Security researchers from Kaspersky Lab have come across a keygen for the company's products which has two information stealing trojans bundled with it.The keygen was recently spotted on file sharing websites and promises to generate serial keys for Kaspersky Anti-Virus 2010, Kaspersky Internet Security 2010 and Kaspersky Simple Scan 2010.
Kaspersky Lab's Vyacheslav Zakorzhevsky
warns that its interface is just a facade for a trojan dropper.
"
While the freebie lover is waiting for the result, two pieces of malware that were stealthily installed and launched by the dropper make themselves at home on the PC," he notes.
One of them is ironically a software serial key stealer that targets a wide variety of programs and games including TechSmith SnagIt, Texas Calculatem 4, The Battle for Middle-earth, The Orange Box, TMPGEnc DVD Author, TuneUp 2007, 2008 and 2009, Winamp, The Sims 3, Spore, Mirrors Edge, GTA IV, FIFA 2008 and 2009, and Pro Evolution Soccer 2009.
The trojan also blocks access to popular file scanning websites like Jotti and Virus Total by adding bogus entries for their domains to the Windows "hosts" file.
The hosts file can be used to specify manual DNS overrides and is abused by many malware programs, commonly known as DNS hijackers.
The second threat installed by fake keygen has a backdoor component which allows remote attackers to execute commands on the infected computer. It also comes with a keylogger that records all keystrokes.
Of course, bundling malware with warez or legit programs is not a new practice. However, it is one that's increasingly being used to infect platforms other than Windows, like Mac or Android.
This particular incident stands to show that even when searching for malware protection, users can stumble across malicious programs. People who can't afford paying for a commercial anti-virus product, should opt for one of the free solutions, as they have come a long way in recent years in terms of the protection they offer.
Find us on Google+
