Feb 10, 2011 07:37 GMT  ·  By

Serial key generators carrying trojans have made it to the number two spot in BitDefender's malware detection statistics for January, suggesting that this infection vector was aggressively used last month.

Trojan.Crack.I accounted for 5.82% of all detections seen by BitDefender last month and was only surpassed by a generic signature for AutoRun malware.

"This application is a keygen, a binary file designed to defeat the commercial protection of shareware software products by generating false registration keys. "Its emergence on the second place is an indicator of the fact that the worldwide software landscape is affected by piracy and the subsequent threats posed by this practice," the BitDefender security researchers write.

The keygen appears harmless, but it actually has trojan attached which steals registration information for other applications and games installed on the systems.

Threfore, users looking to use a commercial product without paying might end up becoming a victim of piracy themselves if they also have legitimate software installed on their computers.

This infection vector was observed by other antivirus vendors as well. In mid-January Kaspersky Lab warned of a Kaspersky Anti-Virus keygen exhibiting this exact behavior.

It also pointed out that the trojan blocks access to online file scanning services like Virus Total and Jotti.

The leading detection for January, Trojan.AutorunINF.Gen with 7.40% and the number three in the top, Win32.Worm.Downadup.Gen (Conficker) with 5.78%, suggest that AutoRun malware is very active on the threat landscape.

The fourth place was claimed by a piece of adware called Hotbar, which accounted for 4.26% of all detections, while Java-based trojans came in fifth with a 3.56% detection rate.

The rest of the top was filled by two variants of the Sality file infector, another Hotbar version, Windows LNK exploits and a Conficker-related piece of malware.