05December 2008

Beware of Fake Antivirus Products, According to BitDefender Labs’ Top E-Threats in November

Fake applications and ad-serving Trojans dominate the wild

Fake antivirus products dominate November’s top ten e-threats, according to BitDefender®. Variants of the FakeAntivirus Trojan filled the first three positions, totaling 37-percent of November’s top e-threats. Links to this e-threat are spread through various sources (spam, hidden redirections on shady webpages and malware already present on your computer).

When the FakeAntivirus Trojan is run from a malicious webpage, a "scan process" begins which takes about 10 seconds. During this time the "scanner" detects an enormous amount of infections - thousands of malicious files. The names of the "found" viruses are taken off lists from antivirus companies. The fake antivirus then demands money to remove the "malware" it found.

The other dominant e-threat of the month was the Wimad Trojan downloader, another fake application. The Wimad Trojan downloader claims to be an mp3 player, or a "codec." The actual file it downloads is an adware called Adware.PlayMP3z, which didn't make the top ten (having been blocked from downloading by BitDefender products).

Other notable threats of the month are Clicker.CM, in fourth place, an ad-serving Trojan, whose only claim to fame is that it was coded to bypass the Norton Internet Security pop-up blocker. At 6.2% of detections, its threat level has remained constant over the past three months, hovering around 6%.

Ranked 9th with a sizeable 2.19-percent detection, the first-ever detected variant of the Zlob Trojan backdoor proves itself to be the most widespread. Tenth place is taken over by Exploit.HTML.Agent.AQ, a javascript used to exploit a vulnerability in how Microsoft products parse VML. The exploit is usually placed in malicious or compromised webpages, or in HTML formatted e-mails, as the Outlook e-mail client is also vulnerable. Its only purpose is to download and execute malware on the infected computer.

"As the FakeAntivirus Trojans have dominated the top malware in November, it is important for computer users to be more aware of the links and webpages visited – only opening e-mails from known senders and visiting known, secure websites,” commented Head of Antivirus Labs, Sorin Dudea for BitDefender. “However, spam and webpages are just part of the problem, which is why it is essential users ensure their computers are malware and virus free by running daily scans, using a trusted security solution.”