Fake Anti-Virus Keygen Steals Software Keys
Security researchers from Kaspersky Lab have come across a keygen for the company's products which has two information stealing trojans bundled with it.
The keygen was recently spotted on file sharing websites and promises to generate serial keys for Kaspersky Anti-Virus 2010, Kaspersky Internet Security 2010 and Kaspersky Simple Scan 2010.
Kaspersky Lab's Vyacheslav Zakorzhevsky warns that its interface is just a facade for a trojan dropper.
"While the freebie lover is waiting for the result, two pieces of malware that were stealthily installed and launched by the dropper make themselves at home on the PC," he notes.
One of them is ironically a software serial key stealer that targets a wide variety of programs and games including TechSmith SnagIt, Texas Calculatem 4, The Battle for Middle-earth, The Orange Box, TMPGEnc DVD Author, TuneUp 2007, 2008 and 2009, Winamp, The Sims 3, Spore, Mirrors Edge, GTA IV, FIFA 2008 and 2009, and Pro Evolution Soccer 2009.
The trojan also blocks access to popular file scanning websites like Jotti and Virus Total by adding bogus entries for their domains to the Windows "hosts" file.
The hosts file can be used to specify manual DNS overrides and is abused by many malware programs, commonly known as DNS hijackers.
The second threat installed by fake keygen has a backdoor component which allows remote attackers to execute commands on the infected computer. It also comes with a keylogger that records all keystrokes.
Read more
Security researchers from Kaspersky Lab have come across a keygen for the company's products which has two information stealing trojans bundled with it.
The keygen was recently spotted on file sharing websites and promises to generate serial keys for Kaspersky Anti-Virus 2010, Kaspersky Internet Security 2010 and Kaspersky Simple Scan 2010.
Kaspersky Lab's Vyacheslav Zakorzhevsky warns that its interface is just a facade for a trojan dropper.
"While the freebie lover is waiting for the result, two pieces of malware that were stealthily installed and launched by the dropper make themselves at home on the PC," he notes.
One of them is ironically a software serial key stealer that targets a wide variety of programs and games including TechSmith SnagIt, Texas Calculatem 4, The Battle for Middle-earth, The Orange Box, TMPGEnc DVD Author, TuneUp 2007, 2008 and 2009, Winamp, The Sims 3, Spore, Mirrors Edge, GTA IV, FIFA 2008 and 2009, and Pro Evolution Soccer 2009.
The trojan also blocks access to popular file scanning websites like Jotti and Virus Total by adding bogus entries for their domains to the Windows "hosts" file.
The hosts file can be used to specify manual DNS overrides and is abused by many malware programs, commonly known as DNS hijackers.
The second threat installed by fake keygen has a backdoor component which allows remote attackers to execute commands on the infected computer. It also comes with a keylogger that records all keystrokes.
Read more
