Rouge Antivirus imitates BitDefender

BitDefender has recently found a new rogue antivirus software that was tricking users by installing it and posing as a BitDefender PC security product. Moreover the name wasd ByteDefender quite similar to BitDefender, this malicious software acts like a fully-fledged rogue antivirus with a twist.

Unlike other rogue antivirus applications, the ByteDefender sibling does not rely on the classic drive-by method used by most products of its kind, but rather allied on the popularity of the BitDefender products and their distinct visual identity to lure users into voluntarily downloading it. The website distributing it is located at hxxp://www.bytedefender.in (URL specifically invalidated to avoid accidental infection) and abusively built using the BitDefender layout. The domain name has been registered in Ukraine. Even the boxshots have been crafted in such a manner to trick the user into thinking that they are installing the genuine security product.
The infection scenario is simple, yet efficient: the user searching for a BitDefender software type genuine address and he/she might gets redirected to the malicious software’s webpage. As they have web page similar to webpage structure of original website, the user might download and install this rogue antivirus.
Once installed in the copmuter, this piece of scareware would start showing fake infection alerts in an attempt to pursue the user to purchase the “full version” and get rid of the mentioned fake threats.
Interesting enough, the payment processor for the ByteDefender Rogue antivirus is the trustworthy company Plimus, who has suspended sales on grounds of user abuse.

“Cyber-criminals have no boundaries when it comes to distributing and marketing their rogue computer security software. Sensational events, Trojanized applications or websites and watchfully forged –moreover they are useless – ‘security products’ are only a few of the multitude of methods to capitalize on unwary users”, said Catalin Cosoi, senior Researcher at BitDefender Company.

Google attack on fake antivirus software websites.

Within last 13 months Google analysed nearly 250 million website and found that fake antivirus websites accounts for more than 15 percent of total malicious attack.

Cyber criminals are using more and more sophisticated tactics to trick unsuspecting PC users in to downloading and installing applications laced with malicious code, which, when activated, they gives hackers "back door" access to a computer and personal stuff within it. This allows criminals to use the machine to send spam emails, or to try and capture personal information and login details for online banking and email accounts.

Fake antivirus--false pop-up warnings designed to scare money out of computer users. "Once it is installed on the user system, it's difficult to uninstall, you can't run Windows updates anymore or install other antivirus software, and you must install the [operating] system," rending it unusable until it has been cleaned up.

More than half of the fake antivirus software - which predominantly targets MS Windows machines - was delivered via adverts, Google said. Graham Cluley of security firm Sophos, who has been involved in the studies, said that one of the key ways that hackers spread fake anti-virus was so-called black hat search engine optimisation techniques.

"They then create websites stuffed with content, which in many cases appears on the first page of search engine result pages (SERP)." Anyone clicking on the link, would be confronted with a pop-up with a link of fake antivirus program. Google uses tools to filter out booby-trapped websites, but the firm said that hackers were managing to avoid detection by moving between domains quickly.