BitDefender Product Impersonated by Rogue AV
May 20th, 2010 | Category: BitDefenderBitDefender has detected ByteDefender, a new rogue antivirus utility that attempts to trick users into installing it by posing as a BitDefender product.
Unlike average rogue AV products, ByteDefender does not rely on the classic drive-by method used by most products of its kind, but rather piggybacks on the popularity of the BitDefender products and their distinct visual identity to lure users into voluntarily downloading it. The website distributing it is located at hxxp://www.bytedefender.in (URL specifically invalidated to avoid accidental infection) and abusively built using the BitDefender layout. The domain name has been registered in Ukraine. Even the boxshots have been crafted in such a manner to trick the user into thinking that they are installing the genuine security product.
The infection scenario is simple, yet efficient: the user looking for a BitDefender product may typo-squat the genuine address and gets redirected to the malicious webpage. Because of the similar webpage structure, the user may download and install the rogue AV.
Once installed on the system, this piece of scareware would start popping out fake infection alerts in an attempt to pursue the user into purchasing the full version and get rid of the mentioned threats.
Interesting enough, the payment processor for the ByteDefender Rogue AV is the trustworthy company Plimus, who has suspended sales on grounds of abuse.
Cyber-criminals know no boundaries when it comes to distributing and marketing their rogue security products. Sensational events, Trojanized applications or websites and carefully forged yet useless security products are only a few of the multitude of methods to capitalize on unwary users, said Catalin Cosoi, senior researcher at BitDefender.
As for the technical part, the ByteDefender rogue AV is shielded by a modified UPX packer with multiple layers of obfuscation that not only that deters static analysis, but also prevents it from running inside a virtual machine. It unsuccessfully tries to kill Windows services known to belong to specific AV vendors, thus opening a door for its own files.
BitDefender has added protection against the new threat (detected as Trojan.FakeAV.KZO) and has released a free removal tool to automatically clean infected computers of users that are not running BitDefender security products.
In order to stay safe, BitDefender® recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and to manifest extra caution when prompted to open files from unfamiliar locations.
About BitDefender®
BitDefender is the creator of one of the industry’s fastest and most effective lines of internationally certified security software. Since its inception in 2001, BitDefender has continued to raise the bar and set new standards in proactive threat prevention. Every day, BitDefender protects tens of millions of home and corporate users across the globe – giving them the peace of mind of knowing that their digital experiences will be secure. BitDefender solutions are distributed by a global network of value-added distribution and reseller partners in more than 100 countries worldwide. More information about BitDefender and its products are available at the companys security solutions press room. Additionally, BitDefenders www.malwarecity.com provides background and the latest updates on security threats helping users stay informed in the everyday battle against malware.
Related Posts
No related posts.