTunes will not run and is not fixable by reinstall.
