2 min read

BitDefender

Bogdan BOTEZATU

April 26, 2011

Promo Protect all your devices, without slowing them down.
Free 30-day trial
BitDefender

Unlike a regular Rogue AV that only limits its malicious activity to continuously asking the user to buy the product, the abusively-called “BitDefender 2011” prevents any browser installed on the computer from starting, which blocks acess to any websites hosting legit antivirus solutions and removal tools.

Rogue AV - Main interface

Main interface of the rogue BitDefender 2011

Once installed on the system, the rogue BitDefender starts triggering a multitude of annoying popups and blocking access to the desktop from time to time until the user finally gives in and purchases the useless product. It also modifies a couple of registry entries associated to any browsers it finds installed on the system by setting the debug key to iexplorer.exe – ds in  HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options.

Popup warning

Pop-up warning message with a “curtain” drawn over the desktop

As you can probably tell, this is not a BitDefender product. Apart from the logo that the gang behind the rogue BitDefender 2011 abusively displayed in their creation, there is no similitude with the genuine BitDefender Antivirus Pro 2011 (screenshot below) or any other product released by BitDefender.

Genuine BitDefender AV Pro 2011

Genuine BitDefender Antivirus Pro 2011

If you have any doubts on the legitimacy of your BitDefender antivirus product, then bear in mind that the genuine BitDefender installers and executable files come digitally-signed, which certifies that they are our creations and that the kit hasn’t been tampered with in any way.

Publisher information

LEFT: Rogue BitDefender 2011 – No publisher info | RIGHT:  BitDefender AV Pro 2011 kit with a valid digital signature

This specific wave of counterfeit BitDefender products tries to piggyback on the popularity of an internationally-awarded line of antivirus software and comes right after last week’s announcement related to BitDefender ranking number one in the AV-Comparatives test. It is not the first time when cyber-criminals try to exploit the reputation of the BitDefender to boost users’ interest in running a forged application on their machines.

 If you already have a BitDefender antivirus installed on your system, then you need not to worry, as we have been detecting this threat with a heuristic signature. If you don’t have an antivirus installed and you got infected, we recommend that you run this free removal tool to clean up your system and restore your system’s integrity. After the removal tool has successfully repaired your computer, we advise you to install a fully-fledged security solution such as one of the products provided by BitDefender.

This free removal tool is available courtesy of BitDefender e-threat researcher Mihail Andronic.

tags


Author


Bogdan BOTEZATU

Bogdan is living his second childhood at Bitdefender as director of threat research.

View all posts

You might also like

Bookmarks


loader