Malwarebytes sounds alarm over anti-virus imposter website

News
By Jane McCallion
published

Malwarebiter promises to protect users, but infects them with a Zeus Trojan instead, it is claimed.

Jolly roger keyoard key

Anti-virus vendor Malwarebytes has alerted consumers to a website it claims is delivering malware to computers.

The website, named Malwarebiter, was discovered earlier this week by Malwarebytes analyst Adam Kujawa.

Malwarebytes has accused Malwarebiter of copying its own website's styling to give it a veneer of credibility.

The company also accuses the alleged imposter of using spam or other underhand means to boost its Facebook following to increase its apparent legitimacy.

However, what has concerned the organisation most is that the website is apparently carrying out drive-by' attacks on users who do not even download the product.

"Traffic analysis from our visit revealed roe.js', a file containing javascript," Joshua Cannell, malware intelligence analyst at Malwarebytes said in a blog post.

"Upon further inspection the file revealed an embedded iFrame object that links to a rogue IP hosting the Blackhole Exploit Kit.

"iFrames allow web developers to embed the contents of one webpage within another [and] using iFrames for drive-by malware attacks is common since they can be crafted invisible to the naked eye," Cannell explained.

The roe.js file then executes either a java or a PDF exploit, resulting in the infamous Zeus Trojan being downloaded onto the visitor's PC, roping it in to one of the internet's most notorious botnets.

Anyone who installs Malwarebiter's anti-malware programme will find it does not detect the newly installed Zeus malware. Instead, they may be directed to a second website, Ad-purge, which is a known fake spyware reporter.

In turn, both websites are linked to a third, Rebrand Software, which creates software products for private buyers who then sell it on as their own.

Furthermore, Malwarebytes claims numerous other pieces of malware have been discovered contacting the Rebrand Software domain.

Cannell said it is "vital" for PC users to protect themselves from software exploitation.

"The Java and PDF exploits found on Malwarebiter's website could be prevented by keeping your software patched and up to date.

"However, this does not always solve the problem as both java and PDF viewers are highly targeted for exploitation, with new vulnerabilities discovered every day.

"In light of this, users might want to stop using java altogether. As for protection from malicious PDFs ... users might be better off viewing [them] in secure browsers, like Google Chrome," advised Cannell.

Jane McCallion
Jane McCallion
Deputy Editor

Jane McCallion is ITPro's deputy editor, specializing in cloud computing, cyber security, data centers and enterprise IT infrastructure. Before becoming Deputy Editor, she held the role of Features Editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.