Malwarebiter is fakeAV, warns MalwareBytes

Malwarebytes , an anti-malware company and product, has issued a warning that the product referred to as Malwarebiter “is actually fake Anti-Malware software that detects legitimate files as malware (i.e. False Positives) and fails to detect any real malware.” Furthermore, the malwarebiter (dot) com website delivers the “Zeus Trojan malware via a Java or PDF drive-by exploit.”

Malwarebytes plans to publish a more detailed report later this week. Meanwhile, however, if Malwarebytes is right, Malwarebiter is a significant threat. Firstly, Malwarebytes claims that only 6 out of 46 other AV products detected malwarebiter as malware in step with VirusTotal . This in itself is simply not necessarily worrying since all it means is that other AV engines don’t yet have a signature for the malware – it doesn’t mean that the AV’s other heuristic and behavioral detection won’t detect it (note that Malwarebytes itself is a primarily heuristic detection system). Having submitted the fakeAV to VirusTotal, the sample will now were circulated to the alternative AV companies who will undoubtedly be certain that their products detect and mitigate this malware.

What is more worrying, again assuming that Malwarebytes is right, is that on the time of scripting this report, Google Search returns the malwarebiter website with out warning, while ‘Norton Safe Web has analyzed malwarebiter.com for security and safety problems,’ and located no issues. In step with Norton, malwarebiter.com contains no threats, no viruses, no drive-by downloads – in reality no security risks in any respect.

Does this mean that the Java and PDF exploits mentioned by Malwarebytes are new, unknown zero-day exploits, or delivered in a brand new and undetectable manner – or have simply been removed following the Malwarebytes alert We’ll must look forward to the whole Malwarebytes report later this week to determine. Or does it mean, as Luis Corrons the technical director at PandaLabs told Infosecurity, maybe this is a false positive from Malwarebytes. “One of my guys just checked that website,” he said, “and it truly is clean, no Zeus or any variety of malware.”

Meanwhile, the Malwarebiter software does trigger alarms with other AV products. 24 out of 46 AV products now detect it. David Harley, a senior research fellow at ESET, told Infosecurity that ESET detects MalwareBiterAnti-MalwareSetup.exe as Win32/Adware.DisableSpyware. He points to the Malwarebiter FAQ that means the user turn off other AV products in the event that they warn to not install Malwarebiter. “That’s a classic ‘support’ issue,” said Harley. “Fake security sites sometimes spend serious resources on seeking to play down alerts from real security programs.” He also noted, “the ‘100% free’ product requires $24 for registration to get an unlock code.”

The plot thickens.

Virus Aware